| 25 Jul 2022 |
 @grahamc:nixos.org | it also seems to get a bit weird with some secrets support | 15:45:28 |
| @grahamc:nixos.org | and the reboot behavior is not to my taste at the moment :) | 15:45:54 |
| @grahamc:nixos.org | but switching from nixops was almost entirely pain-free | 15:48:11 |
 @linus:schreibt.jetzt | grahamc (he/him): oh also keep in mind if you haven't encrypted your secrets and you're using flakes with colmena, the secrets are now world-readable in your nix store. | 15:55:41 |
| @grahamc:nixos.org | yeah, luckily they're barely secret | 15:57:29 |
| @grahamc:nixos.org | oh actually no they didn't get copied in, I "fixed" it like this: | 15:58:03 |
| @grahamc:nixos.org | colmena = let secrets = import /home/....mysecrets.nix; in | 15:58:24 |
| @grahamc:nixos.org | that file has no secrets, but points to other files, and loading those other files always failed | 15:58:52 |
| @linus:schreibt.jetzt | aaah ok | 15:59:04 |
| 30 Jul 2022 |
 Winter (she/her) | Zhaofeng Li: would you accept a PR / consider running rustfmt on the source tree? | 04:21:48 |
 Zhaofeng Li | In reply to @winterqt:nixos.dev
Zhaofeng Li: would you accept a PR / consider running rustfmt on the source tree? Sure, done | 05:14:42 |
| Winter (she/her) | I assume just like interactive SSH auth isn't supported, interactive privilege escalation (i.e. entering a password for sudo during activation) also isn't supported? | 05:33:09 |
| Winter (she/her) | Is the best workaround in that case to run sudo beforehand or something so it caches your session for a bit? | 05:33:39 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
I assume just like interactive SSH auth isn't supported, interactive privilege escalation (i.e. entering a password for sudo during activation) also isn't supported? No, it's not supported except for apply-local. It's hard for it to be done in a manner with good user experience. | 05:59:01 |
| Zhaofeng Li | Note that interactive auth that doesn't require keyboard interaction should "work", like the Tailscale SSH check mode (haven't tested though). But still not a good experience with the default spinner UI | 06:00:26 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
Is the best workaround in that case to run sudo beforehand or something so it caches your session for a bit? I don't think sudo is cached across SSH sessions. | 06:00:56 |
| Winter (she/her) | In reply to @zhaofeng:zhaofeng.li
I don't think sudo is cached across SSH sessions. I'm talking specifically in the context of apply-local here. | 06:02:41 |
| Winter (she/her) | Is should_switch_profile always true? If not, seems like there's an edge case that isn't handled here. | 06:05:11 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
I'm talking specifically in the context of apply-local here. Then it should be supported. After https://github.com/zhaofengli/colmena/issues/85 apply-local was changed to use the verbose UX if --sudo is passed so it doesn't interfere with the interactive prompt. What are you encountering? | 06:05:32 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
Is should_switch_profile always true? If not, seems like there's an edge case that isn't handled here. What's the edge case? Currently it's true for boot and switch | 06:08:26 |
| Winter (she/her) | In reply to @zhaofeng:zhaofeng.li
What's the edge case? Currently it's true for boot and switch See here. If it's anything else, the privilege escalation command may hang indefinitely waiting for a password or similar since it doesn't passthrough like the profile switch invocation does | 06:13:28 |
| Zhaofeng Li | Ah, good catch! We should make it passthrough so it should work for other goals. | 06:17:33 |
| Winter (she/her) | By the way, how annoying would it be with the current hive.nix to add multi-arch Nixpkgs support? Couldn't it be as simple as making it so you pass a path to Nixpkgs that's then imported with the system configured for the desired host? Or, idk, what's the blocker there? | 06:21:31 |
| Winter (she/her) | * By the way, how annoying would it be with the current eval.nix to add multi-arch Nixpkgs support? Couldn't it be as simple as making it so you pass a path to Nixpkgs that's then imported with the system configured for the desired host? Or, idk, what's the blocker there? | 06:23:07 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
By the way, how annoying would it be with the current eval.nix to add multi-arch Nixpkgs support? Couldn't it be as simple as making it so you pass a path to Nixpkgs that's then imported with the system configured for the desired host? Or, idk, what's the blocker there? By multi-arch. do you mean deploying to another architecture (https://colmena.cli.rs/unstable/examples/multi-arch.html) or something else? | 06:23:26 |
| Zhaofeng Li | In reply to @winterqt:nixos.dev
By the way, how annoying would it be with the current eval.nix to add multi-arch Nixpkgs support? Couldn't it be as simple as making it so you pass a path to Nixpkgs that's then imported with the system configured for the desired host? Or, idk, what's the blocker there? * By multi-arch, do you mean deploying to another architecture (https://colmena.cli.rs/unstable/examples/multi-arch.html) or something else? | 06:23:38 |
| Winter (she/her) | I mean having one hive with multiple architectures, as currently it seems that you need to do something like colmena.meta.nixpkgs = import nixpkgs { system = ...; }; | 06:24:46 |
| Winter (she/her) | Though it seems that eval.nix has support for just pointing that at a path to Nixpkgs | 06:25:09 |
| Winter (she/her) | So maybe it'll just work? | 06:25:13 |
| Winter (she/her) | Ah, here: https://github.com/zhaofengli/colmena/issues/31 | 06:26:22 |
