Temporarily use a remote building machine?

Hi, I’m trying to run remote build in nixos-rebuild.

I have checked the wiki, the nix remote build manual.

There are a few things of which I cannot get the information. Could anyone give me some hints?

  1. In order to use remote building in nixos-rebuild, nix.buildMachines in configuration.nix should be set. However I did not find how to set the non-22 ssh port.
  2. Is there a way to temporarily set the remote building machine in nixos-rebuild command line argument?
1 Like

The easiest way is to do that through the SSH configuration.

Thanks, and so that which user’s ~/.ssh/config should I write the port into?

Where you added the example from the wiki, just adjust the port, they already use 1234 in their example.

https://nixos.wiki/wiki/Distributed_build#Prerequisites

I have a test, and find following answer:
Put the ssh host information in /root/.ssh/config works.
But still don’t know how to turn on/off the remote building on the fly e.g., by using --option

With a Host configured in your .ssh/config and the machine not in /etc/nix/machines you can build on it on-demand with

nix-build --option builders 'ssh://host-name-in-ssh-cfg' -A foobar

and optionally -j0 if you want to turn off local builds entirely.

1 Like

That sounds like you’re using sudo nixos-rebuild. Consider using nixos-rebuild without sudo, then you can keep your ssh config in your non-root user, which is better if you want to use key-based auth, or even a pgp card :slight_smile:

Might take using nixos-rebuild build && sudo nixos-rebuild switch.

Bad idea, user and root might have a different view on nixpkgs.

So that would only work properly if one also provides a fixed nixpkgs entry in the nix path.

Also, as far as I remember from my own experiments, it is not important which user actually does the build, it is important whether or not the user is building directly or through the demon.

So: multi-user:root, single user: the user

Hm, right. It’d be tricky to make this work with the user’s ssh-agent then. I think I’d still prefer letting the user use nixos-rebuild initially if we are using flakes, because those don’t rely on the nix path.

Probably a bad idea to suggest in general though.

1 Like