| 25 Jul 2022 |
 @grahamc:nixos.org | oh actually no they didn't get copied in, I "fixed" it like this: | 15:58:03 |
| @grahamc:nixos.org | colmena = let secrets = import /home/....mysecrets.nix; in | 15:58:24 |
| @grahamc:nixos.org | that file has no secrets, but points to other files, and loading those other files always failed | 15:58:52 |
 @linus:schreibt.jetzt | aaah ok | 15:59:04 |
| 30 Jul 2022 |
 Winter (she/her) | Zhaofeng Li: would you accept a PR / consider running rustfmt on the source tree? | 04:21:48 |
 Zhaofeng Li | In reply to @winterqt:nixos.dev
Zhaofeng Li: would you accept a PR / consider running rustfmt on the source tree? Sure, done | 05:14:42 |
| Winter (she/her) | I assume just like interactive SSH auth isn't supported, interactive privilege escalation (i.e. entering a password for sudo during activation) also isn't supported? | 05:33:09 |
| Winter (she/her) | Is the best workaround in that case to run sudo beforehand or something so it caches your session for a bit? | 05:33:39 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
I assume just like interactive SSH auth isn't supported, interactive privilege escalation (i.e. entering a password for sudo during activation) also isn't supported? No, it's not supported except for apply-local. It's hard for it to be done in a manner with good user experience. | 05:59:01 |
| Zhaofeng Li | Note that interactive auth that doesn't require keyboard interaction should "work", like the Tailscale SSH check mode (haven't tested though). But still not a good experience with the default spinner UI | 06:00:26 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
Is the best workaround in that case to run sudo beforehand or something so it caches your session for a bit? I don't think sudo is cached across SSH sessions. | 06:00:56 |
| Winter (she/her) | In reply to @zhaofeng:zhaofeng.li
I don't think sudo is cached across SSH sessions. I'm talking specifically in the context of apply-local here. | 06:02:41 |
| Winter (she/her) | Is should_switch_profile always true? If not, seems like there's an edge case that isn't handled here. | 06:05:11 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
I'm talking specifically in the context of apply-local here. Then it should be supported. After https://github.com/zhaofengli/colmena/issues/85 apply-local was changed to use the verbose UX if --sudo is passed so it doesn't interfere with the interactive prompt. What are you encountering? | 06:05:32 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
Is should_switch_profile always true? If not, seems like there's an edge case that isn't handled here. What's the edge case? Currently it's true for boot and switch | 06:08:26 |
| Winter (she/her) | In reply to @zhaofeng:zhaofeng.li
What's the edge case? Currently it's true for boot and switch See here. If it's anything else, the privilege escalation command may hang indefinitely waiting for a password or similar since it doesn't passthrough like the profile switch invocation does | 06:13:28 |
| Zhaofeng Li | Ah, good catch! We should make it passthrough so it should work for other goals. | 06:17:33 |
| Winter (she/her) | By the way, how annoying would it be with the current hive.nix to add multi-arch Nixpkgs support? Couldn't it be as simple as making it so you pass a path to Nixpkgs that's then imported with the system configured for the desired host? Or, idk, what's the blocker there? | 06:21:31 |
| Winter (she/her) | * By the way, how annoying would it be with the current eval.nix to add multi-arch Nixpkgs support? Couldn't it be as simple as making it so you pass a path to Nixpkgs that's then imported with the system configured for the desired host? Or, idk, what's the blocker there? | 06:23:07 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
By the way, how annoying would it be with the current eval.nix to add multi-arch Nixpkgs support? Couldn't it be as simple as making it so you pass a path to Nixpkgs that's then imported with the system configured for the desired host? Or, idk, what's the blocker there? By multi-arch. do you mean deploying to another architecture (https://colmena.cli.rs/unstable/examples/multi-arch.html) or something else? | 06:23:26 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
By the way, how annoying would it be with the current eval.nix to add multi-arch Nixpkgs support? Couldn't it be as simple as making it so you pass a path to Nixpkgs that's then imported with the system configured for the desired host? Or, idk, what's the blocker there? * By multi-arch, do you mean deploying to another architecture (https://colmena.cli.rs/unstable/examples/multi-arch.html) or something else? | 06:23:38 |
| Winter (she/her) | I mean having one hive with multiple architectures, as currently it seems that you need to do something like colmena.meta.nixpkgs = import nixpkgs { system = ...; }; | 06:24:46 |
| Winter (she/her) | Though it seems that eval.nix has support for just pointing that at a path to Nixpkgs | 06:25:09 |
| Winter (she/her) | So maybe it'll just work? | 06:25:13 |
| Winter (she/her) | Ah, here: https://github.com/zhaofengli/colmena/issues/31 | 06:26:22 |
| Winter (she/her) | Was looking for this | 06:26:26 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
I mean having one hive with multiple architectures, as currently it seems that you need to do something like colmena.meta.nixpkgs = import nixpkgs { system = ...; }; Yeah, it's suppported and you can set the nixpkgs.system in the node configuration. If you don't like overriding it this way, you can also set an instantiated nixpkgs of another arch in meta.nodeNixpkgs. | 06:26:44 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
Ah, here: https://github.com/zhaofengli/colmena/issues/31 nixpkgs.system works now and if it doesn't, it's a bug | 06:27:57 |
| Winter (she/her) | I assume https://github.com/zhaofengli/colmena/issues/31#issuecomment-873348794 is still an issue, though, which is why it's still open? | 06:28:35 |
| Winter (she/her) | Hm, this is confusing; I can't seem to find the repro of the issue that still exists. | 06:30:20 |
