Using cross-compiled packages in the host NixOS config

First we need to configure the build machine as a trusted cache. Generate a key on the builder:

> nix-store --generate-binary-cache-key builder nix-store-binary-cache-key-{secret,public}

Update configuration.nix on the remote host:

nix.settings.trusted-public-keys = [
  "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
  <content of nix-store-binary-cache-key-public>
];

Then cross-compile and copy hello to the remote host:

> nix-build -A pkgsCross.aarch64-multiplatform.hello
> nix store sign -k nix-store-binary-cache-key-secret $(readlink -f result)
> nix copy --to ssh://user@myserver $(readlink -f result)

It is a good idea to pin the nixpkgs version used for the cross package. If you use the same channel on the host as was used for the cross-compile, use readlink /nix/var/nix/profiles/per-user/root/channels/nixos on the host. Otherwise, copy the builder nixpkgs to the host. Then add to configuration.nix: (with your value for the nixpkgs path)

let pkgsCross = import /nix/store/3wchlbf1adr8hiy3hz7hsz8chhf5bp5c-nixos/nixos {
  localSystem = "x86_64-linux"; # <-- put your builder's platform here and below
  hostSystem = "x86_64-linux";
  crossSystem = "aarch64-linux"; # <-- put your host's platform here
};
in
{
  environment.systemPackages = [ pkgsCross.hello ];
}

Done. It just works ™

4 Likes