First thank you for this great community. I’m so happy about the vast resource the Nix project and this forum provides.
Finally, I got into the state that I wanted to get to since I started with NixOS. I have a single repo for different hosts, some of them are servers, some of them are desktops and I have a large modularized configuration that is assembled for a specific host by a lot of
mkIfs. And it works .
I have currently two problems (good problems to have btw ):
- When I run
nixos-rebuild, the first step “evaluating derivation” takes a lot of time on small cheap VM with a single shared CPU core. And that makes complete sense since the configuration is large and complicated.
- I have to ship the whole repo to each potentially untrusted (or at least less trusted) VM in the public cloud that I want to update and
nixos-rebuild. Obviously, the repo contains details about my home network, my laptop etc. - which is not ideal. I can delete it after
nixos-rebuildor copy it to tmpfs but that’s not the point.
So I wonder, is there a possibility to somehow compile the whole config into a single file with the resulting derivation for a given host? So I can copy only that single file and
flake.lock? Or maybe just the single file?
I know that some DevOps tools for NixOS already exist. Tools that help you to manage your fleet in Push/Pull fashion (Chef, Puppet, Ansible style) and that would be probably the solution for my problem. But I don’t think I’m ready for such a tool. At my stage of Nix journey I’d prefer some simpler solution so that I can understand how it works and frankly, I don’t have a large number of computers anyway so I might never adopt a proper DevOps tool.
Please let me know.