I am on a Mac, using VirtualBox. I am trying to get the example from the nixops manual to work. I have experimented with loading packages with nix-env, starting up nixos inside VirtualBox and playing with it, and now trying to startup the example in the manual with trivial.nix and trivial-vbox.nix. I have the examples exactly as they are in the manual, even while wondering whether I should change the email address in trivial.nix to something else.
When I deploy it, it starts up a nixos machine inside VirtualBox and goes a long ways, but eventually dies with the messages
copying path ‘/nix/store/2xhsqwyi091aa93r1na1fsvq2xknvf34-append-initrd-secrets’ from ‘ssh://firstname.lastname@example.org’…
error: cannot add path ‘/nix/store/2xhsqwyi091aa93r1na1fsvq2xknvf34-append-initrd-secrets’ because it lacks a hash
copying 1 paths…
copying path ‘/nix/store/a678jxi2d4fx3jz3m0anhxyzb8jrn03b-audit-disable’ from ‘ssh://email@example.com’…
error: cannot add path ‘/nix/store/a678jxi2d4fx3jz3m0anhxyzb8jrn03b-audit-disable’ because it lacks a hash
I cannot find out what “it lacks a hash” is supposed to mean. What should I do?
The main problem here is that you cannot build linux packages on MacOS and transfer them to nixops directly. You need always a remote builder like
https://github.com/LnL7/nix-docker to prepare you store that will be transferred to your virtualbox VM.
Thank you for pointing this out @periklis, I’ve been having the same problem and this docker image and its
start-docker-nix-build-slave script got everything up and running on macOS for me.
I knew I couldn’t build linux packages on MacOS. I didn’t realize this example was building any packages at all on MacOS. The “trivial” example is just using standard features of nixos. Doesn’t this indicate a problem with the manual? The manual gives a simple example and indicates it should run. But it doesn’t.
nixops does not mention builders. nix does mention builders, but I can’t figure out what I should do to get nixops to work. Do I specify the builders in nix.conf and then nixops will use the right one?
You define builders for nix in your
nix.conf. Therefore nixops can you nix to build the store that will be transferred to the target machine. Even a trivial machine should consist of a linux kernel and in extent to build/fetch-from-binary-cache for a
x86-64-linux machine you need a builder for it.
NixOps has some heuristic to use the target hosts as the remote build automatically if the systems differ.
The error is related to a NAR file not having a hash. It might be an issue of using different versions of Nix between the local and remote system. Try upgrading everything to the latest version.
I created a nixos machine on VirtualBox and can “nix ping-store” to it (I assume that no result is success, after getting error messages when I made a mistake). However, when I try to use it build something, I always get the error “cannot add path … because it lacks a valid signature”. Is there something I need to do to make sure that signatures are valid? I was reading about GPG signatures but couldn’t see that there was anything I was supposed to do.
I also had a lot of friction with how
nixops chose to do (remote/local) builds and where/how it did substitution. Folks might be interested in following or participating in this issue: Support building fully remotely · Issue #260 · NixOS/nixops · GitHub
edit: In fact, from there you can find your way to this issue, which is the exact issue described by OP here: Failure deploying containers from OS X · Issue #398 · NixOS/nixops · GitHub
Also, slight off-topic, but maybe relevant to someone…
krops is a seemingly simpler alternative to NixOps that would also appear to avoid the issue you’re having. I don’t have first-hand experience, and I don’t think
krops does any of the IaasS management layer stuff that NixOps can do, but it seems that it does the build remotely by default, based on the documentation:
krops will copy the file
server01 and will clone
/var/src/nixpkgs . After that, krops will run
nixos-rebuild switch -I /var/src which will provision