Newbie question: can't get trivial example of nixops to work on my Mac


#1

I am on a Mac, using VirtualBox. I am trying to get the example from the nixops manual to work. I have experimented with loading packages with nix-env, starting up nixos inside VirtualBox and playing with it, and now trying to startup the example in the manual with trivial.nix and trivial-vbox.nix. I have the examples exactly as they are in the manual, even while wondering whether I should change the email address in trivial.nix to something else.

When I deploy it, it starts up a nixos machine inside VirtualBox and goes a long ways, but eventually dies with the messages

copying path ‘/nix/store/2xhsqwyi091aa93r1na1fsvq2xknvf34-append-initrd-secrets’ from ‘ssh://root@192.168.99.103’…
error: cannot add path ‘/nix/store/2xhsqwyi091aa93r1na1fsvq2xknvf34-append-initrd-secrets’ because it lacks a hash
copying 1 paths…
copying path ‘/nix/store/a678jxi2d4fx3jz3m0anhxyzb8jrn03b-audit-disable’ from ‘ssh://root@192.168.99.103’…
error: cannot add path ‘/nix/store/a678jxi2d4fx3jz3m0anhxyzb8jrn03b-audit-disable’ because it lacks a hash

I cannot find out what “it lacks a hash” is supposed to mean. What should I do?


#2

The main problem here is that you cannot build linux packages on MacOS and transfer them to nixops directly. You need always a remote builder like https://github.com/LnL7/nix-docker to prepare you store that will be transferred to your virtualbox VM.


#3

Thank you for pointing this out @periklis, I’ve been having the same problem and this docker image and its start-docker-nix-build-slave script got everything up and running on macOS for me.


#4

I knew I couldn’t build linux packages on MacOS. I didn’t realize this example was building any packages at all on MacOS. The “trivial” example is just using standard features of nixos. Doesn’t this indicate a problem with the manual? The manual gives a simple example and indicates it should run. But it doesn’t.


#5

nixops does not mention builders. nix does mention builders, but I can’t figure out what I should do to get nixops to work. Do I specify the builders in nix.conf and then nixops will use the right one?


#6

You define builders for nix in your nix.conf. Therefore nixops can you nix to build the store that will be transferred to the target machine. Even a trivial machine should consist of a linux kernel and in extent to build/fetch-from-binary-cache for a x86-64-linux machine you need a builder for it.


#7

NixOps has some heuristic to use the target hosts as the remote build automatically if the systems differ.

The error is related to a NAR file not having a hash. It might be an issue of using different versions of Nix between the local and remote system. Try upgrading everything to the latest version.


#8

I created a nixos machine on VirtualBox and can “nix ping-store” to it (I assume that no result is success, after getting error messages when I made a mistake). However, when I try to use it build something, I always get the error “cannot add path … because it lacks a valid signature”. Is there something I need to do to make sure that signatures are valid? I was reading about GPG signatures but couldn’t see that there was anything I was supposed to do.


#9

I also had a lot of friction with how nixops chose to do (remote/local) builds and where/how it did substitution. Folks might be interested in following or participating in this issue: https://github.com/NixOS/nixops/issues/260

edit: In fact, from there you can find your way to this issue, which is the exact issue described by OP here: https://github.com/NixOS/nixops/issues/398


#10

Also, slight off-topic, but maybe relevant to someone… krops is a seemingly simpler alternative to NixOps that would also appear to avoid the issue you’re having. I don’t have first-hand experience, and I don’t think krops does any of the IaasS management layer stuff that NixOps can do, but it seems that it does the build remotely by default, based on the documentation:

  • https://tech.ingolf-wagner.de/nixos/krops/
  • krops will copy the file configuration.nix to /var/src/nixos-config on server01 and will clone nixpkgs into /var/src/nixpkgs . After that, krops will run nixos-rebuild switch -I /var/src which will provision server01 .