| 2 Dec 2022 |
 @linus:schreibt.jetzt | if you deploy as root, you won't have this problem | 13:52:31 |
| @linus:schreibt.jetzt | as is, you either need to make sure the machine you build on signs its paths (I wrote a little nixos module that does that https://github.com/NixOS/nix/issues/3023#issuecomment-781131502) and that the targets trust the key | 13:53:44 |
| @linus:schreibt.jetzt | or add your deploy user to trusted-users, which is root-equivalent access | 13:54:03 |
| @linus:schreibt.jetzt | Why don't you just deploy as root? | 13:54:26 |
 @ask-yourself:matrix.org | Thank you! | 14:00:02 |
| @ask-yourself:matrix.org | Yeah I accidentally removed this line while refactoring: trustedUsers = ["${user}"]; | 14:00:19 |
| @ask-yourself:matrix.org | What does it mean for a path to be untrusted? | 14:00:44 |
| @ask-yourself:matrix.org | * Thank you! Works now. | 14:01:03 |
| @linus:schreibt.jetzt | In reply to @linus:schreibt.jetzt
That means the path isn't signed by a key listed in trusted-public-keys ^ this | 14:01:06 |
| @ask-yourself:matrix.org | Right ok. | 14:01:21 |
| @linus:schreibt.jetzt | oh right, there are two more ways I can think of for a path to be trusted: being built locally, or being content-addressed (like the output of a fixed-output derivation) | 14:02:13 |
| @ask-yourself:matrix.org | The last is a bit over my head, but ok noted. | 14:10:16 |
| @linus:schreibt.jetzt | That usually means that a file with a known hash was downloaded and verified to match the hash | 14:10:48 |
| @ask-yourself:matrix.org | Ohhhh. | 14:11:06 |
| @ask-yourself:matrix.org | Ok I see. | 14:11:10 |
| @ask-yourself:matrix.org | Yeah I've really gotta learn how all this stuff works, I currently don't know how the store works really. Gonna do a big doc-read sometime soon.. | 14:11:39 |
| 3 Dec 2022 |
|  @hanemile:matrix.org changed their profile picture. | 22:48:13 |
| 4 Dec 2022 |
|  @happyalu:matrix.org joined the room. | 08:21:53 |
 Reventlov | Hey | 09:25:28 |
| Reventlov | So i'm trying to deploy a system on a node that has no internet access, and i'm getting weird errors from colmena : https://0x0.st/okwD.txt | 09:26:33 |
| Reventlov | there is no problem with the build, but as soon as I deploy, it tries to communicate with cache.nixos.org… I was under the impression that only my local machine was used for the build and that remote machines didn't need internet access unless I wanted to build on them, am i mistaken ? | 09:27:45 |
| @hanemile:matrix.org changed their profile picture. | 11:13:41 |
| Reventlov | (seems it was --no-substitutes I was searching for) | 14:02:40 |
|  @schnecfk:ruhr-uni-bochum.de changed their display name from CRTified to CRTified (old handle). | 14:19:48 |
| 5 Dec 2022 |
|  luxus joined the room. | 01:22:47 |
| 6 Dec 2022 |
| @schnecfk:ruhr-uni-bochum.de changed their profile picture. | 14:11:31 |
| 10 Dec 2022 |
 @blaggacao:matrix.org | Just to confirm, currently, we don't have darwin support from colmena (yet), right? | 16:22:46 |
 Winter (she/her) | In reply to @blaggacao:matrix.org
Just to confirm, currently, we don't have darwin support from colmena (yet), right? correct -- i've been thinking of implementing it, and may do so in the coming weeks, though | 16:33:30 |
| @blaggacao:matrix.org | I assume that the self.colmenaHive contract would be maintained and based on the detected system, the profile activation code might branch off and maybe some other code path leaves that currently strongly assume a linux environment. Based on that we'll get a bit of a picture of what's necessary to abstract profile activation in the code path and come up with an interface similar to deploy-rs (but hopefully better specified). | 16:42:06 |
| 11 Dec 2022 |
 roshan | byteio.in 🌷 | 
Download image.png | 06:51:22 |
