| 11 Jul 2022 |
 @jairo:recallstack.icu | well... just like I was expecting, it doesn't work. 😕
In my flake, I have:
let inventory = builtins.fromJSON (
builtins.readFile
(
pkgs.runCommandLocal "terraform-inventory" {
src = ./.;
} ''
export PATH=${self.outputs.devShells.${pkgs.system}.default}/bin:$PATH
bash $src/ansible/inventories/terraform.sh > $out
''
)
);
in colmena = { ... } # Stuff that parses the inventory and generates machine info
The results, as I was expecting:
> colmena build
warning: Git tree '/var/home/yajo/prodevel/moduground' is dirty
[INFO ] Using flake: git+file:///var/home/yajo/prodevel/moduground
[INFO ] Enumerating nodes...
warning: Git tree '/var/home/yajo/prodevel/moduground' is dirty
building '/nix/store/pa4n1x0ncgw669zyksz89kwflpr51nl8-terraform-inventory.drv'...
â•·
│ Error: Backend initialization required, please run "terraform init"
│
│ Reason: Initial configuration of the requested backend "http"
[...]
Basically it means that it's trying to build that inventory as a normal derivation, in isolation. Thus, it doesn't get the necessary environmental secrets that Terraform uses to access its state, and fails.
The dynamic inventory should be evaluated outside of the nix expression, and maybe passed in as an argument. But my guess is that this would be common enough so as to colmena needing to add support for it out of the box somehow, right?
| 12:34:06 |
 Buckley | So wait, is there a pure evaluation mode? | 13:54:48 |
| Buckley | That sounds nice | 13:55:02 |
 @linus:schreibt.jetzt | not for colmena AFAIK | 13:55:18 |
| @jairo:recallstack.icu | I'm using flakes, that's pure by default AFAIK | 13:56:59 |
| @linus:schreibt.jetzt | not with colmena | 13:57:10 |
| @linus:schreibt.jetzt | colmena isn't currently able to evaluate purely | 13:57:26 |
| @linus:schreibt.jetzt | https://github.com/zhaofengli/colmena/blob/ac8852dcdf7ab6e9524600518414a63dbfb115b1/src/nix/evaluator/nix_eval_jobs.rs#L85 | 13:57:55 |
| @jairo:recallstack.icu | But then how to get json output from one script into it as an argument? 🤔 | 14:01:07 |
| 14 Jul 2022 |
|  tylerjl joined the room. | 21:26:34 |
| tylerjl | Hey hey - is there a good way to consume a nixosConfiguration from something like a flake output to feed into colmena? I'd love to pull a host's config out of something like my flake that uses digga/devos and feed it into colmena to apply to the host | 21:29:38 |
| Buckley | my config used to do that | 22:29:55 |
| Buckley | looking through code history for the exact way... | 22:30:59 |
 CRTified | I've written my method in an gh issue, one moment | 22:31:51 |
| Buckley | https://github.com/buckley310/nixos-config/blob/95f13eadfaae9a48c9e2cd4323417ba0eab36625/lib/deploy.nix#L96-L105 | 22:32:13 |
| CRTified | https://github.com/zhaofengli/colmena/issues/60#issuecomment-1047199551 here's mine | 22:32:47 |
| Buckley | yeah, his imports colmena and adds the module to the machines. i have my own little shim thing (sconfig.deployment) instead. pick your poison :D | 22:33:52 |
| tylerjl | Ah, those are both great and should get me to where I need, I really appreciate it | 22:34:50 |
| Buckley | at some point i stopped doing this as a performance optimization. by building the machine in the flake as nixosConfiguration, then feeding it to colmena to build it again, theres some overhead | 22:35:13 |
| Buckley | its not much if you just have a couple machines | 22:35:32 |
| tylerjl | Yeah, this is all personal infra / should be < 30 hosts at max | 22:35:52 |
| tylerjl | nixosSystem is sort of a new one to me, is that significantly different than a flake nixosConfiguration? | 22:36:12 |
| Buckley | i have 10 servers and I felt it was enough overhead to change it. | 22:37:06 |
| tylerjl | Hm, some of my hosts are aarch64 so I could very well end up with a lot of overhead if I keep building them through binfmt. I'll keep that in mind | 22:37:51 |
| Buckley | nixpkgs.lib.nixosSystem ? | 22:38:12 |
| tylerjl | Oh, wait, yeah, nixosSystem is the "type" that you feed into a nixosConfiguration (I think). Makes sense | 22:39:17 |
| Buckley | nixosSystem is a function that generates what goes in nixosConfigurations | 22:39:53 |
| 15 Jul 2022 |
 @garionion:entr0py.de | hi, is there a way to upload single files or whole directories with colmena? | 07:44:22 |
| CRTified | In reply to @garionion:entr0py.de
hi, is there a way to upload single files or whole directories with colmena? This is more nix-like, but you can generally add files and directories to the nix store and copy them over by referencing them in your config. The easiest target is /etc/, but you are generally free to do as you wish by e.g. linking with systemd.tmpfiles.rules or writing a custom systemd service. Note that this approach is not suitable for secrets, as they're in the world-readable store. For these, use colmena's deployment.keys. | 08:36:34 |
| CRTified | In reply to @garionion:entr0py.de
hi, is there a way to upload single files or whole directories with colmena? * This is more nix-related, but you can generally add files and directories to the nix store and copy them over by referencing them in your config. The easiest target is /etc/, but you are generally free to do as you wish by e.g. linking with systemd.tmpfiles.rules or writing a custom systemd service. Note that this approach is not suitable for secrets, as they're in the world-readable store. For these, use colmena's deployment.keys. | 08:36:56 |
