 | Colmena | 327 Members |
| A simple, stateless NixOS deployment tool - https://github.com/zhaofengli/colmena | 112 Servers |
| Colmena | 327 Members |
| A simple, stateless NixOS deployment tool - https://github.com/zhaofengli/colmena | 112 Servers |
| Sender | Message | Time |
|---|---|---|
| 26 Jun 2022 | ||
 dantefromhell | In reply to @huyage:matrix.orgexactly my issue. And each cloud peovider does provisioning slightly different and than it wont for bare-metal. I want something that works same in all situations. rescue-system + SSH + magic have served well for decades already 😉 | 12:06:44 |
 phaer | dantefromhell: Me too, I've been hacking on solutions for a while. My primary provider is hetzner (both cloud and bare-metal) and my general approach was to write a small script which collects info like hostname, available disks, network config, etc from a rescue system, then uses kexec to switch into a "live" nixos system while passing the collected info via kernel commandline and then partitioning and installing nixos from there on as normal. My first implementation is available at https://github.com/dep-sys/nixos-zfs-installer but ended up with huge kexec images, so after learning more about nix(os) and looking into not-os in between, I restarted with https://github.com/dep-sys/nix-dabei. That's not finished yet, but works for me and the general approach should be pretty portable between providers. Also because it should be rather trivial to build an iso or efi executable for the same expression used for kexec. same for netboot, but i haven't looked into that yet | 12:48:05 |
| phaer | I don't have too much time for it atm 😢 But next steps are more tests, running tests in ci, decreasing closure size (smaller kernel, less userland tools), then porting the hetzner scripts over from the old attempt while keeping the flake provider-agnostic. Always happy about feedback, questions and collaborators :) | 12:49:50 |
| dantefromhell | phaer: Yeah I've seen your `nixos-zfs-installer` repo before. Looked promising but I havent tested it. I ran into the same issue w/ RAM size & kexec. I stumbled over https://netboot.xyz and it seems to support NixOS - I guess a custom NixOS image is not too hard. Their PXE images are very small so kexec shouldnt be a problem. But than self-hosting another component increases overall tech-stack complexity. | 17:59:52 |
| dantefromhell | Your approach to `nix-dabei` seems fairly similar to what I pondered a minimal `netboot` could look like 🤔 What would it take to get the zfs & raspberry features working (not necessarily both at the same time)? Those are hard requirements for a good solution in my environment | 18:02:41 |
 bl1nk | I am currently facing an issue when installing paperless on a host with colmena. I wonder if I am pinning nixpkgs correctly, anybody able to help me out with this? My hive.nix looks like this: https://gist.github.com/bl1nk/e8f4fe66b036a660166d69fac1af30feThe underlying issue is: https://discourse.nixos.org/t/unable-to-install-paperless-ngx/19962 | 18:11:15 |
| bl1nk | My issue was unrelated to Colmena. Thanks and sorry for the noise. 🙂 | 22:09:17 |
| 27 Jun 2022 | ||
| phaer | In reply to @dantefromhell:matrix.orgNot much i think, I just havent found time for it yet. ZFS is a minimal requirement for me too, so i'll probably start working on it soon. Don't expect any hiccups, might work on first try. | 09:23:28 |
| phaer | dantefromhell: For the raspberry, i think the right kernel and bootloader should be enough but i don't own any raspberries anymore | 09:24:13 |
| phaer | dantefromhell: Needless to say, I'd be happy to support if you want to give it a shot and implement either ZFS or raspberry support into nix-dabei | 09:24:48 |
| 28 Jun 2022 | ||
 ma27 changed their profile picture. | 11:37:46 | |
 Taeer Bar-Yam | Is there a way to have colmena stop trying and exit once any one build has failed? | 13:28:08 |
| 29 Jun 2022 | ||
 lemmalamma | Does Colmena support deploying through a bastion host via SSH tunnel? I'm trying to avoid having to edit ~/.ssh/config | 05:01:03 |
 Buckley | Colmena can be given an environment variable too as an additional ssh config file. Is that acceptable? | 13:00:38 |
| Buckley | $SSH_CONFIG_FILE | 13:01:27 |
| 30 Jun 2022 | ||
| lemmalamma | I ended up writing a script to generate a ssh config and Includeing that file from ~/.ssh/config which is ok for now | 08:37:24 |
| 2 Jul 2022 | ||
 @kritnich:kritni.ch joined the room. | 13:40:13 | |
| @kritnich:kritni.ch | I saw there is a way to make services dependent on certain keys. Is there a way to make services restart/reload once a key has been changed? | 13:50:23 |
| lemmalamma | In reply to @kritnich:kritni.ch
So you can do something like: | 18:03:44 |
| lemmalamma | In reply to @buckley310:matrix.orgThis is not documented yet right? I'm happy to open a quick PR to include this info | 18:05:15 |
| Buckley | I seem to recall finding it in some documentation somewhere, but I’m not totally sure | 18:08:02 |
| Buckley | I’ve been in the codebase so can’t say for sure | 18:08:18 |
| lemmalamma | In reply to @buckley310:matrix.orgOK. I'll check. Thanks | 18:08:43 |
| 4 Jul 2022 | ||
| @kritnich:kritni.ch | In reply to @huyage:matrix.orgThanks for the pointer, I'm not sure if that will work because I don't think the service restarts since it only checks for existence and not modification in ${secret}-key.path but I'll test around a little | 10:14:04 |
 CRTified | In reply to @kritnich:kritni.chWasn't the reason for having a service unit instead of a path unit to be explicitly able to monitor for changes? | 11:37:34 |
| CRTified | Oh no, it only monitors for deletion https://github.com/zhaofengli/colmena/blob/main/src/nix/hive/modules.nix#L85-L93 | 11:39:09 |
| lemmalamma | In reply to @kritnich:kritni.chOh you meant edit to the key after it has been deployed. My problem was the service would not restart after colmena apply with a new key. Systemd PartOf is how I solved that. | 16:22:11 |
| 5 Jul 2022 | ||
 Reventlov changed their display name from Reventlov to Rémy Grünblatt. | 12:36:39 | |
 @garionion:entr0py.de joined the room. | 16:49:40 | |
 @silvio:booq.org joined the room. | 17:59:33 | |