New Aarch64 Nix-Community Builder is up

zimbatm · January 9, 2025, 8:35am

We’ve added a new 80‑core Ampere aarch64‑linux builder (the RX170 from Hetzner) to our nix-community builder lineup, joining our existing x86_64‑linux and Darwin builders.

These shared machines let you SSH in and run Nix builds—great for offloading big jobs or accessing architectures you don’t have at home.
If you’re a contributor and want access, visit: Community builder - Nix Community

Big thanks to our sponsors who help nixpkgs contributors work more effectively. If you or your company can chip in, donate here: Nix Community - Open Collective
Your support helps enthusiastic contributors do even more!

mightyiam · January 9, 2025, 8:59am

zimward · January 9, 2025, 11:57am

First off all, great news.

We will grant access to well known members of the community, and people well known members in the community trust.

This is probably one of those cases of “if you have to ask your not in this category” but what does it roughly mean to be “well known” (i assume in the end it will be decided on a case to case basis and no clear definition is possible) ?

zimbatm · January 9, 2025, 12:40pm

Ideally anybody that is well behaved and could benefit from the boxes boxes to work towards contributions to NixOS or nix-community project should feel welcome to apply.

Because the boxes are shared resources, the signals we’re looking for is that users know how to behave and be respectful of each other. And that is easier to establish with a bit of history, or if somebody can vouch for you. That’s what the “well known” is hoping to capture.

You’re not the first one that is puzzled by this rule so maybe there is a better way to handle this. Maybe a pledge document that outlines the expected behaviour?

Atemu · January 9, 2025, 12:47pm

Even if there was a pledge document, I’d still like there to be a “well known” component. I wouldn’t trust any random stranger to actually hold up that pledge but if it’s someone I’ve seen behave ethically for some time, that’s a totally different story.

NobbZ · January 9, 2025, 1:14pm

I looked at the linked user files, and was wondering what the trusted flag is used for.

github.com

nix-community/infra/blob/8376f850d266e0badfa66928e60c193fa5ad75d3/modules/nixos/community-builder/users.nix#L186


      
            trusted = true;
            keys = ./keys/tomberek;
          }
          {
            name = "tomfitzhenry";
            trusted = true;
            keys = ./keys/tomfitzhenry;
          }
          {
            name = "winter";
            trusted = true;
            keys = ./keys/winter;
          }
          {
            name = "matthewcroughan";
            trusted = true;
            keys = ./keys/matthewcroughan;
          }
          {
            name = "emily";
            # lib.maintainers.emily, https://github.com/emilazy

zimbatm · January 9, 2025, 1:31pm

That adds the user to the nix-daemon “trusted-users”. We wanted to have two categories of trust, but as you see in practice is stays pretty binary. Mostly because Nix isn’t very useful as a remote builder if that flag isn’t set.

NobbZ · January 9, 2025, 2:20pm

Ah, okay, so basically it determines, if it would accept some path built by me or my other builders, before building a derivation, or if it would rather build those paths by itself. I see. And yes, its rather pointless without, as it would duplicate work in some circumstances.