| blob | 4786fef31d06575a0e9439388db26c77d12c5042 |
1 /*
2 Manages the remote build configuration, /etc/nix/machines
4 See also
5 - ./nix.nix
6 - nixos/modules/services/system/nix-daemon.nix
7 */
8 { config, lib, ... }:
10 let
11 inherit (lib)
12 any
13 concatMapStrings
14 concatStringsSep
15 filter
16 getVersion
17 mkIf
18 mkMerge
19 mkOption
20 optional
21 optionalString
22 types
23 versionAtLeast
24 ;
26 cfg = config.nix;
28 nixPackage = cfg.package.out;
30 isNixAtLeast = versionAtLeast (getVersion nixPackage);
32 buildMachinesText = concatMapStrings (
33 machine:
34 (concatStringsSep " " (
35 [
36 "${optionalString (machine.protocol != null) "${machine.protocol}://"}${
37 optionalString (machine.sshUser != null) "${machine.sshUser}@"
38 }${machine.hostName}"
39 (
40 if machine.system != null then
41 machine.system
42 else if machine.systems != [ ] then
43 concatStringsSep "," machine.systems
44 else
45 "-"
46 )
47 (if machine.sshKey != null then machine.sshKey else "-")
48 (toString machine.maxJobs)
49 (toString machine.speedFactor)
50 (
51 let
52 res = (machine.supportedFeatures ++ machine.mandatoryFeatures);
53 in
54 if (res == [ ]) then "-" else (concatStringsSep "," res)
55 )
56 (
57 let
58 res = machine.mandatoryFeatures;
59 in
60 if (res == [ ]) then "-" else (concatStringsSep "," machine.mandatoryFeatures)
61 )
62 ]
63 ++ optional (isNixAtLeast "2.4pre") (
64 if machine.publicHostKey != null then machine.publicHostKey else "-"
65 )
66 ))
67 + "\n"
68 ) cfg.buildMachines;
70 in
71 {
72 options = {
73 nix = {
74 buildMachines = mkOption {
75 type = types.listOf (
76 types.submodule {
77 options = {
78 hostName = mkOption {
79 type = types.str;
80 example = "nixbuilder.example.org";
81 description = ''
82 The hostname of the build machine.
83 '';
84 };
85 protocol = mkOption {
86 type = types.enum [
87 null
88 "ssh"
89 "ssh-ng"
90 ];
91 default = "ssh";
92 example = "ssh-ng";
93 description = ''
94 The protocol used for communicating with the build machine.
95 Use `ssh-ng` if your remote builder and your
96 local Nix version support that improved protocol.
98 Use `null` when trying to change the special localhost builder
99 without a protocol which is for example used by hydra.
100 '';
101 };
102 system = mkOption {
103 type = types.nullOr types.str;
104 default = null;
105 example = "x86_64-linux";
106 description = ''
107 The system type the build machine can execute derivations on.
108 Either this attribute or {var}`systems` must be
109 present, where {var}`system` takes precedence if
110 both are set.
111 '';
112 };
113 systems = mkOption {
114 type = types.listOf types.str;
115 default = [ ];
116 example = [
117 "x86_64-linux"
118 "aarch64-linux"
119 ];
120 description = ''
121 The system types the build machine can execute derivations on.
122 Either this attribute or {var}`system` must be
123 present, where {var}`system` takes precedence if
124 both are set.
125 '';
126 };
127 sshUser = mkOption {
128 type = types.nullOr types.str;
129 default = null;
130 example = "builder";
131 description = ''
132 The username to log in as on the remote host. This user must be
133 able to log in and run nix commands non-interactively. It must
134 also be privileged to build derivations, so must be included in
135 {option}`nix.settings.trusted-users`.
136 '';
137 };
138 sshKey = mkOption {
139 type = types.nullOr types.str;
140 default = null;
141 example = "/root/.ssh/id_buildhost_builduser";
142 description = ''
143 The path to the SSH private key with which to authenticate on
144 the build machine. The private key must not have a passphrase.
145 If null, the building user (root on NixOS machines) must have an
146 appropriate ssh configuration to log in non-interactively.
148 Note that for security reasons, this path must point to a file
149 in the local filesystem, *not* to the nix store.
150 '';
151 };
152 maxJobs = mkOption {
153 type = types.int;
154 default = 1;
155 description = ''
156 The number of concurrent jobs the build machine supports. The
157 build machine will enforce its own limits, but this allows hydra
158 to schedule better since there is no work-stealing between build
159 machines.
160 '';
161 };
162 speedFactor = mkOption {
163 type = types.int;
164 default = 1;
165 description = ''
166 The relative speed of this builder. This is an arbitrary integer
167 that indicates the speed of this builder, relative to other
168 builders. Higher is faster.
169 '';
170 };
171 mandatoryFeatures = mkOption {
172 type = types.listOf types.str;
173 default = [ ];
174 example = [ "big-parallel" ];
175 description = ''
176 A list of features mandatory for this builder. The builder will
177 be ignored for derivations that don't require all features in
178 this list. All mandatory features are automatically included in
179 {var}`supportedFeatures`.
180 '';
181 };
182 supportedFeatures = mkOption {
183 type = types.listOf types.str;
184 default = [ ];
185 example = [
186 "kvm"
187 "big-parallel"
188 ];
189 description = ''
190 A list of features supported by this builder. The builder will
191 be ignored for derivations that require features not in this
192 list.
193 '';
194 };
195 publicHostKey = mkOption {
196 type = types.nullOr types.str;
197 default = null;
198 description = ''
199 The (base64-encoded) public host key of this builder. The field
200 is calculated via {command}`base64 -w0 /etc/ssh/ssh_host_type_key.pub`.
201 If null, SSH will use its regular known-hosts file when connecting.
202 '';
203 };
204 };
205 }
206 );
207 default = [ ];
208 description = ''
209 This option lists the machines to be used if distributed builds are
210 enabled (see {option}`nix.distributedBuilds`).
211 Nix will perform derivations on those machines via SSH by copying the
212 inputs to the Nix store on the remote machine, starting the build,
213 then copying the output back to the local Nix store.
214 '';
215 };
217 distributedBuilds = mkOption {
218 type = types.bool;
219 default = false;
220 description = ''
221 Whether to distribute builds to the machines listed in
222 {option}`nix.buildMachines`.
223 '';
224 };
225 };
226 };
228 # distributedBuilds does *not* inhibit /etc/nix/machines generation; caller may
229 # override that nix option.
230 config = mkIf cfg.enable {
231 assertions =
232 let
233 badMachine = m: m.system == null && m.systems == [ ];
234 in
235 [
236 {
237 assertion = !(any badMachine cfg.buildMachines);
238 message =
239 ''
240 At least one system type (via <varname>system</varname> or
241 <varname>systems</varname>) must be set for every build machine.
242 Invalid machine specifications:
243 ''
244 + " "
245 + (concatStringsSep "\n " (map (m: m.hostName) (filter (badMachine) cfg.buildMachines)));
246 }
247 ];
249 # List of machines for distributed Nix builds
250 environment.etc."nix/machines" = mkIf (cfg.buildMachines != [ ]) {
251 text = buildMachinesText;
252 };
254 # Legacy configuration conversion.
255 nix.settings = mkIf (!cfg.distributedBuilds) { builders = null; };
256 };
257 }