General advice for semi-embedded nixos installs

I’m considering to migrate my pi fleet (and other small, less powerful systems) to nixos; they fall in roughly two categories:

  1. semi embedded servers/appliances (e.g. running smarthome things like home-assistant or webthings, no interactive user accounts) => no significant writable storage and/or imperative configuration needed
  2. “thick terminals”, UI machines that need to allow for multiple users doing some personal config stuff (e.g. via home-manager), will typically additionally run remote-desktop sessions or e.g. vscode remote if/when dev-power is needed. These systems will be still limited by (typically) only having SD-card storage.

I found a few projects that focus on cross-compiling and building ready-to deploy images, which would pretty much cover case (1)

  • which one would be recommended (ease of use/features/recent)?

Would it be possible to combine read-only images (semi-embedded) with case (2)? Anyway because of resource constraints one would want to somehow produce user’s HM configs in that case on a remote host (with x-compiling as necessary) and copy the derivations over to the store of the semi-embedded host automatically/transparently.

I intend to orchestrate deployments from one build machine (x86-64) and keep the configs per target machine in git.

You could use nixos-rebuild with --target-host argument to build the configuration locally (probably using remote builders), push full closure to the remote machine over SSH and then either activate it (with switch) or make it boot after reboot (with boot), just like with local use of nixos-rebuild.
You can also use --build-host argument to specify specific remote host to use for building the configuration.

home-manager doesn’t support such remote activation on its own, but will work if it is configured as part of NixOS config. You could also manually build HM configuration with home-manager build, then push it to the remote host with nix copy and activate it there by calling /nix/store/.../activate.

1 Like

There is also a tool in development by @Solene called bento that automates all this and could be of use: Solene'%

1 Like

@YorikSar thanks for your pointers, I’ll look into it (a bit time-strapped now, hope soon-ish).

It appears the two main categories are still useful, since “just copying the nix store” will mean that there are still nix-operations (e.g. garbage collect) that need to be done on the client machine. But I suppose that’s what comes with wanting the cake (of configurable user envs on the target) and eat it means.

I was already thinking about bento, but didn’t want to decide too early since I wanted to try to use only one tool/technology for remote nix host management and haven’t gotten around to do the transition yet. (Now I’m using ansible to push /etc/nixos to my servers and just do nixos-rebuild with it too. My desktops/laptops are already flake-based).

Then for the more embedded variant, I think I’ll go the image route anyway.

I’ll report back my experiences later