Rebuild NixOS Offline

SergeK · September 22, 2023, 2:31pm

I think it might be a sensible investment to implement a way to pin build dependencies more selectively than by using system.includeBuildDependencies: I’m OK if I can’t change some fancy javascript-heavy service like home-assistant or hedgedoc, but I definitely need the ability to change things like networking.hosts, services.dnsmasq.settings, or networking.wg-quick.interfaces while being offline (because I’m totally the kind person who’ll switch to a configuration with the broken dns, reboot, and call nix store gc). I’ll also find it annoying if changing a line in the neovim config should start downloading things.

These changes should map into rewriting a bunch of text files and not require much more than bash, but I’m pretty sure that on many occasions they need more: this might be because of extra dependencies used to generate or validate the configs, or because new configs result in building new wrappers, or because of literally anything else since I’m not sure anyone is really keeping track of this?

Solene · September 22, 2023, 3:42pm

I made a script to ease the download of sources by providing a list, and also keep a link so they don’t get garbage collected

kcking · October 3, 2023, 5:15am

I was in a situation where I wanted to connect to a wifi network from my raspberry pi, but all of the --options above still resulted in nixos-rebuild requiring internet.

I had wpa_supplicant installed, so I used wpa_passphrase <ssid> | sudo tee /etc/wpa_supplicant.conf to create the wpa_supplicant config, then manually ran sudo wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf, which successfully connected. I then changed to a different tty to run the nixos-rebuild switch that had my wifi config declared.

I had to manually run wpa_supplicant because the systemd unit only uses the immutable nix-generated config in /nix/store.

shivaraj-bh · October 3, 2023, 12:40pm

I build (cross-compile)/download rasperrypi packages, specified in my configuration, on a different machine (in the same network), and deploy onto the pi using deploy-rs

NobbZ · November 29, 2023, 2:17pm

Mirroring nicpkgs is a matter of 3 or 4 GiB…

Nixpkgs is just a (huge) git repository…

To actually mirror the binary chace you need some hundreds of TiB, given the figures that have been announced during the summers S3 bucket crisis.

rjpc · November 29, 2023, 4:25pm

Just wanted to drop a blog post in here to supplement the discussion: Get all your sources! - Linus's blog but as @rnhmjoj says system.includeBuildDependencies is expensive. Also linking nix.conf - Nix Reference Manual for those that want to learn more about the “lite” option

hraban · December 14, 2023, 6:09pm

Thank you for this great tip. --option substitute false also works on nix-darwin and fixed my problem.

rnhmjoj · March 28, 2024, 2:08pm

keep-outputs doesn’t seem to solve the problem either: there are certain build inputs that are getting gc’d anyway, like the output of fetchzip, despite the system derivation being in the gc roots.

So, summing up: even with --builders '' --option substitute false and keep-outputs in nix.conf you can’t rebuild the system (completely unchanged configuration):

building Nix...
building the system configuration...
building '/nix/store/bn3am3q9llmpcpwcq7f95j6i7bn6x84q-source.drv'...
error checking the existence of https://tarballs.nixos.org/sha256/PrTSSoXbu+qtTsJUv81z+MuTUmB1RHLPEWFQQnu6+J8=:
curl: (28) Resolving timed out after 15000 milliseconds

trying https://maxwell.ydns.eu/git/rnhmjoj/nvim-frameline/archive/v0.1.0.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:19 --:--:--     0
curl: (6) Could not resolve host: maxwell.ydns.eu
Warning: Problem : timeout. Will retry in 1 seconds. 3 retries left.
Warning: Problem : timeout. Will retry in 2 seconds. 2 retries left.