| 7 Jun 2022 |
 Linux Hackerman | In reply to @schnecfk:ruhr-uni-bochum.de
And in a sense, it allows for crude 2FA (SSH with pubkey, sudo with pw) Are people doing that? | 08:49:23 |
 CRTified | I don't know, but I've seen that reason a few times (not limited to colmena), always with the advice to make root as inaccessible as possible | 09:11:53 |
| 8 Jun 2022 |
 Wanja Hentze | How do you folks feel about adding a --interactive or --confirm (actual name can be bikeshed) option to colmena that makes it prints the list of target hosts and asks you to confirm before proceeding? | 16:56:51 |
| 9 Jun 2022 |
 Zhaofeng Li | That sounds like a reasonable feature to add | 03:42:09 |
|  Taeer Bar-Yam joined the room. | 13:25:40 |
| Taeer Bar-Yam | I'm hoping someone here can help me out. If not, I'll open an issue on the github. I can't get --keep-result to do anything. I'm running colmena build --keep-result, and it doesn't create any .gcroots directory. I've tried it with and without flakes. | 16:39:06 |
| Zhaofeng Li | In reply to @shine:proqqul.net
I'm hoping someone here can help me out. If not, I'll open an issue on the github. I can't get --keep-result to do anything. I'm running colmena build --keep-result, and it doesn't create any .gcroots directory. I've tried it with and without flakes. The current implementation only creates GC roots as one of the last steps after a successful activation (not build). It should probably be moved to after the build. | 16:56:15 |
| Zhaofeng Li | (done) | 18:33:07 |
| Taeer Bar-Yam | Thank you! <3 I was trying to make that change myself and getting bogged down in where exactly mut should and shouldn't go (not a rust programmer) | 18:46:49 |
| Taeer Bar-Yam | Oh. Hm... I'm still having the same behaviour (nothing being produced with --keep-result) | 18:47:14 |
| Zhaofeng Li | Hmm, it does create them for me with colmena build | 18:56:13 |
| Taeer Bar-Yam | Aha! It works when using flakes, but not without | 18:57:48 |
| Taeer Bar-Yam | presumably it doesn't know how to find the hive directory in a non-flake build | 18:58:03 |
| Zhaofeng Li | Weird, it should be able to create GC roots with non-flakes (actually we are only testing it in the non-flake path in the end-to-end tests) | 19:00:28 |
| Zhaofeng Li | Just tried and it does work in the non-flakes case | 19:01:47 |
| Taeer Bar-Yam | oh never mind, I see it now. | 19:09:28 |
| Taeer Bar-Yam | I think i might have just been looking in the wrong place | 19:09:37 |
| Taeer Bar-Yam | anyway, this works great. thank you :) | 19:22:21 |
| 10 Jun 2022 |
|  lblasc joined the room. | 08:54:46 |
| 18 Jun 2022 |
 David Arnold (blaggacao) | Hey Zhaofeng Li: would you be willing to consider https://github.com/zhaofengli/colmena/pull/89?
I wanted to continue hacking along on my colmena adoption, but I feel like a tightrope walker without security if I need to deviate too much from upstream.
I think I'm just not ready yet for forking, so I'd appreciate if I can build on those building blocks. | 02:10:55 |
| David Arnold (blaggacao) | * Hey Zhaofeng Li: would you be willing to consider https://github.com/zhaofengli/colmena/pull/89?
I wanted to continue hacking along on my colmena adoption, but I feel like a tightrope walker without security if I need to deviate too much from upstream.
I think I'm just not ready yet for fully forking, so I'd appreciate if I can build on those building blocks. | 02:11:12 |
| David Arnold (blaggacao) | * Hey Zhaofeng Li: would you be willing to consider https://github.com/zhaofengli/colmena/pull/89?
I wanted to continue hacking along on my colmena adoption, but I feel like a tightrope walker without security if I need to deviate too much from upstream.
I think I'm just not ready yet for fully forking, so I'd appreciate if I could build on those building blocks. | 02:11:26 |
| David Arnold (blaggacao) | * Hey Zhaofeng Li: would you be willing to consider https://github.com/zhaofengli/colmena/pull/89?
I wanted to continue hacking along on my colmena adoption, but I feel like a tightrope walker without security if I need to deviate too much from upstream. | 02:11:56 |
|  @atharvaamritkar:matrix.org joined the room. | 10:03:38 |
| 19 Jun 2022 |
| Zhaofeng Li | In reply to @blaggacao:matrix.org
Hey Zhaofeng Li: would you be willing to consider https://github.com/zhaofengli/colmena/pull/89?
I wanted to continue hacking along on my colmena adoption, but I feel like a tightrope walker without security if I need to deviate too much from upstream. Hi sorry, been busy in the past couple of days. Minimizing the eval interface should be fine and I'll review and merge it today. | 20:09:17 |
| Zhaofeng Li | Note that the eval interface is still subject to change in the near future, like for the upcoming auto rollback feature as well as https://github.com/zhaofengli/colmena/pull/96 | 20:09:18 |
| David Arnold (blaggacao) | Since using deploy-rs, I never used the auto-rollback feature. But this is probably less a fault of the rollback fearure amd more of the systemd-mediated choreographed (not orchestrated) reconciliation loop. | 20:49:17 |
| David Arnold (blaggacao) | (i'm alluding at the choreography vs orchestration discussion, here) | 20:50:28 |
| 21 Jun 2022 |
|  lemmalamma joined the room. | 00:04:54 |
| lemmalamma | (New to Colmena and just Nix in general).
How do y'all deal with bootstrapping secrets in a Colmena deployment. For example, I have a secret key that I don't want to keep in repo. So every time a developer clones the colmena nix code they would have to get the secret key and create the file on their local machine.
I want to split my colmena deploymeny into 2 parts:
- Bootstrapping secrets. Should only be done by very few people who have access to the secrets.
- Any other configuration that can be run by anyone and CI.
Does this make sense to do?
| 00:24:45 |
