Colmena - Public Room Timeline

	Colmena	324 Members
	A simple, stateless NixOS deployment tool - https://github.com/zhaofengli/colmena	110 Servers

Load older messages

Sender	Message	Time
28 Nov 2022
roshan \| byteio.in 🌷	In reply to @ronixx:matrix.org sent an image. { config, pkgs, inputs, ... }: { boot.isContainer = true; deployment = { targetHost = "ip"; # x86_64-linux targetPort = 22; buildOnTarget = true; targetUser = "nix"; tags = [ "theDev" ]; # keys = { # "freshrss" = "helloworld"; # }; keys."freshrss.secret" = { # Alternatively, `text` (string) or `keyFile` (path to file) # may be specified. text = "helloworld"; # keyCommand = [ "vault" "read" "-field=env" "secret/dns01" ]; destDir = "/run/keys"; # Default: /run/keys user = "nix"; # Default: root # group = "nginx"; # Default: root permissions = "0640"; # Default: 0600 # uploadAt = "pre-activation"; # Default: pre-activation, Alternative: post-activation uploadAt = "post-activation"; }; }; ## ---------- System Packages --------- ## environment.systemPackages = [ pkgs.cowsay ]; fileSystems."/mnt/drive" = { device = "/dev/disk/by-id/scsi-0DO_Volume_volume-blr1-01"; fsType = "ext4"; }; networking.hostName = "theDev"; # Define your hostname. # security.acme.acceptTerms = true; # security.acme.email = "email@gmail.com"; # services.freshrss.enable = true; # services.freshrss.package = pkgs.freshrss; # services.freshrss.name = "god"; # services.freshrss.passwordFile = "/run/keys/freshrss.secret"; # services.freshrss.virtualHost = "freshrss"; ## ---------- Postgresql ------------ ## services = { postgresql = { enable = true; }; postgresqlBackup = { enable = true; startAt = "--* 01:15:00"; }; }; ## ---------- Netdata System Monitor ------------ ## services.netdata = { enable = false; config = { global = { "page cache size" = 32; "update every" = 15; }; }; }; ## ---------- Nginx Webserver ------------ ## services.nginx.enable = true; services.nginx.commonHttpConfig = '' limit_req_zone $binary_remote_addr zone=limitbyaddr:10m rate=5r/s; limit_req_status 429; ''; services.nginx.virtualHosts = { }; system.stateVersion = "22.05"; }	07:13:30
Zhaofeng Li	In reply to @ronixx:matrix.org sent an image. The activation appears stuck, and you can use `-v` to get the full outputs	07:15:26
roshan \| byteio.in 🌷	In reply to @ronixx:matrix.org sent an image. process get stopped at this place	07:15:28
roshan \| byteio.in 🌷	In reply to @zhaofeng:zhaofeng.li The activation appears stuck, and you can use `-v` to get the full outputs not able to ssh to. Restarting my server from panel	07:16:10
roshan \| byteio.in 🌷	[INFO ] Using flake: git+file:///mnt/drive/src/github.com/pycluster/infra [INFO ] Enumerating nodes... [INFO ] Selected 1 out of 3 hosts. theDev \| Evaluating theDev theDev \| trace: warning: The option `nix.trustedUsers' defined in `/nix/store/xsvx3qva09l2kq7zvaws5gvbyzchm0si-source/common/users' has been renamed to `nix.settings.trusted-users'. theDev \| trace: warning: The option `nix.autoOptimiseStore' defined in `/nix/store/xsvx3qva09l2kq7zvaws5gvbyzchm0si-source/common/users' has been renamed to `nix.settings.auto-optimise-store'. theDev \| Evaluated theDev theDev \| Building theDev theDev \| copying 0 paths... theDev \| /nix/store/8yv3a6c6vs26f74m57av4i3kv9dv30y9-nixos-system-theDev-22.11pre-git theDev \| Built "/nix/store/8yv3a6c6vs26f74m57av4i3kv9dv30y9-nixos-system-theDev-22.11pre-git" on target node theDev \| No pre-activation keys to upload theDev \| Activating system profile theDev \| would stop swap device: /dev/zram0 theDev \| stopping the following units: -.mount, audit.service, digitalocean-metadata.service, do-agent.service, firewall.service, kmod-static-nodes.service, logrotate-checkconf.service, mount-pstore.service, network-local-commands.service, network-setup.service, nscd.service, reload-systemd-vconsole-setup.service, resolvconf.service, sshd.service, sys-kernel-config.mount, systemd-journald-audit.socket, systemd-modules-load.service, systemd-oomd.service, systemd-oomd.socket, systemd-sysctl.service, systemd-timesyncd.service, systemd-tmpfiles-setup-dev.service, systemd-udev-trigger.service, systemd-udevd-control.socket, systemd-udevd-kernel.socket, systemd-udevd.service, zram-init-zram0.service, zram-reloader.service theDev \| Failed to stop -.mount: Job type stop is not applicable for unit -.mount. theDev \| NOT restarting the following changed units: getty@tty1.service, serial-getty@ttyS0.service, systemd-journal-flush.service, systemd-logind.service, systemd-random-seed.service, systemd-remount-fs.service, systemd-tmpfiles-setup.service, systemd-update-utmp.service, systemd-user-sessions.service, user-runtime-dir@1000.service, user@1000.service theDev \| activating the configuration... theDev \| setting up /etc... theDev \| reviving group 'podman' with GID 994 theDev \| removing group ‘systemd-timesync’ theDev \| reviving user 'roshan' with UID 1001 theDev \| removing user ‘systemd-timesync’ theDev \| removing obsolete symlink ‘/etc/vconsole.conf’... theDev \| removing obsolete symlink ‘/etc/kbd’... theDev \| removing obsolete symlink ‘/etc/tmpfiles.d/portables.conf’... theDev \| removing obsolete symlink ‘/etc/tmpfiles.d/lvm2.conf’... theDev \| removing obsolete symlink ‘/etc/systemd/timesyncd.conf’... theDev \| removing obsolete symlink ‘/etc/modprobe.d/ubuntu.conf’... theDev \| removing obsolete symlink ‘/etc/modprobe.d/systemd.conf’... theDev \| removing obsolete symlink ‘/etc/modprobe.d/nixos.conf’... theDev \| removing obsolete symlink ‘/etc/modprobe.d/firmware.conf’... theDev \| removing obsolete symlink ‘/etc/modprobe.d/debian.conf’... theDev \| removing obsolete symlink ‘/etc/modules-load.d/nixos.conf’... theDev \| removing obsolete symlink ‘/etc/udev/hwdb.bin’... theDev \| removing obsolete symlink ‘/etc/udev/rules.d’... theDev \| restarting systemd... theDev \| reloading user units for nix... theDev \| setting up tmpfiles theDev \| reloading the following units: dbus.service theDev \| restarting the following units: dhcpcd.service, nix-daemon.service, systemd-journald.service theDev \| starting the following units: audit.service, kmod-static-nodes.service, logrotate-checkconf.service, mount-pstore.service, network-local-commands.service, nscd.service, systemd-modules-load.service, systemd-oomd.socket, systemd-sysctl.service, systemd-tmpfiles-setup-dev.service, systemd-udevd-control.socket, systemd-udevd-kernel.socket theDev \| A dependency job for local-fs.target failed. See 'journalctl -xe' for details. theDev \| Job for nscd.service canceled. theDev \| Job for basic.target canceled. theDev \| Job for sysinit.target canceled. theDev \| Job for multi-user.target canceled. theDev \| Job for network-local-commands.service canceled. theDev \| Job for logrotate-checkconf.service canceled.	07:18:13
Zhaofeng Li	In reply to @ronixx:matrix.org not able to ssh to. Restarting my server from panel From the VPS panel? Is it a container? If not, you shouldn't have `boot.isContainer = true;` there. Also you need to import your `hardware-configuration.nix`.	07:18:51
roshan \| byteio.in 🌷	Download image.png	07:19:20
roshan \| byteio.in 🌷	I have first genereated custom image for DigitalOcean with nixos-generators	07:19:47
Zhaofeng Li	In reply to @ronixx:matrix.org I have first genereated custom image for DigitalOcean with nixos-generators Then you need to import `digital-ocean-image.nix` like what nixos-generator doe	07:22:32
Zhaofeng Li	In reply to @ronixx:matrix.org I have first genereated custom image for DigitalOcean with nixos-generators * Then you need to import `digital-ocean-image.nix` like what nixos-generator does	07:22:34
roshan \| byteio.in 🌷	Download image.png	08:58:20
roshan \| byteio.in 🌷	Download image.png	08:58:40
roshan \| byteio.in 🌷	same issue event after adding do image nix file	08:59:08
roshan \| byteio.in 🌷	In reply to @zhaofeng:zhaofeng.li Admittedly deploying as non-root isn't the best experience right now 😐️ right. Unable to read key from other user	13:24:42
roshan \| byteio.in 🌷	In reply to @zhaofeng:zhaofeng.li Admittedly deploying as non-root isn't the best experience right now 😐️ * right. Unable to read key from /run/keys/ in outher user acc	13:25:07
roshan \| byteio.in 🌷	Download image.png	13:52:13
roshan \| byteio.in 🌷	can i change ownership of /run/keys folder ? in Colmena	13:52:31
roshan \| byteio.in 🌷	i have user account named nix but Nix Unabel to acces keys folder	13:52:56
roshan \| byteio.in 🌷	but secret file owner is nix user acc	13:53:10
Linux Hackerman	usually what you do is add the group `keys` to the service or whatever it is that needs to access them	13:53:10
Linux Hackerman	since the `keys` group can read `/run/keys`	13:53:34
roshan \| byteio.in 🌷	Download image.png	13:53:33
roshan \| byteio.in 🌷	Download image.png	13:54:18
roshan \| byteio.in 🌷	is this correct way to add keys to nix acc ?	13:54:37
Linux Hackerman	yes, but freshrss shouldn't be running as the `nix` user unless you added extra config for it	13:55:01
Linux Hackerman	try adding `users.users.freshrss.extraGroups = ["keys"]`	13:55:59
Linux Hackerman	since it runs as the `freshrss` user	13:56:08
roshan \| byteio.in 🌷	services.<name> name is same for group	13:57:24
Linux Hackerman	not always	13:57:33
Linux Hackerman	you generally have to check the module implementation	13:57:43

Show newer messages

Back to Room ListRoom Version: 6