Partial NixOS system closure

bernat · August 29, 2022, 12:14pm

Hey!

To manage a set of hosts, I would like to build most of their configuration at a central location but I do not want to push a full system closure for each host into the binary cache as it would allow one host to get information about another host. Instead, I want the host to complete its own configuration by combining a partial closure (a NixOS module) with its own local NixOS module. I would provide the narHash of the “common” NixOS module.

On a host, the NixOS configuration would be:

{ ... } : {
 imports = [
  ./hardware-configuration.nix # Local to this host
  ./network.nix # Local to this host
  ./local.nix # Local to this host
  ./common.nix # Please use "nsvdy9ljmv80qq24nkj6gb8lgwpw29l1-nixos-system-common"
 ];
}

Is it possible?

domenkozar · August 29, 2022, 12:18pm

You could use a different binary cache per host

tejing · August 29, 2022, 1:46pm

Nixos modules aren’t straightforwardly related to the final build graph, so realistically no, it’s not possible.

bernat · August 29, 2022, 1:49pm

Thanks! Good to know.