| 15 Jan 2025 |
 dmoonfire | Using a decent key size with public key only logins for root is pretty secure. You only emit an authorized keys on the remote and, depending on settings, you need to use ssh-add to unlock it before deploying. | 13:07:33 |
 dantefromhell | Yeah this issue bugs me too...
AFAIU colmena runs ssh non-interactive hence anything that would require you to enter infos into an SSH session just fails.
There's `pam_ssh_agent` which can be configured to authorize sudo prompts via SSH keys & remotely by accessing the ssh agent on the client side.
https://www.teaparty.net/technotes/yubikey-sudo-ssh.html looks like a fairly decent write-up (minus the Yubikey which just gets added to the SSH agent).
Not sure if that's good enough for your scenario. | 14:47:13 |
|  pistache changed their profile picture. | 22:06:41 |
| pistache changed their profile picture. | 22:07:25 |
 lotallia | This is pretty much exactly what I was looking for! I've done something similar in the past so I think this could work I'll play around with it and see if it works in practice. | 22:48:51 |
| lotallia | You bring up a good point if I can't get the pam_ssh_agent to do it I'll likely relax my hangup with this one | 22:54:28 |
| 16 Jan 2025 |
| dantefromhell | In reply to @lotallia:matrix.org
This is pretty much exactly what I was looking for! I've done something similar in the past so I think this could work I'll play around with it and see if it works in practice. I'm also curious but dont have the time to investigate/ collaborate on it right now. Please report any results back if you can 🙏 | 15:15:01 |
| 17 Jan 2025 |
|  Frédéric Christ changed their display name from Frédéric Christ (DECT 5915) to Frédéric Christ. | 08:11:14 |
| lotallia | The last few days got super busy so I actually haven't had a chance to really look at this I plan on doing so later today but as I'm in the middle of a massive rewrite of my nix config any change means putting out several smaller fires first. I will report back once I have something to report :) | 18:05:39 |
| 20 Jan 2025 |
|  @oliverpool:envs.net joined the room. | 10:17:17 |
| @oliverpool:envs.net | For anyone interested, I just published a blog article regarding setting up Colmena, with passwordless reboot (with full-disk-encryption).
https://log.pfad.fr/2025/fde-nixos-colmena-passwordless-reboot/ | 11:15:15 |
| @oliverpool:envs.net | (I would be interested to know if the step scp -r user@remote: /etc/nixos/ ./host-a correct is for the setup. If yes, it would probably make sense to update the documentation) | 11:17:02 |
| @oliverpool:envs.net | (I would be interested to know if the step scp -r user@remote: /etc/nixos/ ./host-a is correct, for the initial setup. If yes, it would probably make sense to update the documentation) | 11:17:21 |
|  n0emis left the room. | 11:17:25 |
| @oliverpool:envs.net | (I would be interested to know if the step scp -r user@remote: /etc/nixos/ ./host-a is correct, for the initial setup. If yes, it would probably make sense to update the official documentation) | 11:17:29 |
|  @solomon:cofree.coffee left the room. | 17:44:52 |
| 21 Jan 2025 |
|  lanice joined the room. | 19:25:43 |
| 22 Jan 2025 |
|  marshmallow changed their profile picture. | 06:52:00 |
| 26 Jan 2025 |
|  @mel05saq:inphima.de joined the room. | 14:57:35 |
|  Quentin Le Guennec joined the room. | 17:27:16 |
| Quentin Le Guennec | Hello, I can't get my remote builder to work with colmena. I added "ssh://quentin@xxx x86_64-linux ~/.ssh/quentin-offen" to my machinesFile but colmena still complains about not being able to build linux things:
error: a 'x86_64-linux' with features {} is required to build '/nix/store/zszyc30901qn2b7kqx6wwp0hxbwm9kzl-haskell-generic-builder-test-wrapper.sh.drv', but I am a 'aarch64-darwin' with features {apple-virt, benchmark, big-parallel, nixos-test}
| 17:29:00 |
| 27 Jan 2025 |
|  Florian joined the room. | 11:17:24 |
| 28 Jan 2025 |
 grw00 | Quentin Le Guennec: does the following work? ie, does not prompt for password or to accept key fingerprint
sudo su
ssh quentin@xxx
| 08:54:15 |
|  Thomas m changed their display name from howlymowly to Thomas m. | 19:26:43 |
| 8 Feb 2025 |
|  WYVERN joined the room. | 20:28:59 |
| WYVERN | Hi, does anyone have any working example of using colmena in a flake with disko? Passing inputs via specialArgs = {inherit inputs;}; results in error: The option inputs' does not exist.` the minute I use it within a config; even though I've found other users with it working the same way: https://discourse.nixos.org/t/colmena-how-to-push-a-flake-input-into-the-individual-nodes/36332
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
disko.url = "github:nix-community/disko";
};
outputs = { nixpkgs, self, ... }@inputs: {
colmena = {
meta = {
nixpkgs = import nixpkgs {
system = "x86_64-linux";
};
specialArgs = {inherit inputs;};
};
test = import ./disks.nix;
};
};
}
{ inputs, ...}:
{
inputs.disko.devices = {
disk = {
main = {
device = "/dev/disk/by-id/some-disk-id";
type = "disk";
content = {
type = "gpt";
partitions = {
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}
| 20:40:29 |
| WYVERN | * Hi, does anyone have any working example of using colmena in a flake with disko? Passing inputs via specialArgs = {inherit inputs;}; results in error: The option "inputs" does not exist. the minute I use it within a config; even though I've found other users with it working the same way: https://discourse.nixos.org/t/colmena-how-to-push-a-flake-input-into-the-individual-nodes/36332
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
disko.url = "github:nix-community/disko";
};
outputs = { nixpkgs, self, ... }@inputs: {
colmena = {
meta = {
nixpkgs = import nixpkgs {
system = "x86_64-linux";
};
specialArgs = {inherit inputs;};
};
test = import ./disks.nix;
};
};
}
{ inputs, ...}:
{
inputs.disko.devices = {
disk = {
main = {
device = "/dev/disk/by-id/some-disk-id";
type = "disk";
content = {
type = "gpt";
partitions = {
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}
| 20:40:52 |
| WYVERN | * Hi, does anyone have any working example of using colmena in a flake with disko? Passing inputs via specialArgs = {inherit inputs;}; results in error: The option "inputs" does not exist. the minute I use it within a config; even though I've found other users with it working the same way: https://discourse.nixos.org/t/colmena-how-to-push-a-flake-input-into-the-individual-nodes/36332
As a minimum config:
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
disko.url = "github:nix-community/disko";
};
outputs = { nixpkgs, self, ... }@inputs: {
colmena = {
meta = {
nixpkgs = import nixpkgs {
system = "x86_64-linux";
};
specialArgs = {inherit inputs;};
};
test = import ./disks.nix;
};
};
}
{ inputs, ...}:
{
inputs.disko.devices = {
disk = {
main = {
device = "/dev/disk/by-id/some-disk-id";
type = "disk";
content = {
type = "gpt";
partitions = {
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}
| 20:41:47 |
| WYVERN | judging from others in this chat also using disko, I think at some point a template in the docs would be good, otherwise a point about incompatibility to save time | 20:42:32 |
| 9 Feb 2025 |
|  @tired:fairydust.space left the room. | 22:50:18 |
