Builds.sr.ht can now run builds in a NixOS image


#1

sr.ht is a new modular FOSS software forge based on the kernel workflow (mailing-list-based) instead of the github one (pull-requests-based). You may have heard about it from hacker news or similar, since it recently launched a public alpha.

In the last month, several images were added to builds.sr.ht, the CI service, and among them there’s a NixOS one:

https://lists.sr.ht/~sircmpwn/sr.ht-announce/<20190117003837.GA6037%40homura.localdomain>

https://man.sr.ht/builds.sr.ht/compatibility.md

I think this may be the first CI service that can run builds in a NixOS environment natively (not a container, you can do nested kvm and stuff)!


#2

Thanks again to Francesco Gazzetta for providing the NixOS
image!

Thanks @fgaz :slight_smile:

Do you know how build isolation is implemented between builds?


#3

Thanks @fgaz :slight_smile:

Doing what I can :smiley:

Do you know how build isolation is implemented between builds?

I kinda misused the word “natively”… let’s say “as natively as possible”. It should be qemu inside docker, but don’t take my word for it. Nothing that would impact performance and functionality though


#4

Builds are run in KVM. Here’s some info:

https://man.sr.ht/builds.sr.ht/installation.md#security-model

Happy to answer more questions as you have them!


#5

sr.ht looks like it could be a wonderful solution to GitHub was purchased by Microsoft. Just sayin’.


#6

Great news: @eadwu is packaging sr.ht! https://github.com/NixOS/nixpkgs/pull/54425

@qyliss Definitely… I think I’ll chime in in that thread