| 30 Jul 2022 |
 Zhaofeng Li | Yeah, it could work pretty well combined with the recent --eval-store suggestion. | 07:06:10 |
| Zhaofeng Li | The next step is to perform the actual evaluation remotely, but we aren't there yet. | 07:06:55 |
 Winter (she/her) | In reply to @zhaofeng:zhaofeng.li
Yeah, it could work pretty well combined with the recent --eval-store suggestion. Yeah, I did see that. Is that suggesting using the target machine as the store for eval with that flag? I'm pretty sure that's what they're suggesting, but the "local --eval-store" part is throwing me off. | 07:14:49 |
| Zhaofeng Li | Yeah, it's a bit confusing but I think that's what they meant. | 07:15:59 |
| Zhaofeng Li | In reply to @zhaofeng:zhaofeng.li
Ah, good catch! We should make it passthrough so it should work for other goals. Ok, just tested, and the colmena apply-local --sudo test goal works as it currently stands. The interactive prompts of sudo don't use stdin/out. | 07:26:53 |
| Winter (she/her) | Oh, huh, they... don't? | 07:42:55 |
| Winter (she/her) | Interesting! | 07:43:09 |
| Winter (she/her) | Although, keep in mind that other privilege escalation commands (doas comes to mind) may not give us that luxury. | 07:43:33 |
| Zhaofeng Li | I would assume it's the same, otherwise it won't play well with pipes and be insecure | 07:44:33 |
| Winter (she/her) | Oh, fair point. | 08:03:05 |
| Winter (she/her) | What even is there to use other than stdin/stdout in a console, though? ~~This is obviously magic.~~ | 08:03:36 |
| Winter (she/her) | I'll look into it later, I'm intrigued. | 08:03:44 |
| Winter (she/her) | Zhaofeng Li: That begs the question: why passthrough the profile switch execution, then? Were you under the assumption that it would be needed for ? | 08:04:30 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
What even is there to use other than stdin/stdout in a console, though? ~~This is obviously magic.~~ IIRC it uses /dev/console. There is a flag to make sudo use stdin though | 08:06:51 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
Zhaofeng Li: That begs the question: why passthrough the profile switch execution, then? Were you under the assumption that it would be needed for ? No, it was from way before apply-local was changed to escalate privileges during activation. passthrough() is just a simple way to execute commands with both stdin/stdout piped | 08:08:27 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
What even is there to use other than stdin/stdout in a console, though? ~~This is obviously magic.~~ * IIRC it uses /dev/console. There is a flag to make sudo use stdin though (edit: it's -S) | 08:10:23 |
| Winter (she/her) | In reply to @zhaofeng:zhaofeng.li
No, it was from way before apply-local was changed to escalate privileges during activation. passthrough() is just a simple way to execute commands with both stdin/stdout piped Why was it needed for the profile switch, out of curiosity? | 08:12:58 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
Why was it needed for the profile switch, out of curiosity? It was one of the four custom methods that I have to "execute" the command and get back a ColmenaResult. It's just a simple version of Command::status() which needs two layers of checking (the outer Result and the exit code). | 08:22:44 |
|  duponin set a profile picture. | 19:09:28 |
| 4 Aug 2022 |
|  bl1nk changed their profile picture. | 04:31:26 |
| 6 Aug 2022 |
|  Swiss Routing joined the room. | 22:00:09 |
| 7 Aug 2022 |
| Swiss Routing | Is there any way to do a healthcheck with colmena? I see some other deployment tools support this. All I want to do is make sure that if I push a new config that disables SSH access accidentally, this is caught and rolled back. | 15:37:30 |
 dantefromhell | In reply to @swissrouting:matrix.org
Is there any way to do a healthcheck with colmena? I see some other deployment tools support this. All I want to do is make sure that if I push a new config that disables SSH access accidentally, this is caught and rolled back. i'm curious if tests as described here suffice your requirement?
https://nixos.mayflower.consulting/blog/2019/07/11/leveraging-nixos-tests-in-your-project/ | 20:49:02 |
| Swiss Routing | In reply to @dantefromhell:matrix.org
i'm curious if tests as described here suffice your requirement?
https://nixos.mayflower.consulting/blog/2019/07/11/leveraging-nixos-tests-in-your-project/ That seems pretty much what I want, will give it a try. Thanks! | 22:44:16 |
| Winter (she/her) | In reply to @dantefromhell:matrix.org
i'm curious if tests as described here suffice your requirement?
https://nixos.mayflower.consulting/blog/2019/07/11/leveraging-nixos-tests-in-your-project/ How would that help without a mechanism to run the test? (Also, tests are within VMs.) | 23:25:19 |
| Winter (she/her) | In reply to @dantefromhell:matrix.org
i'm curious if tests as described here suffice your requirement?
https://nixos.mayflower.consulting/blog/2019/07/11/leveraging-nixos-tests-in-your-project/ * How would that help without a mechanism to run the test? (Also, tests are within VMs, and can't access the host.) | 23:25:26 |
| Winter (she/her) | * How would that help without a mechanism to run the test? (Also, tests are within VMs, and can't access the host. So tests probably aren't the solution here.) | 23:25:37 |
| 8 Aug 2022 |
 Linux Hackerman | You could put a NixOS test in system.extraDependencies (or similar, can't remember if that was the exact name of the option) so that the system won't build if the test doesn't pass, but yeah, it won't get you automatic rollback of changes that break your access | 06:03:18 |
| Linux Hackerman | There's nothing in colmena that would really support building this though | 06:19:32 |
| Linux Hackerman | I suppose you could hack something together with post-activation key upload | 06:19:50 |
