| 3 May 2023 |
 hexa | I use a ControlMaster socket for ssh | 13:38:31 |
| hexa | and when I am already logged into the host I | 13:38:48 |
| hexa | * and when I am already logged into the host I'm deploying to, colmena gets stuck at "Pushing system closure" and "Activation system profiile" | 13:39:18 |
| hexa | * and when I am already logged into the host I'm deploying to, colmena gets stuck at "Pushing system closure" and "Activation system profile" | 13:39:20 |
| hexa | feels like it wants to disconnect/reconnect the ssh connection multiple times | 13:43:17 |
 Wanja Hentze | I've seen colmena hang forever at pushing when using proxyjumps | 14:05:10 |
| Wanja Hentze | seemed to happen only sporadically and only when using ssh-ng | 14:05:25 |
| Wanja Hentze | does your problem happen *always* or just once in a while? | 14:05:49 |
| hexa | it is highly reproducible | 14:33:42 |
| hexa | iterated on a module, so I did 10+ deploys in a row | 14:33:56 |
| hexa | got stuck every time I was logged in, tailing the journal | 14:34:06 |
 emily | do you have a lot of deployment keys? jumphost? | 14:34:30 |
| hexa | no jumphosts, strict key matching | 14:34:52 |
| emily | sshd logs? do you use a lot of deployment keys that need to be uploaded each apply? (--no-keys maybe?) | 14:36:33 |
| hexa | I don't use pre-activation keys | 14:39:56 |
 oddlama | I've also been using control sockets, and I always keep a connection to the target open in the background before running colmena. But I don't have these issues. | 15:36:52 |
| oddlama | I remember running into something like that once or twice though, but since it never occurred again I attributed it to a fluke | 15:37:17 |
 @linus:schreibt.jetzt | hexa: connection limit? I have
extraConfig = ''
Match All
MaxSessions 100
'';
on my services.openssh
| 15:37:56 |
| @linus:schreibt.jetzt | * hexa: session limit? I have
extraConfig = ''
Match All
MaxSessions 100
'';
on my services.openssh
| 15:38:03 |
| hexa | nop | 16:22:57 |
| 4 May 2023 |
|  treed joined the room. | 07:08:04 |
| 5 May 2023 |
|  @philipp:woelfel.ca joined the room. | 23:38:17 |
| 14 May 2023 |
|  @julian:nekover.se joined the room. | 23:20:58 |
| 16 May 2023 |
|  David A. Buser (boozedog) joined the room. | 11:37:46 |
| 18 May 2023 |
|  ibizaman joined the room. | 06:48:01 |
| ibizaman | Hi all. I wanted to support this great tool and I wrote a blog post which covers deploying to a Raspberry PI (really, any supported ARM device) using colmena. http://ibizaman.github.io/posts/2023-05-12-install-nixos-on-a-raspberry-pi.html All feedback is appreciated. | 06:51:32 |
|  @yuri:nekover.se joined the room. | 19:31:49 |
| @yuri:nekover.se | hi, I'm new to Nix and want to use Colmena to setup a remote host. This works fine, but what I don't understand is when I specify a user with "targetUser" in the "deployment" set who is member of the wheel group and "security.sudo.wheelNeedsPassword" is set to "false", I still need to add the user to "nix.settings.trusted-users" for it to work.
Otherwise I get the error
[ERROR] stderr) error: cannot add path '/nix/store/6nh78ndmjdqg19ni7gmngp3cpjsf9ykm-system-path' because it lacks a valid signature
when running "colmena apply".
Does anyone know why that is?
| 21:25:54 |
 Zhaofeng Li | It's because it copies the closure with nix-copy-closure using the targetUser | 21:52:59 |
| Zhaofeng Li | The behavior is indeed pretty counterintuitive when privilegeEscalationCommand is a thing but isn't used at that stage | 21:53:56 |
