| 14 Oct 2022 |
 roshan | byteio.in π· | 
Download image.png | 02:14:31 |
| roshan | byteio.in π· | In reply to @ronixx:matrix.org
After deploying my services through colmena after 24-30 hours my server don't respond anything ( everything get stopped ) even i m unable to ssh to it but server is in running state context | 02:14:59 |
| roshan | byteio.in π· | In reply to @ronixx:matrix.org
sent an image. able to connect shell via Oracle Cloud Shell but direct ssh is not working | 02:20:28 |
| roshan | byteio.in π· | In reply to @ronixx:matrix.org
sent an image. * able to connect shell via Oracle Cloud Shell but direct ssh is not working
and websites are hosted on server also showing down but containers are running fine
| 02:21:36 |
 Zhaofeng Li | In reply to @ronixx:matrix.org
able to connect shell via Oracle Cloud Shell but direct ssh is not working
and websites are hosted on server also showing down but containers are running fine
You need to see what's going on via the serial console. Try looking at the network configs, firewall, and stuff. | 02:35:31 |
| roshan | byteio.in π· | this is my config https://yaso.su/UDwGxzpq | 03:54:42 |
| roshan | byteio.in π· | i have open ports from Oracle Account for instance. | 03:55:10 |
| roshan | byteio.in π· | 
Download image.png | 03:55:29 |
| roshan | byteio.in π· | Ports are also showing opened in Serial Console | 03:56:45 |
| Zhaofeng Li | Remove boot.isContainer = true; (it's not a container) and include oci-common.nix from this PR | 19:50:19 |
| Zhaofeng Li | But still from the serial console, can you try whether networking is working? Check ip , do some pings/traceroutes/etc | 19:51:16 |
| 15 Oct 2022 |
|  Otavio Salvador joined the room. | 11:36:35 |
| 16 Oct 2022 |
 Linux Hackerman | colmena is breaking with lazy-trees nix:
colmena apply --on sol boot
warning: unknown setting 'structured-drv-logs'
warning: Git tree '/home/linus/deploy' is dirty
[INFO ] Using flake: git+file:///home/linus/deploy
warning: unknown setting 'structured-drv-logs'
warning: Git tree '/home/linus/deploy' is dirty
warning: will not write lock file of flake 'path:/tmp/nix-shell.NZrVap/colmena-assets-A0gZ3E' because it has an unlocked input ('git+file:///home/linus/deploy')
[INFO ] Enumerating nodes...
warning: unknown setting 'structured-drv-logs'
error: cannot call 'getFlake' on unlocked flake reference 'path:/tmp/nix-shell.NZrVap/colmena-assets-A0gZ3E', at Β«stringΒ»:1:29 (use --impure to override)
[ERROR] -----
[ERROR] Operation failed with error: Child process exited with error code: 1
| 12:39:27 |
| Linux Hackerman | I think this is an intentional breaking change on the Nix side | 12:39:38 |
| Linux Hackerman | oh right, this is only a problem with dirty trees though | 12:41:17 |
| Zhaofeng Li | Right, need to take a look. There are some more breaking changes regarding path: flakes that I noticed:
$ nix flake metadata --json
warning: Git tree '/home/zhaofeng/Git/fleet' is dirty
error: lock file contains unlocked input '{"lastModified":1665862219,"narHash":"sha256-VPPLMapU8HtCjb54WDKsnjTjyB3YYXkgxEtzf5Xyqx0=","type":"git","url":"file:///home/zhaofeng/Git/Jovian-NixOS"}'
(use '--show-trace' to show detailed location information)
| 20:26:56 |
| Zhaofeng Li | * Right, need to take a look. There are some more breaking changes regarding path: flakes that I noticed with lazy-trees:
$ nix flake metadata --json
warning: Git tree '/home/zhaofeng/Git/fleet' is dirty
error: lock file contains unlocked input '{"lastModified":1665862219,"narHash":"sha256-VPPLMapU8HtCjb54WDKsnjTjyB3YYXkgxEtzf5Xyqx0=","type":"git","url":"file:///home/zhaofeng/Git/Jovian-NixOS"}'
(use '--show-trace' to show detailed location information)
| 20:27:12 |
| Zhaofeng Li | * Right, need to take a look. There are some more breaking changes regarding git+file:// flakes that I noticed with lazy-trees:
$ nix flake metadata --json
warning: Git tree '/home/zhaofeng/Git/fleet' is dirty
error: lock file contains unlocked input '{"lastModified":1665862219,"narHash":"sha256-VPPLMapU8HtCjb54WDKsnjTjyB3YYXkgxEtzf5Xyqx0=","type":"git","url":"file:///home/zhaofeng/Git/Jovian-NixOS"}'
(use '--show-trace' to show detailed location information)
| 20:28:12 |
| 18 Oct 2022 |
|  Shyim joined the room. | 09:01:40 |
| Shyim | Hey,
How would you handle secrets? π€ | 09:01:57 |
| Linux Hackerman | Personally I have them checked into my deployment repo, encrypted with GPG, and use a little module to abstract over decrypting them | 09:02:55 |
| Linux Hackerman | https://gist.github.com/lheckemann/3f4f3ce05521f4ace32bddce0b66e189 | 09:03:16 |
 @v:meowy.tech | I use https://github.com/serokell/vault-secrets, but other popular options are sops-nix (https://github.com/Mic92/sops-nix) and git-crypt (https://github.com/AGWA/git-crypt) | 09:03:58 |
| Linux Hackerman | then for example I have
secrets.loki-password.user = "promtail";
services.promtail.configuration.clients = [ { ...; password_file = config.secrets.loki-password.path; } ];
| 09:04:34 |
| Linux Hackerman | and it decrypts the secret from secrets/$hostname/loki-password.gpg and copies it over at deployment time | 09:05:05 |
| Shyim | Linux Hackerman: So I need the private gpg key on the machine right? :D | 09:05:44 |
| Linux Hackerman | the advantage of this approach is that the secrets can theoretically not get copied to the nix store (in practice they do, because I use Flakes) | 09:05:53 |
| Linux Hackerman | Shyim: only on the machine from which you're deploying | 09:06:01 |
| Shyim | AHHH. cool | 09:06:43 |
| Linux Hackerman | but I think I'll be switching to agenix or sops-nix at some point in the future, partly because this approach is colmena-specific and I'm not sure I want to stick with colmena | 09:06:57 |
