First we need to configure the build machine as a trusted cache. Generate a key on the builder:
> nix-store --generate-binary-cache-key builder nix-store-binary-cache-key-{secret,public}
Update configuration.nix
on the remote host:
nix.settings.trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
<content of nix-store-binary-cache-key-public>
];
Then cross-compile and copy hello
to the remote host:
> nix-build -A pkgsCross.aarch64-multiplatform.hello
> nix store sign -k nix-store-binary-cache-key-secret $(readlink -f result)
> nix copy --to ssh://user@myserver $(readlink -f result)
It is a good idea to pin the nixpkgs version used for the cross package. If you use the same channel on the host as was used for the cross-compile, use readlink /nix/var/nix/profiles/per-user/root/channels/nixos
on the host. Otherwise, copy the builder nixpkgs to the host. Then add to configuration.nix
: (with your value for the nixpkgs path)
let pkgsCross = import /nix/store/3wchlbf1adr8hiy3hz7hsz8chhf5bp5c-nixos/nixos {
localSystem = "x86_64-linux"; # <-- put your builder's platform here and below
hostSystem = "x86_64-linux";
crossSystem = "aarch64-linux"; # <-- put your host's platform here
};
in
{
environment.systemPackages = [ pkgsCross.hello ];
}
Done. It just works ™