!UKDpaKNNsBpOPfLWfX:zhaofeng.li

Colmena

262 Members
A simple, stateless NixOS deployment tool - https://github.com/zhaofengli/colmena91 Servers

Load older messages

SenderMessageTime
5 Jan 2022
@necrophcodr:matrix.orgnecrophcodr

And from flake.lock

    "colmena": {
      "inputs": {
        "flake-compat": "flake-compat",
        "nixpkgs": "nixpkgs",
        "utils": "utils"
      },
      "locked": {
        "lastModified": 1630033162,
        "narHash": "sha256-1Vh0d2t2aSfvEXx1iQ1TRNpFfncTE3G+T0Co+dRppBo=",
        "owner": "zhaofengli",
        "repo": "colmena",
        "rev": "37b43cd6d7f924e6eb7eaa7b17852d813cf96c31",
        "type": "github"
      },
      "original": {
        "owner": "zhaofengli",
        "repo": "colmena",
        "type": "github"
      }
21:51:31
@necrophcodr:matrix.orgnecrophcodr But hey, if it worked back then accidentally and doesn't now because I wasn't doing this correctly, that is 100% on me and I can at least do things right now :D 21:52:10
@necrophcodr:matrix.orgnecrophcodrSo thank you!21:52:15
@buckley310:matrix.orgBuckleySo I'm curious. In my setup my servers all exist inside of my flake outputs.nixosConfigurations, and my outputs.colmena is just a stub that consumes nixosConfigurations and emits a colmena configuration. Is anyone else doing it this way, or just me? I really like the portability of keeping my hosts in nixosConfigurations23:27:16
@buckley310:matrix.orgBuckley

the stub:

colmena =
    { meta.nixpkgs = nixpkgs.legacyPackages."x86_64-linux"; } //
    builtins.mapAttrs
      (name: value: {
        nixpkgs.system = value.config.nixpkgs.system;
        imports = value.extraArgs.modules ++ [
          ({ config, ... }: { inherit (config.sconfig) deployment; })
        ];
      })
      (nixosConfigurations);
23:29:18
6 Jan 2022
@adis:blad.isadisbladis joined the room.05:29:17
@necrophcodr:matrix.orgnecrophcodr
In reply to @buckley310:matrix.org
So I'm curious. In my setup my servers all exist inside of my flake outputs.nixosConfigurations, and my outputs.colmena is just a stub that consumes nixosConfigurations and emits a colmena configuration. Is anyone else doing it this way, or just me? I really like the portability of keeping my hosts in nixosConfigurations
Oh this is exactly what I was just looking for today actually! 		12:55:04
@necrophcodr:matrix.orgnecrophcodr
In reply to @buckley310:matrix.org

the stub:

colmena =
    { meta.nixpkgs = nixpkgs.legacyPackages."x86_64-linux"; } //
    builtins.mapAttrs
      (name: value: {
        nixpkgs.system = value.config.nixpkgs.system;
        imports = value.extraArgs.modules ++ [
          ({ config, ... }: { inherit (config.sconfig) deployment; })
        ];
      })
      (nixosConfigurations);
Hmm, I tried implementing this, but I'm not sure where you're getting config.sconfig from? I don't see an sconfig attribute to be fetched from there? 		13:14:17
@buckley310:matrix.orgBuckley
In reply to @necrophcodr:matrix.org
Hmm, I tried implementing this, but I'm not sure where you're getting config.sconfig from? I don't see an sconfig attribute to be fetched from there?
https://github.com/buckley310/nixos-config/blob/master/modules/deploy.nix itโ€™s my own module that just adds the deployment settings there. 		15:04:14
@necrophcodr:matrix.orgnecrophcodrAh okay that makes sense15:27:20
@buckley310:matrix.orgBuckley So, what would people think about a PR that adds a deployment.targetSshPubKey setting, which when set, would change SSH's "StrictHostKeyChecking" to "yes"? ๐Ÿค” also thoughts on the option name? 22:15:21
@buckley310:matrix.orgBuckley i have been deploying stuff with a config file that sets StrictHostKeyChecking=yes, until just now where I realized colmena was overriding my settting with accept-new ๐Ÿ˜… https://github.com/zhaofengli/colmena/blob/6401ce4c3c6300b7e2eec059aacd9a1059f28fa5/src/nix/host/ssh.rs#L209 22:17:04
@buckley310:matrix.orgBuckley or perhaps deployment.targetPublicKeys = [ "ssh-ed25519 AAAAC.....GwLfx" ]; 22:23:21
@zhaofeng:zhaofeng.liZhaofeng LiYeah, we should probably have an option like that, or have an option to configure a set of "freeform" SSH configs.23:48:53
7 Jan 2022
@buckley310:matrix.orgBuckleyYeah, Iโ€™ve basically got a flake devshell that sets up a handful of options including known hosts using $SSH_CONFIG_FILE00:02:30
@buckley310:matrix.orgBuckleyMaybe I can freshen up my rust skills and give it some time00:02:53
@necrophcodr:matrix.orgnecrophcodr
In reply to @zhaofeng:zhaofeng.li
Yeah, we should probably have an option like that, or have an option to configure a set of "freeform" SSH configs.
That would be pretty cool indeed 		21:16:20
8 Jan 2022
@buckley310:matrix.orgBuckley one possible way to pull off custom SSH options is for eval.nix to basically ocmpile an SSH config file, and pass it up to colmena. one side benefit to this would be that the username and port configurations wouldn't even need to touch the rust code at that point, they could just be yet more options in the config file. one downside of that solution though is that, as far as i know, SSH can only handle one config file, so that would kill the usefullness of $SSH_CONFIG_FILE. although there's an argument to be made at that point whether that variable is needed, if the builtin ssh config stuff is complete enough 02:28:01
@buckley310:matrix.orgBuckley * one possible way to pull off custom SSH options is for eval.nix to basically compile an SSH config file, and pass it up to colmena. one side benefit to this would be that the username and port configurations wouldn't even need to touch the rust code at that point, they could just be yet more options in the config file. one downside of that solution though is that, as far as i know, SSH can only handle one config file, so that would kill the usefullness of $SSH_CONFIG_FILE. although there's an argument to be made at that point whether that variable is needed, if the builtin ssh config stuff is complete enough 02:28:17
@buckley310:matrix.orgBuckley * one possible way to pull off custom SSH options is for eval.nix to basically compile an SSH config file, and pass it up to colmena. one side benefit to this would be that the username and port configurations wouldn't even need to touch the rust code at that point, they could just be yet more options in the config file. one downside of that solution though is that, as far as i know, SSH can only handle one config file, so that would kill $SSH_CONFIG_FILE. although there's an argument to be made at that point whether that variable is needed, if the builtin ssh config stuff is complete enough 02:28:46
@buckley310:matrix.orgBuckley * one possible way to pull off custom SSH options is for eval.nix to basically compile an SSH config file, and pass it up to colmena. one side benefit to this would be that the username and port configurations wouldn't even need to touch the rust code at that point, they could just be yet more options in the config file. one downside of that solution though is that, as far as i know, SSH can only handle one config file, so that would kill $SSH_CONFIG_FILE. although there's an argument to be made whether that variable is needed anymore, if the builtin ssh config stuff is complete enough 02:29:06
@buckley310:matrix.orgBuckley

thought experiment, what if basically all of the connection settings got merged into SSH options. get rid of deployment.targetPort, deployment.targetUser, etc, and replace it with something like this

colmena = {
  meta = {
    nixpkgs = import nixpkgs {
      system = "x86_64-linux";
    };
    ssh = {
      IdentityFile = "/home/me/.ssh/id_xyz";
    };
  };
  host-b = {
    deployment = {
      ssh.HostName = "somehost.tld";
      ssh.Port = "1234";
      ssh.User = "luser";
    };
    boot.isContainer = true;
    time.timeZone = "America/Los_Angeles";
  };
};

which would then compile this following ssh config file for colmena to just blindly pass to ssh

IdentityFile /home/me/.ssh/id_xyz

Host host-b
    HostName somehost.tld
    Port 1234
    User luser
02:37:43
@buckley310:matrix.orgBuckleythe old settings could link to the new settings with like aliases or something, and then presto, it simplifies the code, and unlocks every setting available in SSH ๐Ÿค”02:38:52
@zhaofeng:zhaofeng.liZhaofeng Li Good idea! We can add aliases, and the whole config will be generated as a string by eval.nix 02:45:12
@github:maunium.net@github:maunium.net [zhaofengli/colmena] Repo forked into buckley310/colmena 16:36:39
9 Jan 2022
@n0emis:noemis.men0emis joined the room.18:49:53
@n0emis:noemis.men0emis Hey there, is there currently an option to pass --max-jobs 0 to the nix build command or to achive something similar (e.g. don't build anything on the machine running colmena, only on the remote builders)? 18:52:40
@zhaofeng:zhaofeng.liZhaofeng LiNo, there isn't one at the moment, and a --max-jobs parameter that gets passed to all Nix commands doesn't fit well with Colmena's own job abstraction (it launches one nix-build for each node).18:59:26
@zhaofeng:zhaofeng.liZhaofeng LiThough if you don't rely on the "distributed" part of the native distributed build feature in Nix, there is a way for Colmena to initiate builds on the target nodes themselves (deployment.buildOnTarget, only available on the unstable branch at the moment)19:01:42
13 Jan 2022
@io:meat.computerio joined the room.23:03:14

Show newer messages

Back to Room ListRoom Version: 6