I'm getting Failed to upload keys: I/O Error: No such file or directory (os error 2) when I try to upload keys. The key block is:

          deployment = {
            keys."myservice.secret" = {
              keyFile = /full/path/to/secrets/myservice.secret;
              uploadAt = "pre-activation";
            };
          };

Am I doing something obviously stupid? File is in the ./secrets dir by the flake, and owned by the same user

In reply to @zhaofeng:zhaofeng.li
Yeah, on non-NixOS hosts the Nix binaries aren't in the PATH set up by sshd/pam. It's a long-standing issue: https://github.com/NixOS/nix/issues/1078

Hi! I'm new to NixOS, but want to try out Colmena as a means to set up some computers in my home. One of them is a Microsoft Surface Pro 3, which needs <nixos-hardware/microsoft/surface-pro/3> to function properly. However, I'm struggling to use that with Colmena.

What I have now is something like this:

flake.nix
machines

• surface-configuration.nix
• surface-hardware-configuration.nix

In flake.nix:

inputs = { nixpkg.s.url = ... };

In reply to @sivertism:matrix.org

Hi! I'm new to NixOS, but want to try out Colmena as a means to set up some computers in my home. One of them is a Microsoft Surface Pro 3, which needs <nixos-hardware/microsoft/surface-pro/3> to function properly. However, I'm struggling to use that with Colmena.

What I have now is something like this:

flake.nix
machines

• surface-configuration.nix
• surface-hardware-configuration.nix

In flake.nix:

inputs = { nixpkg.s.url = ... };

Hi! I'm new to NixOS, but want to try out Colmena as a means to set up some computers in my home. One of them is a Microsoft Surface Pro 3, which needs <nixos-hardware/microsoft/surface-pro/3> to function properly. However, I'm struggling to use that with Colmena.

What I have now is something like this:

flake.nix
machines

• surface-configuration.nix
• surface-hardware-configuration.nix

In flake.nix:

inputs = { nixpkg.s.url = ... };
outputs = {nixpkgs, ...} : {
  colmena = {
    meta = // default from examples
    
  surface = {name, nodes, pkgs, ... } : {
    deployment = { targetHost = name; targetUser="nixos"; };
    networking.hostName = name;
    imports = [
      <nixos-hardware/microsoft/surface-pro/3>
      ./machines/surface-configuration.nix
    ]
  };
};

And machines/surface-configuration.nix is the /etc/nixos/configuration.nix file copied from the surface after a fresh install. It, in turn, imports machines/surface-hardware-configuration.nix, which I've also left as default.

Hi! I'm new to NixOS, but want to try out Colmena as a means to set up some computers in my home. One of them is a Microsoft Surface Pro 3, which needs <nixos-hardware/microsoft/surface-pro/3> to function properly. However, I'm struggling to use that with Colmena.

What I have now is something like this:

flake.nix
machines

• surface-configuration.nix
• surface-hardware-configuration.nix

In flake.nix:

inputs = { nixpkg.s.url = ... };
outputs = {nixpkgs, ...} : {
  colmena = {
    meta = // default from examples
    
  surface = {name, nodes, pkgs, ... } : {
    deployment = { targetHost = name; targetUser="nixos"; };
    networking.hostName = name;
    imports = [
      <nixos-hardware/microsoft/surface-pro/3>
      ./machines/surface-configuration.nix
    ]
  };
};

And machines/surface-configuration.nix is the /etc/nixos/configuration.nix file copied from the surface after a fresh install. It, in turn, imports machines/surface-hardware-configuration.nix, which I've also left as default.

From this, I first get an error error: cannot look up '<nixos-hardware/microsoft/surface-pro/3>' in pure evaluation mode (use '--impure' to override), so I use --impure, but then get error: file 'nixos-hardware/microsoft/surface-pro/3' was not found in the Nix search path (add it using $NIX_PATH or -I. I should probably add it the proper way with a url to nixos-hardware as shown in the nixos-hardware section on flakes, but I'm not sure where to stick in those modules ref: (nixos-hardware#flakes)[https://github.com/NixOS/nixos-hardware#using-nix-flakes-support].

Does anyone know how I should proceed?

In reply to @sivertism:matrix.org

Hi! I'm new to NixOS, but want to try out Colmena as a means to set up some computers in my home. One of them is a Microsoft Surface Pro 3, which needs <nixos-hardware/microsoft/surface-pro/3> to function properly. However, I'm struggling to use that with Colmena.

What I have now is something like this:

flake.nix
machines

• surface-configuration.nix
• surface-hardware-configuration.nix

In flake.nix:

inputs = { nixpkg.s.url = ... };

hit enter too soon... hold on

Done :)

Hi! I'm new to NixOS, but want to try out Colmena as a means to set up some computers in my home. One of them is a Microsoft Surface Pro 3, which needs <nixos-hardware/microsoft/surface-pro/3> to function properly. However, I'm struggling to use that with Colmena.

What I have now is something like this:

flake.nix
machines
    /surface-configuration.nix
    /surface-hardware-configuration.nix

In flake.nix:

inputs = { nixpkg.s.url = ... };
outputs = {nixpkgs, ...} : {
  colmena = {
    meta = // default from examples
    
  surface = {name, nodes, pkgs, ... } : {
    deployment = { targetHost = name; targetUser="nixos"; };
    networking.hostName = name;
    imports = [
      <nixos-hardware/microsoft/surface-pro/3>
      ./machines/surface-configuration.nix
    ]
  };
};

And machines/surface-configuration.nix is the /etc/nixos/configuration.nix file copied from the surface after a fresh install. It, in turn, imports machines/surface-hardware-configuration.nix, which I've also left as default.

From this, I first get an error error: cannot look up '<nixos-hardware/microsoft/surface-pro/3>' in pure evaluation mode (use '--impure' to override), so I use --impure, but then get error: file 'nixos-hardware/microsoft/surface-pro/3' was not found in the Nix search path (add it using $NIX_PATH or -I. I should probably add it the proper way with a url to nixos-hardware as shown in the nixos-hardware section on flakes, but I'm not sure where to stick in those modules ref: (nixos-hardware#flakes)[https://github.com/NixOS/nixos-hardware#using-nix-flakes-support].

Does anyone know how I should proceed?

In reply to @sivertism:matrix.org

Hi! I'm new to NixOS, but want to try out Colmena as a means to set up some computers in my home. One of them is a Microsoft Surface Pro 3, which needs <nixos-hardware/microsoft/surface-pro/3> to function properly. However, I'm struggling to use that with Colmena.

What I have now is something like this:

flake.nix
machines
    /surface-configuration.nix
    /surface-hardware-configuration.nix

In flake.nix:

inputs = { nixpkg.s.url = ... };
outputs = {nixpkgs, ...} : {
  colmena = {
    meta = // default from examples
    
  surface = {name, nodes, pkgs, ... } : {
    deployment = { targetHost = name; targetUser="nixos"; };
    networking.hostName = name;
    imports = [
      <nixos-hardware/microsoft/surface-pro/3>
      ./machines/surface-configuration.nix
    ]
  };
};

And machines/surface-configuration.nix is the /etc/nixos/configuration.nix file copied from the surface after a fresh install. It, in turn, imports machines/surface-hardware-configuration.nix, which I've also left as default.

From this, I first get an error error: cannot look up '<nixos-hardware/microsoft/surface-pro/3>' in pure evaluation mode (use '--impure' to override), so I use --impure, but then get error: file 'nixos-hardware/microsoft/surface-pro/3' was not found in the Nix search path (add it using $NIX_PATH or -I. I should probably add it the proper way with a url to nixos-hardware as shown in the nixos-hardware section on flakes, but I'm not sure where to stick in those modules ref: (nixos-hardware#flakes)[https://github.com/NixOS/nixos-hardware#using-nix-flakes-support].

Does anyone know how I should proceed?

In reply to @sivertism:matrix.org

Hi! I'm new to NixOS, but want to try out Colmena as a means to set up some computers in my home. One of them is a Microsoft Surface Pro 3, which needs <nixos-hardware/microsoft/surface-pro/3> to function properly. However, I'm struggling to use that with Colmena.

What I have now is something like this:

flake.nix
machines
    /surface-configuration.nix
    /surface-hardware-configuration.nix

In flake.nix:

inputs = { nixpkg.s.url = ... };
outputs = {nixpkgs, ...} : {
  colmena = {
    meta = // default from examples
    
  surface = {name, nodes, pkgs, ... } : {
    deployment = { targetHost = name; targetUser="nixos"; };
    networking.hostName = name;
    imports = [
      <nixos-hardware/microsoft/surface-pro/3>
      ./machines/surface-configuration.nix
    ]
  };
};

And machines/surface-configuration.nix is the /etc/nixos/configuration.nix file copied from the surface after a fresh install. It, in turn, imports machines/surface-hardware-configuration.nix, which I've also left as default.

From this, I first get an error error: cannot look up '<nixos-hardware/microsoft/surface-pro/3>' in pure evaluation mode (use '--impure' to override), so I use --impure, but then get error: file 'nixos-hardware/microsoft/surface-pro/3' was not found in the Nix search path (add it using $NIX_PATH or -I. I should probably add it the proper way with a url to nixos-hardware as shown in the nixos-hardware section on flakes, but I'm not sure where to stick in those modules ref: (nixos-hardware#flakes)[https://github.com/NixOS/nixos-hardware#using-nix-flakes-support].

Does anyone know how I should proceed?

I wouldn’t use the impure mode here. The syntax with brackets is not what you want with flakes. You will need to add nixos-hardware as a flake input instead.

If that doesn’t make sense I can give a more complete example when I’m back at my computer. 

I was eventually able to create a flake wrapper around my existing config, which seems to work. At least nix build .#nixosConfigurations.surface.config.system.build.toplevel succeeds.

So I think it's now just about importing that into the Colmena flake? I've tried a few variations of the below colmena flake, but to no avail.

{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    surface.url = "/home/sivert/work/nixos-surface";
  };
 
  outputs = {nixpkgs, surface, ...}: {
    colmena = {
      meta = {
          nixpkgs = import nixpkgs {
            system = "x86_64-linux";
          };
      };
 
      surface = { name, ...}: {
 
        deployment = {
          targetHost = "surface";
          targetUser = "nixos";
        };
        
        networking.hostName = "surface";
 
        imports = [
          surface #.nixosConfigurations.surface.config.system.build.toplevel
          ];
      };
    };
  };
}

Turn's out the answer was (yet again) in ibizaman 's blog! https://blog.tiserbox.com/posts/2023-11-08-switch-to-colmena-for-local-deploys.html

Just had to remove the flake wrapper and set up the colmena flake like this:

{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
  };

  outputs = inputs@{nixpkgs, nixos-hardware, ...}: {
    colmena = {
      meta = {
          nixpkgs = import inputs.nixpkgs {
            system = "x86_64-linux";
          };
          specialArgs=inputs;
      };

      surface = { name, ...}: {

        deployment = {
          targetHost = "surface";
          targetUser = "nixos";
        };

        networking.hostName = "surface";

        imports = [
          inputs.nixos-hardware.nixosModules.microsoft-surface-pro-3
          ./machines/surface/configuration.nix
          ];
      };
    };
  };
}

Now I'm running into some security error though (see the above screenshot)

Turn's out the answer was (yet again) in ibizaman 's blog! https://blog.tiserbox.com/posts/2023-11-08-switch-to-colmena-for-local-deploys.html

Just had to remove the flake wrapper and set up the colmena flake like this:

{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
  };

  outputs = inputs@{nixpkgs, nixos-hardware, ...}: {
    colmena = {
      meta = {
          nixpkgs = import inputs.nixpkgs {
            system = "x86_64-linux";
          };
          specialArgs=inputs;
      };

      surface = { name, ...}: {

        deployment = {
          targetHost = "surface";
          targetUser = "nixos";
        };

        networking.hostName = "surface";

        imports = [
          inputs.nixos-hardware.nixosModules.microsoft-surface-pro-3
          ./machines/surface/configuration.nix
          ];
      };
    };
  };
}

Now I'm running into some security error though (see the above screenshot)
[ERROR] stderr) error: cannot add path '/nix/store/00yiiplzcqzmqaw10cghbxlb4l4xibc0-i3lock-color.pam' because it lacks a signature by a trusted key

Sivert the following is what I understand but I’m not confident in my understanding of this. I think the trusted issue is due to the user used to deploy not being root. It falls after having copied the nix derivations to the target machine when it tries to add them to the nix store. The fix should be adding that user nixos  to the nix.settings.trusted-users option.

That being said, it never worked the first time for me. I think for it to work you must first deploy a change with just the trusted-user change and then you can deploy the rest.  

Sivert the following is what I understand but I’m not confident in my understanding of this. I think the trusted issue is due to the user used to deploy not being root. It fails after having copied the nix derivations to the target machine when it tries to add them to the nix store. The fix should be adding that user nixos  to the nix.settings.trusted-users option.

That being said, it never worked the first time for me. I think for it to work you must first deploy a change with just the trusted-user change and then you can deploy the rest.  

In reply to @sivertism:matrix.org
So if this works on the surface, I've got all three computers deployed from Colmena. Very cool stuff!

meh, new errror. This one feels like it's got more to do with nixos-hardware than Colmena. Seems like the Colmena side of things is working fine though.

[nix-shell:~/nixos-home]$ colmena apply --on surface
[INFO ] Using flake: git+file:///home/nixos/nixos-home
[INFO ] Enumerating nodes...
[INFO ] Selected 1 out of 3 hosts.
        ❌ 14s Failed: Child process exited with error code: 1
surface ✅ 10s Evaluated surface
surface ✅ 0s Built "/nix/store/s9mlmd8b6lxy2b5m5wwy099d924y5s0w-nixos-system-surface-24.05pre-git"
surface ✅ 2s Pushed system closure
surface ❌ 0s Activation failed: Child process exited with error code: 1
[ERROR] Failed to deploy to surface - Last 15 lines of logs:
[ERROR]  created)
[ERROR]    state) Running
[ERROR]   stderr)
[ERROR]   stderr) We trust you have received the usual lecture from the local System
[ERROR]   stderr) Administrator. It usually boils down to these three things:
[ERROR]   stderr)
[ERROR]   stderr)     #1) Respect the privacy of others.
[ERROR]   stderr)     #2) Think before you type.
[ERROR]   stderr)     #3) With great power comes great responsibility.
[ERROR]   stderr)
[ERROR]   stderr) For security reasons, the password you type will not be visible.
[ERROR]   stderr)
[ERROR]   stderr) sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
[ERROR]   stderr) sudo: a password is required
[ERROR]  failure) Child process exited with error code: 1
[ERROR] Failed to complete requested operation - Last 1 lines of logs:
[ERROR]  failure) Child process exited with error code: 1
[ERROR] -----
[ERROR] Operation failed with error: Child process exited with error code: 1
Hint: Backtrace available - Use `RUST_BACKTRACE=1` environment variable to display a backtrace