| 1 Dec 2022 |
 @ask-yourself:matrix.org | In reply to @zhaofeng:zhaofeng.li
Interesting, and it says something like sudo: command not found? This is the output for both commands:
.dotfiles on main [!+] λ colmena apply-local --sudo
thread 'main' panicked at 'Failed to run sudo to escalate privileges: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/command/apply_local.rs:162:10
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
.dotfiles on main [!+] ⊥ colmena apply-local
[WARN ] Colmena was not started by root. This is probably not going to work.
[WARN ] Hint: Add the --sudo flag.
warning: Git tree '/home/isaac/.dotfiles' is dirty
[INFO ] Using flake: git+file:///home/isaac/.dotfiles
warning: Git tree '/home/isaac/.dotfiles' is dirty
warning: Git tree '/home/isaac/.dotfiles' is dirty
🕔 7s 2 succeeded
desktop ✅ 6s Evaluated desktop
❌ 7s Failed: Child process exited with error code: 1
desktop ✅ 6s Evaluated desktop
desktop ✅ 0s Built "/nix/store/pm7h842lz8c1jwx3crwj1hmwxn9hphr5-nixos-system-desktop-23.05pre-git"
desktop ✅ 0s Pushed system closure
desktop ❌ 0s Activation failed: Child process exited with error code: 1
[ERROR] Failed to deploy to desktop - Last 3 lines of logs:
[ERROR] created)
[ERROR] state) Running
[ERROR] failure) Child process exited with error code: 1
[ERROR] Failed to complete requested operation - Last 1 lines of logs:
[ERROR] failure) Child process exited with error code: 1
[ERROR] -----
[ERROR] Operation failed with error: Child process exited with error code: 1
| 19:23:20 |
| @ask-yourself:matrix.org | In reply to @zhaofeng:zhaofeng.li
Just confirming, is the deployment.privilegeEscalationCommand set inside the host config? If it's outside, you may have inadvertently created a deployment node instead I think so, if you wanna see where I've set it up in full context, it's here: https://gitlab.com/IsaacBrown92/dotfiles/-/blob/main/nixos/desktop/security.nix | 19:27:30 |
 Zhaofeng Li | In reply to @ask-yourself:matrix.org
This is the output for both commands:
.dotfiles on main [!+] λ colmena apply-local --sudo
thread 'main' panicked at 'Failed to run sudo to escalate privileges: Os { code: 2, kind: NotFound, message: "No such file or directory" }', src/command/apply_local.rs:162:10
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
.dotfiles on main [!+] ⊥ colmena apply-local
[WARN ] Colmena was not started by root. This is probably not going to work.
[WARN ] Hint: Add the --sudo flag.
warning: Git tree '/home/isaac/.dotfiles' is dirty
[INFO ] Using flake: git+file:///home/isaac/.dotfiles
warning: Git tree '/home/isaac/.dotfiles' is dirty
warning: Git tree '/home/isaac/.dotfiles' is dirty
🕔 7s 2 succeeded
desktop ✅ 6s Evaluated desktop
❌ 7s Failed: Child process exited with error code: 1
desktop ✅ 6s Evaluated desktop
desktop ✅ 0s Built "/nix/store/pm7h842lz8c1jwx3crwj1hmwxn9hphr5-nixos-system-desktop-23.05pre-git"
desktop ✅ 0s Pushed system closure
desktop ❌ 0s Activation failed: Child process exited with error code: 1
[ERROR] Failed to deploy to desktop - Last 3 lines of logs:
[ERROR] created)
[ERROR] state) Running
[ERROR] failure) Child process exited with error code: 1
[ERROR] Failed to complete requested operation - Last 1 lines of logs:
[ERROR] failure) Child process exited with error code: 1
[ERROR] -----
[ERROR] Operation failed with error: Child process exited with error code: 1
Aha, you are using 0.3. Then you need --sudo-command=doas instead of deployment.privilegeEscalationCommand. 0.3 escalates privileges in apply-local eagerly at the beginning before evaluation. | 19:43:42 |
| Zhaofeng Li | In the main development branch, it was changed to only escalate during activation using the configured privilege escalation command. | 19:44:22 |
| @ask-yourself:matrix.org | Oh, how can I be on the current version? | 19:47:49 |
| Zhaofeng Li | You can use the flake of the unreleased version as mentioned here: https://colmena.cli.rs/unstable/tutorial/flakes.html | 19:49:03 |
| @ask-yourself:matrix.org | Oh, so deployment.privilegeEscalationCommand is an unreleased feature? | 19:52:08 |
| Zhaofeng Li | It's used for the normal apply but for apply-local it's unreleased | 19:52:54 |
| @ask-yourself:matrix.org | Ahhh. | 19:53:42 |
| @ask-yourself:matrix.org | Ok I see. | 19:53:44 |
| @ask-yourself:matrix.org | Thank you very much. | 19:53:47 |
| @ask-yourself:matrix.org | Sry spoke too soon. That actually does not seem to resolve the issue:
.dotfiles on main [!] λ colmena apply-local --sudo-command=doas
[WARN ] Colmena was not started by root. This is probably not going to work.
[WARN ] Hint: Add the --sudo flag.
warning: Git tree '/home/isaac/.dotfiles' is dirty
[INFO ] Using flake: git+file:///home/isaac/.dotfiles
warning: Git tree '/home/isaac/.dotfiles' is dirty
warning: Git tree '/home/isaac/.dotfiles' is dirty
🕕 7s 2 succeeded
desktop ✅ 6s Evaluated desktop
❌ 7s Failed: Child process exited with error code: 1
desktop ✅ 6s Evaluated desktop
desktop ✅ 0s Built "/nix/store/7xj0j1acvhf7avnkkc746nc04a920qri-nixos-system-desktop-23.05pre-git"
desktop ✅ 0s Pushed system closure
desktop ❌ 0s Activation failed: Child process exited with error code: 1
[ERROR] Failed to complete requested operation - Last 1 lines of logs:
[ERROR] failure) Child process exited with error code: 1
[ERROR] Failed to deploy to desktop - Last 3 lines of logs:
[ERROR] created)
[ERROR] state) Running
[ERROR] failure) Child process exited with error code: 1
[ERROR] -----
[ERROR] Operation failed with error: Child process exited with error code: 1
| 19:56:08 |
| Zhaofeng Li | Oops, you need both --sudo and --sudo-command=doas | 20:43:24 |
| @ask-yourself:matrix.org | It still seems to complain in the same way:
.dotfiles on main [!+] λ colmena apply-local --sudo --sudo-command=doas
error: getting the HEAD of the Git tree '/home/isaac/.dotfiles' failed with exit code 1:
error: executing 'git': No such file or directory
(use '--show-trace' to show detailed location information)
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: ChildFailure { exit_code: 1 }', src/command/apply_local.rs:95:55
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
| 20:46:55 |
| Zhaofeng Li | Yeah, because the whole deployment process is relaunched as root and Nix depends on git in the PATH for flakes, you would need to add it to the global (or root's) environment. | 20:48:07 |
| @ask-yourself:matrix.org | Don't I do that with keepEnv? | 20:48:46 |
| @ask-yourself:matrix.org | {user, ...}: {
# deployment.privilegeEscalationCommand = ["doas"];
security = {
doas = {
enable = true;
extraRules = [
{
keepEnv = true;
noPass = true;
users = ["${user}"];
}
];
};
sudo.enable = true ;
};
}
| 20:48:51 |
| Zhaofeng Li | Does doas git work? | 20:49:51 |
| @ask-yourself:matrix.org | Yup. | 20:50:02 |
| Zhaofeng Li | Hmm, this is very weird indeed. | 20:52:00 |
| Zhaofeng Li | And the weirdness is part of the reason I changed it to only escalate during activation. Permissions can also be easily messed up if you interact with the flake as another user. | 20:52:18 |
| @ask-yourself:matrix.org | I can deinitely switch to unstable. | 20:52:58 |
