Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

with Support for appending to /etc/nix/machines #81

Open
Profpatsch opened this issue Jun 1, 2021 · 3 comments
Open

with Support for appending to /etc/nix/machines #81

Profpatsch opened this issue Jun 1, 2021 · 3 comments
Labels
enhancement New feature or request

Comments

@Profpatsch
Copy link

It would be cool if there was some support (maybe even a structured attrset like in nixos?) to add a builder to /etc/nix/machines. That way it becomes trivial to set up a build server instead of stealing minutes from the Github builders.

For example in my nixos config I have:

nix.buildMachines = [
      # access to the nix-community aarch64 build box
      {
        hostName = "aarch64.nixos.community";
        maxJobs = 64;
        sshKey = "/root/aarch64-build-box/ssh-key";
        sshUser = "Profpatsch";
        system = "aarch64-linux";
        supportedFeatures = [ "big-parallel" ];
      }

which creates the following line in /etc/nix/machines:

[email protected] aarch64-linux /root/aarch64-build-box/ssh-key 64 1 big-parallel

And now nix will use the nixos community aarch builder for my "aarch64-linux" derivations.

We of course also need a way to specify the private ssh key for logging into the builder. And maybe a security warning, that running nix on a builder might be a remote execution vector (nix sandboxes it, but exploits are not unheard of, so you might only want to enable it in private repos and/or on PRs by trusted contributors).
@domenkozar domenkozar added the enhancement New feature or request label Jun 1, 2021
@domenkozar
Copy link
Member

It would be cool if there was some support (maybe even a structured attrset like in nixos?) to add a builder to /etc/nix/machines.

Agreed :) Could you propose how it would work?

That way it becomes trivial to set up a build server instead of stealing minutes from the Github builders.

It would still take minutes from GHA, but it would be a lot faster?

We of course also need a way to specify the private ssh key for logging into the builder. And maybe a security warning, that running nix on a builder might be a remote execution vector (nix sandboxes it, but exploits are not unheard of, so you might only want to enable it in private repos and/or on PRs by trusted contributors).

👍

@Profpatsch
Copy link
Author

Agreed :) Could you propose how it would work?

Ideally something like

with:
  builders:
    - hostName: "aarch64.nixos.community"
      maxJobs: 64
      sshKey: "/root/aarch64-build-box/ssh-key"
      sshUser: "Profpatsch"
      system: "aarch64-linux"
      supportedFeatures: [ "big-parallel" ]
   - …

To translate the example from above.

@Profpatsch
Copy link
Author

It would still take minutes from GHA, but it would be a lot faster?

Definitely, it also frees us up to use any cheap hosting offer, e.g. with 128 cores which can be helpful for fast CI times with nix builds that e.g. bump nixpkgs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@domenkozar @Profpatsch