Nix-community infra update

Nix-community infrastructure update

The Nix-community GitHub organization is a central hub for a wide range of popular tools related to Nix. In addition to maintaining Continuous Integration (CI) infrastructure, we also oversee the community builder within the same organization. This includes hosting the ryantm-r bot.

Recent Infrastructure Upgrades:

Over the past month, we’ve made significant upgrades to our infrastructure, primarily based on Hetzner servers:

  1. CI Builder Enhancement: Our two x86_64 CI builders have been upgraded from AMD Ryzen 5 3600 (6-Core Processor, 64GB RAM) to AMD Ryzen 9 3900 (12-Core Processor, 128GB RAM). This upgrade approximately doubles our performance capabilities.

  2. New Nix-Based CI Development: We’re excited to introduce a new nix-based CI system, tailored for pull request workflows in open-source projects. Projects within the nix-community can activate this CI by adding buildbot-nix to their topic tags. Build results are then uploaded to our 1TB Cachix cache, generously sponsored.

Looking Ahead

Expansion to Aarch64-Linux:

We’re currently supporting aarch64-linux through a virtual machine hosted on Oracle Cloud, which unfortunately lacks nested virtualization support. Our goal is to transition to an Ampera Ultra server. This would allow us to provide CI builder that can also run NixOS tests. However, we’re facing a funding gap for this upgrade. To achieve this goal, we are short by 40-50 Euros per month in our nix-community collective. Any contributions towards closing this gap would be greatly appreciated and will help us continue to improve our infrastructure and support for the community.


Well as a aarch64 user time to pay up then :).


How will the aarch64-linux builder be different from ? Just under the nix-community namespace and funding instead?

The builder is great for interactive debugging but because of the liberal (trusted) access, it’s not suitable for CI builds when those store paths end up in the nix-community binary cache.
i.e. every trusted user on the system would be able to push store path to the machine.
In nix-community we cleanly separate community builders where we give shell access and CI builders that are used for projects.

1 Like

Ahh, so this is to fund a builder for nix-community projects, not as a general purpose community builder. Thanks for the clarification!

As I understand it, GitHub - NixOS/aarch64-build-box: Config for the Community aarch64 NixOS box [maintainer=@grahamc] mentioned by @adamcstephens gives you shell access (ssh) and so is a “community builder” in the sense @Mic92 is talking about.

Which then would also imply we collect for a “CI builder” which also is what @adamcstephens states here, right ?

Please correct me if I’m wrong in this.

Also sorry my confusion.

Yes. This is right. We also want a ci builder in addition to the community builder.

1 Like

We were now able to buy the aarch64-linux builder: Janurary Nix-community infra update
Thanks for all the new supporters!