#nixus on 2020-12-06

2020-08-10 22:26 ChanServ changed the topic of #nixus to: Nixus is an experimental deployment tool for NixOS systems - https://github.com/Infinisil/nixus - https://logs.nix.samueldr.com/nixus/

01:15 veleiro has quit [Ping timeout: 260 seconds]

01:46 cole-h has joined #nixus

02:08 veleiro has joined #nixus

05:24 srk has quit [Remote host closed the connection]

05:25 srk has joined #nixus

06:13 veleiro` has joined #nixus

06:14 veleiro has quit [Ping timeout: 256 seconds]

06:31 cole-h has quit [Ping timeout: 256 seconds]

06:49 veleiro` is now known as veleiro

06:50 veleiro has joined #nixus

06:50 veleiro has quit [Changing host]

06:50 <veleiro> ok i did get to try from another x86 machine

06:50 <veleiro> and I still have the same exact error

06:51 <veleiro> from which source would the bad ssh key config originate?

06:56 <veleiro> i dont think this is a bad connection problem

06:56 <veleiro> bad ssh config*

06:56 <veleiro> every time I run the deploy result i have to re-run nixos-rebuild switch

06:57 <veleiro> to get the root passwordless login to work again

06:58 <veleiro> I've tried successTimeout too

07:01 <veleiro> i'm trying to deploy to a linode vps running nixos

10:38 veleiro` has joined #nixus

10:42 veleiro has quit [Ping timeout: 256 seconds]

12:38 veleiro`` has joined #nixus

12:41 veleiro` has quit [Ping timeout: 256 seconds]

14:44 srk has quit [Remote host closed the connection]

14:44 srk has joined #nixus

14:53 <infinisil> veleiro``: What's your nixus config?

16:21 veleiro`` is now known as veleiro

16:21 veleiro has quit [Changing host]

16:21 veleiro has joined #nixus

16:29 <veleiro> looks like this https://github.com/tgunnoe/nixus

16:48 <veleiro> the configuration was copied from the server, it doesnt reall differ

16:48 <veleiro> very basic nixos install

16:52 <infinisil> veleiro: Oh you have services.openssh.permitRootLogin = "no"

16:52 <infinisil> I suspect that's the problem

16:53 <infinisil> And you have `host = "root@gnu.lv"`, so it tries to SSH to root

16:56 <infinisil> If you don't want to use root, you can use a user that can sudo without a password instead

17:08 <veleiro> oh, on the server its prohibit-password though

17:08 <veleiro> but i wonder if having it in the build here affects it

17:08 <infinisil> veleiro: Well the servers configuration.nix won't influence a nixus system

17:10 <infinisil> With Nixus (and nixops, and most other deployment solutions), you specify the whole config locally, and using nixos-rebuild on the server is not really supported

17:17 <veleiro> wow how embarassing, i cant believe i missed that

17:17 <veleiro> days lost

17:18 <veleiro> at least i have nixos installed on an encrypted setup now

17:18 <veleiro> but it was because i wanted to make sure my ssh configs were fresh

17:18 <veleiro> lol

17:19 <veleiro> now life continues

17:19 <infinisil> Hehe

17:20 <veleiro> i appreciate your time and patience, thanks.

17:20 <infinisil> I like how Nixus fulfilled its purpose here: If it wouldn't have rolled back the machine, you couldn't deploy to it anymore since the config disabled root login

17:21 <infinisil> Glad we could figure it out in the end :

17:21 <infinisil> :)

17:22 <veleiro> look ive been evaluating nix devops tools all week, and i chose nixus

17:22 <veleiro> i really did not want to go back to a nixops idea, and reluctant to even do morph

17:23 <veleiro> nixus interested me the most becaus it was simple and 100% nix

17:23 <veleiro> some feedback about the potential movement to haskell.. =)

17:28 <infinisil> veleiro: Feedback received!

17:28 <infinisil> One idea I've played with is to base Nixus on executables with a standard API

17:29 <infinisil> So e.g. you'd have a binary that does a deployment to a machine, and what programming language that binary uses doesn't matter at all, as long as it speaks the API correctly

17:30 <infinisil> This allows splitting all parts of a deployment into different projects, and it allows each of these projects to use whatever language they want

17:33 <infinisil> Unfortunately I don't have much time to work on nixus, but the current state at least works well for me :)

17:33 <eyJhb> And for me as well, quite enjoy it :D

17:33 <eyJhb> infinisil++

17:34 <eyJhb> :( Come in here bot

17:34 <veleiro> yeah for me this works perfectly

17:34 <veleiro> i can incorperate it into same configuration repository

17:35 <veleiro> you can specify many machines in the default.nix, and it builds and deploys

17:35 <veleiro> for all of them right?

17:35 <eyJhb> Yes :)

17:35 <veleiro> thats amazing

17:35 <eyJhb> I use this `nix-build -A config.nodes.eos.deployScript` because I update my laptop all the time, and don't want to update all my servers, e.g. my router

17:35 <eyJhb> Doesn't seem like a great idea while at Uni

17:36 <veleiro> nice

17:40 <eyJhb> infinisil: Sorry to ask, but what was it you did for a living? You worked with NixOS right?

17:49 <veleiro> he's a nix celebrity that works at tweag

17:50 <veleiro> that's just an assumption

17:52 <eyJhb> veleiro: You are not new to Nix, right?

17:53 <veleiro> about a year going

17:53 <eyJhb> How does it feel to be free ? :D

17:53 <eyJhb> I think I am only at two years...

17:54 <veleiro> great but time consuming

17:54 <veleiro> its a long term thing though

17:58 <eyJhb> Yeah, but it works.. I just had to debug some Ubuntu some time ago

17:58 <eyJhb> I don't miss that

17:58 <veleiro> bunch of freaks of nature in tech like me here

17:59 <veleiro> especially in #nixos-aarch64, everyone using sway/nix/arm/emacs

18:01 <eyJhb> I want to do more aarch64 :|

18:02 <eyJhb> But never emacs

18:17 <veleiro> lol

18:18 <veleiro> whats so great about this tool and tells a lot is its like one big snippet

18:18 <veleiro> that i can copy to my configs and it will work

18:18 <veleiro> that's good design

18:39 <infinisil> eyJhb: veleiro is right, I work at tweag since 3 months ago :)

18:59 <eyJhb> Ohhh, nice! Congrats infinisil ! :D

18:59 <infinisil> Thx :D

19:02 <eyJhb> Is there any specific project you are working on for Tweag atm. then infinisil ?

19:04 <infinisil> eyJhb: I've been mainly doing Nix stuff for a client, not for a project by tweag. But occasionally I've had some time to work on Nix in general, such as https://github.com/NixOS/nix/pull/4154, or some other PR's :)

19:44 <veleiro> who says NixOS like NixAs and not Nix-OH-S anyways

19:55 veleiro has quit [Ping timeout: 256 seconds]

20:50 veleiro has joined #nixus

20:51 <veleiro> when i was having the SSH issue, i noticed how hard it was to kill process

20:52 <veleiro> as far as i could tell it runs in the background, loops retries

20:52 <veleiro> and kept getting a new process id

20:52 <veleiro> I think there's an issue for C-c

21:13 <infinisil> veleiro: Yeah definitely, there's an issue and PR about it, but it's not that easy to get right

21:14 <infinisil> Because there's processes both locally and remotely, and just killing the local ones wouldn't stop the remote one

22:04 <veleiro> understood

22:29 veleiro has quit [Ping timeout: 260 seconds]

22:40 veleiro has joined #nixus

23:02 veleiro has quit [Ping timeout: 265 seconds]