| 24 Nov 2022 |
 @ask-yourself:matrix.org | ➜ colmena apply --on laptop
[INFO ] Using flake: git+file:///home/isaac/.dotfiles
[INFO ] Enumerating nodes...
[INFO ] Selected 1 out of 4 hosts.
❌ 6s Failed: Child process exited with error code: 1
laptop ✅ 5s Evaluated laptop
laptop ✅ 0s Built "/nix/store/9zsi0h4lbmnj9hggbg8vzxr1mhy1wqw3-nixos-system-laptop-23.05pre-git"
laptop ❌ 1s Push failed: Child process exited with error code: 1
[ERROR] Failed to complete requested operation - Last 1 lines of logs:
[ERROR] failure) Child process exited with error code: 1
[ERROR] Failed to push system closure to laptop - Last 9 lines of logs:
[ERROR] created)
[ERROR] state) Running
[ERROR] stderr) copying 10 paths...
[ERROR] stderr) copying path '/nix/store/3ddp6lnxxi98gb43rgqx6531n94ygcpl-home-manager-path' to 'ssh://isaac@10.0.0.22'...
[ERROR] stderr) error: cannot add path '/nix/store/3ddp6lnxxi98gb43rgqx6531n94ygcpl-home-manager-path' because it lacks a valid signature
[ERROR] stderr) copying path '/nix/store/jdc1w4iw3dd1n5rz257awxld13hs45f5-starship-config' to 'ssh://isaac@10.0.0.22'...
[ERROR] stderr) error (ignored): error: writing to file: Broken pipe
[ERROR] stderr) error: unexpected end-of-file
[ERROR] failure) Child process exited with error code: 1
[ERROR] -----
[ERROR] Operation failed with error: Child process exited with error code: 1
| 20:46:15 |
| @ask-yourself:matrix.org | Not sure why it's unhappy with HM. | 20:46:22 |
 Zhaofeng Li | You have to be a trusted user to copy arbitrary paths into a remote store. Either add isaac into nix.settings.trusted-users (warning: they are root-equivalent) or use root | 20:48:08 |
| @ask-yourself:matrix.org | Ohhhhhhhh. | 20:48:28 |
| @ask-yourself:matrix.org | Ok lemme try that. | 20:48:30 |
| @ask-yourself:matrix.org | Is there a reason why it would be complaining about a password when I have an SSH key setup? | 20:53:40 |
| @ask-yourself:matrix.org | I can ssh in with ssh isaac@10.0.0.2 without needing a password. | 20:54:00 |
| Zhaofeng Li | It still needs root when running the activation script, so during activation it will try to use sudo to become root. | 20:55:05 |
| @ask-yourself:matrix.org | How can I give it the ability to use sudo? | 20:57:23 |
| Zhaofeng Li | Currently it only supports passwordless sudo, so you can either add a rule to security.sudo.extraRules or allow everyone in wheel to escalate without a password with security.sudo.wheelNeedsPassword. | 21:00:25 |
| Zhaofeng Li | Admittedly deploying as non-root isn't the best experience right now 😐️ | 21:01:05 |
| @ask-yourself:matrix.org | That's ok, it'll be cool once it's working. | 21:01:45 |
| @ask-yourself:matrix.org | I'll try adding that, but I do wanna know.. Would this all be easier if I used some kind of secrets management thing like SOPS? | 21:02:06 |
| Zhaofeng Li | Using sops doesn't alleviate the problems with running the deployment process as non-root. It's a replacement for deployment.keys with a different workflow. | 21:04:35 |
| @ask-yourself:matrix.org | Ok, it's working, this is very cool. | 21:06:52 |
| @ask-yourself:matrix.org | Thank you very much for the help. | 21:06:56 |
