Official NixOS Wiki

Distributed build: Difference between revisions

← Older editNewer edit →
Malteneuss (talk | contribs)
54 edits
VisualWikitext
Fix typo
m Make ssh access table more beginner friendly
Line 9: Line 9:
The main tool to connect to a remote builder, exchange files and trigger builds is SSH.
The main tool to connect to a remote builder, exchange files and trigger builds is SSH.


So SSH access to the remote builder must be set up to enable distribution of builds to it. The table below lists SSH access requirements for most scenarios.
Depending on how you installed the [https://nixos.org/download/ Nix package manager],


* '''"multi-user"''' (system-wide installation; default on NixOS, normal case for most private Linux distro users) or
* '''"single-user"''' (installed only for a single user on the machine; used when no root/admin rights were available for the user),
on your local and remote machine you need to allow a certain local SSH user (on your local machine) to connect to a certain remote SSH user (on the remote machine):
{| class="wikitable" style="margin:auto"  
{| class="wikitable" style="margin:auto"  
|-
|-
! Local Machine !! Remote Builder !! Requirements
! Nix Installation
Local Machine  
! Nix Installation
Remote Builder  
! SSH Connection Requirements
|-
|-
| NixOS / System-wide Nix installation || NixOS / System-wide Nix installation || '''Local''' machine's {{ic|root}} user needs SSH access to ''a'' user on the '''remote''' machine.
| '''Multi-user''' || '''Multi-user''' || '''Local''' machine's {{ic|root}} user needs SSH access to ''a'' user on the '''remote''' machine. '''(most frequent case)'''
|-
|-
| Single-user Nix installation || NixOS / System-wide Nix installation || ''Your'' user on your '''Local''' machine needs SSH access to ''a'' user on the '''remote''' machine.
| Single-user || Multi-user || ''Your'' user on your '''Local''' machine needs SSH access to ''a'' user on the '''remote''' machine.
|-
|-
| NixOS / System-wide Nix installation || Single-user Nix installation || '''Local''' machine's {{ic|root}} user needs SSH access to the user on the '''remote''' machine, with Nix installed with their UID (see [https://nixos.org/manual/nix/stable/installation/single-user.html Nix manual page]).
| Multi-user || Single-user || '''Local''' machine's {{ic|root}} user needs SSH access to the user on the '''remote''' machine, with Nix installed with their UID (see [https://nixos.org/manual/nix/stable/installation/single-user.html Nix manual page]).
|-
|-
| Single-user Nix installation || NixOS / System-wide Nix installation || ''Your'' user on your '''Local''' machine needs SSH access to the user on the '''remote''' machine, with Nix installed with their UID (see [https://nixos.org/manual/nix/stable/installation/single-user.html Nix manual page]).
| Single-user || Multi-user || ''Your'' user on your '''Local''' machine needs SSH access to the user on the '''remote''' machine, with Nix installed with their UID (see [https://nixos.org/manual/nix/stable/installation/single-user.html Nix manual page]).
|}
|}


In any case, the definitive test for SSH access for Nix is:
The thing to know about the '''"Multi-user"''' installation is that '''Nix is installed with a "nix-daemon" background process that runs as root''' and actually manages the builds on your behalf. So when your non-root user calls '''"nix build ...", this is delegated to the nix-daemon''' process, which runs as root. And this process can further delegate the build to a remote builder; that's why the '''local machine's root user''' needs the SSH access.
 
In any case, the good test for Nix SSH access, that takes this into account, is:


{{Commands|nix store ping --store ssh://<REMOTE-BUILDER>}}
{{Commands|nix store ping --store ssh://<REMOTE-BUILDER>}}
Retrieved from "https://wiki.nixos.org/wiki/Distributed_build"