Rebuild NixOS Offline

carloabelli · August 10, 2019, 9:45pm

I use /etc/nixos/configuration.nix to mange my networks. The problem I have run into is that to connect to a new network after I add it to /etc/nixos/configuration.nix, I have to run nixos-rebuild switch, but this requires a network connection to run properly. Is there a way to rebuild nixos offine?

danbst · August 11, 2019, 4:54pm

in general case, no, there isn’t. The easiest is to boot from installation drive (assuming you have it burned somewhere), where internet works and reinstall using existing configuration.nix.

If the only thing you do is change network (like, choose another WiFi network), it shouldn’t use network for rebuild. But there can be situations:

you may have updated channels, but didn’t rebuild system. Then (when network is off) you try to rebuild system with new config, but it now wants to redownload stuff, thus fails
you have impure derivations (import from remote derivation, fetchTarball without hash, etc), where caches do expire and you have to download stuff
you have import from derivation, but have run GC and build inputs for that IFD have to be redownloaded

So, the best you can do with this is NOT to manage network entirely declarative. New network connection should be possible to setup in CLI (and you should know “how”). I use NetworkManager and nmtui command, which helps a lot when I forget about different wpa_supplicant flags.

layus · August 12, 2019, 9:19am

Besides the fact that it is obviously dangerous to remotely update the network on a remote machine in case of configuration typos and mistakes, here are the steps I take to make it work (when I do not forget…).

Run nixos-rebuild build to check that it actually builds correctly
Enable persistent user instances in systemd [1].
Run nixos-rebuild {switch/test/boot} inside a screen (or tmux ?) session to keep it running after the ssh session ends.
remove the ./result symlink left by nixos-rebuild build

For a long discussion of users caught by the same issue, read [1] further .

(1) https://github.com/NixOS/nixpkgs/issues/3702

PS: Running nixos-rebuild in a persistent session should have been implemented years ago. We are still waiting for someone to write the patch

qyliss · September 16, 2019, 11:16pm

I use /etc/nixos/configuration.nix to mange my networks. The problem
I have run into is that to connect to a new network after I add it to
/etc/nixos/configuration.nix, I have to run nixos-rebuild switch,
but this requires a network connection to run properly. Is there a way
to rebuild nixos offine?

If I understand correctly, then I think you want

nixos-rebuild switch --option substitute false

This will stop it trying to look up what paths are available on a
substituter, which should allow it to rebuild without an internet
connection as long as you have all of the dependencies and stuff.

SRGOM · October 24, 2019, 6:30pm

Not the answer you want by if you want to manage network with nixos- I believe wpa_supplicant, iwd and nm all have ways to change wifi network without you having to rebuild . Also I just save multiple networks’ password on nixos config, the wpa_suppplicant option allows that. networking.wireless.networks.<ssidName>={psk=<password>;}

3xpr · January 2, 2022, 7:55pm

Easiest way I have found to rebuild locally: nixos-rebuild switch --option binary-caches “”

IMPORTANT: This will only work if you didn’t add any new packages since your last build. As soon as you add a new package, there’s no way around having internet.

Source: Manual networking on NixOS install · Issue #26186 · NixOS/nixpkgs · GitHub

nixinator · January 21, 2022, 9:19am

You say there is no other way around it. Maybe carrying a copy of all the source tarballs.

github.com

NixOS/nixpkgs/blob/ea1f1453acd00911c00b260f3a88e3c343c24b09/maintainers/scripts/all-tarballs.nix

/* Helper expression for copy-tarballs. This returns (nearly) all
   tarballs used the free packages in Nixpkgs.

   Typical usage:

   $ copy-tarballs.pl --expr 'import <nixpkgs/maintainers/scripts/all-tarballs.nix>'
*/

import ../../pkgs/top-level/release.nix
  { # Don't apply ‘hydraJob’ to jobs, because then we can't get to the
    # dependency graph.
    scrubJobs = false;
    # No need to evaluate on i686.
    supportedSystems = [ "x86_64-linux" ];
    limitedSupportedSystems = [];
  }

Maybe space usage would be impractical, and getting nixos to use these files ‘off line’ for an say an external drive or storage device might be tricky.

Then again, I’m seeing second user slow 2TB spinning drives for sale for < $30 , so maybe it’s practical now.

rnhmjoj · March 6, 2022, 11:32pm

This will only work if you didn’t add any new packages since your last build.

Does it? I can’t rebuild my system even with an identical configuration.
When the caches are cold Nix always tries to fetch these packages:

c-ares-1.17.2
curl-7.79.1
libkrb5-1.18
libssh2-1.10.0
nghttp2-1.43.0
openssl-1.1.1m

which seem to be dependencies of curl. I’m confused because
nix why-depends --all /run/current-system on any of these says there is no dependency.

EDIT: I figured these are native build inputs of a fetchzip derivation I have.

It seems the core issue is that Nix tries to rebuild some (fixed output?) derivation X which needs Y at build time, however Y is not available and hasn’t been cached.
Can we just not rebuild X in this case?

raindev · February 3, 2023, 10:18pm

To summarize the topic, either of the two options passed to nixos-rebuild switch --flake will allow to rebuilt the system offline offline, given all the dependencies are already present in the Nix store

--option substitute false
--option binary-caches ""

Kranzes · February 4, 2023, 3:58am

There’s also --offline I believe.

RaitoBezarius · May 25, 2023, 12:51pm

FWIW, system.includeBuildDependencies is (now) a thing on NixOS 23.05 and unstable.

It keeps all your build-time closures, so you can rebuild your system as long as you don’t introduce totally new components (sources).