I’m excited to announce a project I’ve been working on for the major part of 2019: nixbuild.net!
nixbuild.net is a highly scalable service for running Nix builds on a pay-per-use basis. It allows for flexible selection of compute resources, yet it is very easy to setup. To the end-user it works just like an ordinary SSH-based Nix remote builder.
This project grew out of years of frustration with the difficulties of setting up Nix build clusters, especially cost-effective clusters that can handle the usual pattern of very fluctuating load that a development team impose on build servers.
What nixbuild.net does is to act just like an ordinary remote Nix builder. It handles all the commands required, like uploading/downloading nar files, querying paths, building derivations etc. Internally it maintains its own store path database and store path file storage, segregated by user account. When it needs to run a nix build it allocates compute resources and then runs the nix builder, proxying results back to the user.
The nix builds run inside a KVM-based sandboxed that was implemented specially for this purpose. The nix builder is completely isolated from the world and can only access the input paths it needs, giving builds stronger sandboxing guarantees than the ordinary nix sandbox. The sandbox also opens up for unique possibilities like detailed build analysis and other nice things.
The nixbuild.net service is in a “closed alpha” phase. It is functional and all core parts are in place, but it needs more work on robustness, benchmarks, optimization and peripheral functionality. I announce it today hoping to get feedback and gauge interest that can guide further efforts. It is also possible to set up evaluation runs.
I’m happy to answer any questions about this project, either in this thread or at firstname.lastname@example.org!
/ Rickard Nilsson