Builds.sr.ht can now run builds in a NixOS image

fgaz · January 17, 2019, 4:51pm

sr.ht is a new modular FOSS software forge based on the kernel workflow (mailing-list-based) instead of the github one (pull-requests-based). You may have heard about it from hacker news or similar, since it recently launched a public alpha.

In the last month, several images were added to builds.sr.ht, the CI service, and among them there’s a NixOS one:

https://lists.sr.ht/~sircmpwn/sr.ht-announce/<20190117003837.GA6037%40homura.localdomain>

https://man.sr.ht/builds.sr.ht/compatibility.md

I think this may be the first CI service that can run builds in a NixOS environment natively (not a container, you can do nested kvm and stuff)!

zimbatm · January 17, 2019, 4:59pm

Thanks again to Francesco Gazzetta for providing the NixOS
image!

Thanks @fgaz

Do you know how build isolation is implemented between builds?

fgaz · January 17, 2019, 5:33pm

Thanks @fgaz

Doing what I can

Do you know how build isolation is implemented between builds?

I kinda misused the word “natively”… let’s say “as natively as possible”. It should be qemu inside docker, but don’t take my word for it. Nothing that would impact performance and functionality though

ddevault · January 17, 2019, 5:58pm

Builds are run in KVM. Here’s some info:

https://man.sr.ht/builds.sr.ht/installation.md#security-model

Happy to answer more questions as you have them!

qyliss · January 21, 2019, 12:04am

sr.ht looks like it could be a wonderful solution to GitHub was purchased by Microsoft. Just sayin’.

fgaz · January 22, 2019, 7:06pm

Great news: @eadwu is packaging sr.ht! https://github.com/NixOS/nixpkgs/pull/54425

@qyliss Definitely… I think I’ll chime in in that thread