| 24 Nov 2022 |
 Zhaofeng Li | In reply to @ask-yourself:matrix.org
So that I have tried:
laptop = {
deployment = {
allowLocalDeployment = true;
tags = ["laptop"];
targetUser = "isaac";
targetHost = "10.0.0.22";
};
imports = [
./nixos/laptop
home-manager.nixosModules.home-manager
{
home-manager = {
extraSpecialArgs = {
inherit user;
};
useGlobalPkgs = true;
users.${user} = {
imports = [(import ./nixos/laptop/home-manager.nix)];
};
useUserPackages = true;
};
}
];
};
But I get this:
❯ sudo colmena apply --on laptop
warning: Git tree '/home/isaac/.dotfiles' is dirty
[INFO ] Using flake: git+file:///home/isaac/.dotfiles
[INFO ] Enumerating nodes...
warning: Git tree '/home/isaac/.dotfiles' is dirty
warning: Git tree '/home/isaac/.dotfiles' is dirty
warning: Git tree '/home/isaac/.dotfiles' is dirty
[INFO ] Selected 1 out of 2 hosts.
❌ 5s Failed: Child process exited with error code: 1
laptop ✅ 4s Evaluated laptop
laptop ✅ 0s Built "/nix/store/klgnlk5l0cbx6yzn6xcfn6w4hbbmhp51-nixos-system-laptop-23.05pre-git"
laptop ❌ 0s Push failed: Child process exited with error code: 1
[ERROR] Failed to push system closure to laptop - Last 5 lines of logs:
[ERROR] created)
[ERROR] state) Running
[ERROR] stderr) isaac@10.0.0.22: Permission denied (publickey,password,keyboard-interactive).
[ERROR] stderr) error: cannot connect to 'isaac@10.0.0.22'
[ERROR] failure) Child process exited with error code: 1
[ERROR] Failed to complete requested operation - Last 1 lines of logs:
[ERROR] failure) Child process exited with error code: 1
[ERROR] -----
[ERROR] Operation failed with error: Child process exited with error code: 1
Don't use sudo when deploying remotely. | 20:37:34 |
| Zhaofeng Li | In reply to @ask-yourself:matrix.org
So that I have tried:
laptop = {
deployment = {
allowLocalDeployment = true;
tags = ["laptop"];
targetUser = "isaac";
targetHost = "10.0.0.22";
};
imports = [
./nixos/laptop
home-manager.nixosModules.home-manager
{
home-manager = {
extraSpecialArgs = {
inherit user;
};
useGlobalPkgs = true;
users.${user} = {
imports = [(import ./nixos/laptop/home-manager.nix)];
};
useUserPackages = true;
};
}
];
};
But I get this:
❯ sudo colmena apply --on laptop
warning: Git tree '/home/isaac/.dotfiles' is dirty
[INFO ] Using flake: git+file:///home/isaac/.dotfiles
[INFO ] Enumerating nodes...
warning: Git tree '/home/isaac/.dotfiles' is dirty
warning: Git tree '/home/isaac/.dotfiles' is dirty
warning: Git tree '/home/isaac/.dotfiles' is dirty
[INFO ] Selected 1 out of 2 hosts.
❌ 5s Failed: Child process exited with error code: 1
laptop ✅ 4s Evaluated laptop
laptop ✅ 0s Built "/nix/store/klgnlk5l0cbx6yzn6xcfn6w4hbbmhp51-nixos-system-laptop-23.05pre-git"
laptop ❌ 0s Push failed: Child process exited with error code: 1
[ERROR] Failed to push system closure to laptop - Last 5 lines of logs:
[ERROR] created)
[ERROR] state) Running
[ERROR] stderr) isaac@10.0.0.22: Permission denied (publickey,password,keyboard-interactive).
[ERROR] stderr) error: cannot connect to 'isaac@10.0.0.22'
[ERROR] failure) Child process exited with error code: 1
[ERROR] Failed to complete requested operation - Last 1 lines of logs:
[ERROR] failure) Child process exited with error code: 1
[ERROR] -----
[ERROR] Operation failed with error: Child process exited with error code: 1
* Don't use sudo when deploying remotely. In this case, I guess root doesn't have the keys to connect to 10.0.0.22 | 20:37:51 |
 @ask-yourself:matrix.org | Hmm. Ok, thanks that fixed the first error. But I must admit I'm equally confused by this new one: | 20:46:07 |
| @ask-yourself:matrix.org | ➜ colmena apply --on laptop
[INFO ] Using flake: git+file:///home/isaac/.dotfiles
[INFO ] Enumerating nodes...
[INFO ] Selected 1 out of 4 hosts.
❌ 6s Failed: Child process exited with error code: 1
laptop ✅ 5s Evaluated laptop
laptop ✅ 0s Built "/nix/store/9zsi0h4lbmnj9hggbg8vzxr1mhy1wqw3-nixos-system-laptop-23.05pre-git"
laptop ❌ 1s Push failed: Child process exited with error code: 1
[ERROR] Failed to complete requested operation - Last 1 lines of logs:
[ERROR] failure) Child process exited with error code: 1
[ERROR] Failed to push system closure to laptop - Last 9 lines of logs:
[ERROR] created)
[ERROR] state) Running
[ERROR] stderr) copying 10 paths...
[ERROR] stderr) copying path '/nix/store/3ddp6lnxxi98gb43rgqx6531n94ygcpl-home-manager-path' to 'ssh://isaac@10.0.0.22'...
[ERROR] stderr) error: cannot add path '/nix/store/3ddp6lnxxi98gb43rgqx6531n94ygcpl-home-manager-path' because it lacks a valid signature
[ERROR] stderr) copying path '/nix/store/jdc1w4iw3dd1n5rz257awxld13hs45f5-starship-config' to 'ssh://isaac@10.0.0.22'...
[ERROR] stderr) error (ignored): error: writing to file: Broken pipe
[ERROR] stderr) error: unexpected end-of-file
[ERROR] failure) Child process exited with error code: 1
[ERROR] -----
[ERROR] Operation failed with error: Child process exited with error code: 1
| 20:46:15 |
| @ask-yourself:matrix.org | Not sure why it's unhappy with HM. | 20:46:22 |
| Zhaofeng Li | You have to be a trusted user to copy arbitrary paths into a remote store. Either add isaac into nix.settings.trusted-users (warning: they are root-equivalent) or use root | 20:48:08 |
| @ask-yourself:matrix.org | Ohhhhhhhh. | 20:48:28 |
| @ask-yourself:matrix.org | Ok lemme try that. | 20:48:30 |
| @ask-yourself:matrix.org | Is there a reason why it would be complaining about a password when I have an SSH key setup? | 20:53:40 |
| @ask-yourself:matrix.org | I can ssh in with ssh isaac@10.0.0.2 without needing a password. | 20:54:00 |
| Zhaofeng Li | It still needs root when running the activation script, so during activation it will try to use sudo to become root. | 20:55:05 |
| @ask-yourself:matrix.org | How can I give it the ability to use sudo? | 20:57:23 |
| Zhaofeng Li | Currently it only supports passwordless sudo, so you can either add a rule to security.sudo.extraRules or allow everyone in wheel to escalate without a password with security.sudo.wheelNeedsPassword. | 21:00:25 |
| Zhaofeng Li | Admittedly deploying as non-root isn't the best experience right now 😐️ | 21:01:05 |
| @ask-yourself:matrix.org | That's ok, it'll be cool once it's working. | 21:01:45 |
| @ask-yourself:matrix.org | I'll try adding that, but I do wanna know.. Would this all be easier if I used some kind of secrets management thing like SOPS? | 21:02:06 |
| Zhaofeng Li | Using sops doesn't alleviate the problems with running the deployment process as non-root. It's a replacement for deployment.keys with a different workflow. | 21:04:35 |
| @ask-yourself:matrix.org | Ok, it's working, this is very cool. | 21:06:52 |
| @ask-yourself:matrix.org | Thank you very much for the help. | 21:06:56 |
| 25 Nov 2022 |
|  @chris01:nitro.chat joined the room. | 20:37:56 |
|  @tired:fairydust.space joined the room. | 22:05:02 |
| 26 Nov 2022 |
|  @ahsmha:matrix.org changed their display name from rh to ahmed. | 19:19:49 |
|  shanesveller joined the room. | 19:22:59 |
|  @digital:fairydust.space joined the room. | 22:41:05 |
|  raitobezarius joined the room. | 23:56:34 |
| 27 Nov 2022 |
|  roshan | byteio.in 🌷 changed their display name from nixie 🤓 to theDev.oen 🌷. | 09:11:46 |
| roshan | byteio.in 🌷 changed their display name from theDev.oen 🌷 to theDev.one🌷. | 09:11:54 |
| roshan | byteio.in 🌷 changed their display name from theDev.one🌷 to theDev.one 🌷. | 09:12:48 |
| 28 Nov 2022 |
| roshan | byteio.in 🌷 | 
Download image.png | 03:07:16 |
 @NobbZ:matrix.org | For some reason there is an increasing number of people asking for support who use colmena. And it is quite common that one wants to build the machine that causes issues to inspect the system closure. For something like that it seems as if colmena build is quite practical, though at the same time it seems as if it lacks an argument to specify a single host to build. Is this indeed missing or did I miss something in the docs? Also, it would be nice if there were appropriately named out links after a build. | 06:51:48 |
