| 30 Jul 2022 |
 Winter (she/her) | I assume just like interactive SSH auth isn't supported, interactive privilege escalation (i.e. entering a password for sudo during activation) also isn't supported? | 05:33:09 |
| Winter (she/her) | Is the best workaround in that case to run sudo beforehand or something so it caches your session for a bit? | 05:33:39 |
 Zhaofeng Li | In reply to @winterqt:nixos.dev
I assume just like interactive SSH auth isn't supported, interactive privilege escalation (i.e. entering a password for sudo during activation) also isn't supported? No, it's not supported except for apply-local. It's hard for it to be done in a manner with good user experience. | 05:59:01 |
| Zhaofeng Li | Note that interactive auth that doesn't require keyboard interaction should "work", like the Tailscale SSH check mode (haven't tested though). But still not a good experience with the default spinner UI | 06:00:26 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
Is the best workaround in that case to run sudo beforehand or something so it caches your session for a bit? I don't think sudo is cached across SSH sessions. | 06:00:56 |
| Winter (she/her) | In reply to @zhaofeng:zhaofeng.li
I don't think sudo is cached across SSH sessions. I'm talking specifically in the context of apply-local here. | 06:02:41 |
| Winter (she/her) | Is should_switch_profile always true? If not, seems like there's an edge case that isn't handled here. | 06:05:11 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
I'm talking specifically in the context of apply-local here. Then it should be supported. After https://github.com/zhaofengli/colmena/issues/85 apply-local was changed to use the verbose UX if --sudo is passed so it doesn't interfere with the interactive prompt. What are you encountering? | 06:05:32 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
Is should_switch_profile always true? If not, seems like there's an edge case that isn't handled here. What's the edge case? Currently it's true for boot and switch | 06:08:26 |
| Winter (she/her) | In reply to @zhaofeng:zhaofeng.li
What's the edge case? Currently it's true for boot and switch See here. If it's anything else, the privilege escalation command may hang indefinitely waiting for a password or similar since it doesn't passthrough like the profile switch invocation does | 06:13:28 |
| Zhaofeng Li | Ah, good catch! We should make it passthrough so it should work for other goals. | 06:17:33 |
| Winter (she/her) | By the way, how annoying would it be with the current hive.nix to add multi-arch Nixpkgs support? Couldn't it be as simple as making it so you pass a path to Nixpkgs that's then imported with the system configured for the desired host? Or, idk, what's the blocker there? | 06:21:31 |
| Winter (she/her) | * By the way, how annoying would it be with the current eval.nix to add multi-arch Nixpkgs support? Couldn't it be as simple as making it so you pass a path to Nixpkgs that's then imported with the system configured for the desired host? Or, idk, what's the blocker there? | 06:23:07 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
By the way, how annoying would it be with the current eval.nix to add multi-arch Nixpkgs support? Couldn't it be as simple as making it so you pass a path to Nixpkgs that's then imported with the system configured for the desired host? Or, idk, what's the blocker there? By multi-arch. do you mean deploying to another architecture (https://colmena.cli.rs/unstable/examples/multi-arch.html) or something else? | 06:23:26 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
By the way, how annoying would it be with the current eval.nix to add multi-arch Nixpkgs support? Couldn't it be as simple as making it so you pass a path to Nixpkgs that's then imported with the system configured for the desired host? Or, idk, what's the blocker there? * By multi-arch, do you mean deploying to another architecture (https://colmena.cli.rs/unstable/examples/multi-arch.html) or something else? | 06:23:38 |
| Winter (she/her) | I mean having one hive with multiple architectures, as currently it seems that you need to do something like colmena.meta.nixpkgs = import nixpkgs { system = ...; }; | 06:24:46 |
| Winter (she/her) | Though it seems that eval.nix has support for just pointing that at a path to Nixpkgs | 06:25:09 |
| Winter (she/her) | So maybe it'll just work? | 06:25:13 |
| Winter (she/her) | Ah, here: https://github.com/zhaofengli/colmena/issues/31 | 06:26:22 |
| Winter (she/her) | Was looking for this | 06:26:26 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
I mean having one hive with multiple architectures, as currently it seems that you need to do something like colmena.meta.nixpkgs = import nixpkgs { system = ...; }; Yeah, it's suppported and you can set the nixpkgs.system in the node configuration. If you don't like overriding it this way, you can also set an instantiated nixpkgs of another arch in meta.nodeNixpkgs. | 06:26:44 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
Ah, here: https://github.com/zhaofengli/colmena/issues/31 nixpkgs.system works now and if it doesn't, it's a bug | 06:27:57 |
| Winter (she/her) | I assume https://github.com/zhaofengli/colmena/issues/31#issuecomment-873348794 is still an issue, though, which is why it's still open? | 06:28:35 |
| Winter (she/her) | Hm, this is confusing; I can't seem to find the repro of the issue that still exists. | 06:30:20 |
| Winter (she/her) | They say the repro here was fixed, and then provide a workaround for here, but I'm not sure what the still broken usecase is. | 06:32:41 |
| Winter (she/her) | * They say the repro here was fixed, and then provide a workaround for some usecase here, but I'm not sure what the still broken usecase is. | 06:32:54 |
| Winter (she/her) | ugh element just stripped the formatting, cool | 06:33:05 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
I assume https://github.com/zhaofengli/colmena/issues/31#issuecomment-873348794 is still an issue, though, which is why it's still open? I think it can be closed. One remaining issue was the merging of nixpkgs.config, which was broken because all of the config keys were untyped prior to 22.11 unstable. Now most of the config keys are typed and can be correctly merged. | 06:34:03 |
| Winter (she/her) | Ah, neat.
I feel like I asked this before but I can't find the logs or any reasoning in the source, but why is impure evaluation used? Is it for the non-flake case or something? (Also, nix-eval-jobs is the default evaluator on master, at least until the chunked evaluator is ported over to the new trait, right?) | 06:38:50 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
Ah, neat.
I feel like I asked this before but I can't find the logs or any reasoning in the source, but why is impure evaluation used? Is it for the non-flake case or something? (Also, nix-eval-jobs is the default evaluator on master, at least until the chunked evaluator is ported over to the new trait, right?) It's mostly because we have a custom entry point for our evaluation (eval.nix) and it's difficult to use it in pure evaluation mode. I recently did some experiments on that front, which is to make eval.nix and friends a flake so we can use builtins.getFlake with a locked URI to get it in pure evaluation mode. Going forward I think the easiest way is to generate a temporary flake that contains eval.nix with the hive flake as a locked input. | 06:46:22 |
