[Nix-dev] On the sad state of remote-builds for the end-user

zimbatm zimbatm at zimbatm.com
Wed Jun 15 13:10:09 CEST 2016 

Hi,

my build machine is currently down but I used to have something like this:
HOWTO remote builds

   - client: your laptop
   - build machine: the server that has tons of CPU

On the build machine, install your client’s ssh public in the
/root/.ssh/authorized_keys.

On the client add something like this in your configuration.nix:

{
  networking.extraHosts = ''
    # FIX THE IP HERE
    192.168.0.8 my-build-machine
  '';
  nix.maxJobs = 1; # set to 0 to force remote building
  nix.distributedBuilds = true;
  nix.buildMachines = [
    { hostName = "my-build-machine"; # I have the hostname in my extraHosts
      maxJobs = 6; # set to number of CPUs
      sshKey = "/home/myuser/.ssh/id_ecdsa";
      sshUser = "root";
      system = "x86_64-linux";
    }
  ];
}

Apply the config. You should be good to.
Missing things

In cases where the laptop is on another network you want to disable the
distributed build. Especially if maxJobs = 0 you could end up in a
situation where you can’t build the new configuration because of that. I’m
sure there is a command-line or environment variable to change that config
at runtime but I don’t know how to switch this.

In some cases transferring the sources and build results around actually
offsets the compilation time. I’m not really sure what we could do about
this.
​

On Wed, 15 Jun 2016 at 10:38 Matthias Beyer <mail at beyermatthias.de> wrote:

> Hi,
>
> thanks for remembering me on this thread. I didn't get a response on the
> question where to document this, though. :-(
>
> Overall, this whole feature (especially remote builds, but also closure
> import/export and so on) is not as good documented as it should be.
>
> On 15-06-2016 16:18:18, Brian McKenna wrote:
> > Hi Matthias,
> >
> > I remember a similar conversation we had a few months ago. If you use
> > sudo, you can skip the signature checking:
> >
> > https://www.mail-archive.com/nix-dev@lists.science.uu.nl/msg18560.html
> >
> > It's not ideal - but does this same method get you unstuck?
> >
> > On 14 June 2016 at 01:19, Matthias Beyer <mail at beyermatthias.de> wrote:
> > > Hi,
> > >
> > > I'm a bit angry right now because things do not just work.
> > >
> > > I tried for almost three hours now to build my system on a remote
> machine.
> > > It took 1 hour to build the packages (yesod, yesod-persistent and some
> more
> > > dependencies of yesod and git-annex, see #16210) and then I couldn't
> download
> > > them from the remote machine because of some signatures missing.
> > >
> > > I tried to use nix-serve, but again... signatures missing. I generated
> a
> > > keypair, did a nix-push to some directory, but then I couldn't
> download the
> > > packages because the private key wasn't in the right path or something
> like
> > > this. This is by the way completely undocumented (the manpage tells you
> > > something of a *sysconfdir* ... but leaves unspecified what that is) -
> only the
> > > error message will tell you that it is /etc/nix (which isn't present
> if you
> > > install nix on a non-nixos system... leading to more confusion). After
> putting
> > > the private key into this path it starts complaining about the rights
> of the
> > > file (either a "everyone is able to read this and that shouldn't be the
> > > case"-like error message or some "Cannot read key" because there are
> too few
> > > rights...) ... and again: completely undocumented what rights are
> sufficient
> > > (this time not even the error message tells you what rights are to be
> expected).
> > >
> > > Can someone please provide a tutorial on how to build packages or a
> whole system
> > > on another machine? I do not want to mess around with keys and such
> ... I just
> > > want to build my system/package on that other machine... I have access
> via SSH
> > > (key) and that's it.
> > >
> > > I really don't want to rebuild all this haskell stuff every two weeks
> on my
> > > notebook... I still wonder why it isn't available as binary
> substitute...
> > > someone on IRC pointed out that there were changes in the haskell
> > > infrastructure... I don't understand why that means that substitutes
> are no
> > > longer available (and I really do not want to have to understand it...
> I just
> > > want to _use_ it).
> > >
> > > Please don't feel offended by this mail. I'm just really frustrated
> right now.
> > >
> > > --
> > > Mit freundlichen Grüßen,
> > > Kind regards,
> > > Matthias Beyer
> > >
> > > Proudly sent with mutt.
> > > Happily signed with gnupg.
> > >
> > > _______________________________________________
> > > nix-dev mailing list
> > > nix-dev at lists.science.uu.nl
> > > http://lists.science.uu.nl/mailman/listinfo/nix-dev
> > >
>
> --
> Mit freundlichen Grüßen,
> Kind regards,
> Matthias Beyer
>
> Proudly sent with mutt.
> Happily signed with gnupg.
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160615/4956fe2f/attachment-0001.html>

More information about the nix-dev mailing list