Distributed build: Difference between revisions

Line 58:

When the remote machine doesn't have NixOS / System-wide Nix installation, the only option is to allow access without passphrase and with an SSH key to the user with Nix installed for them.

===Recommended ~~System~~-~~wide~~ Nix –> ~~System~~-~~wide~~ Nix ~~setup~~===

===Recommended setup: multi-user Nix local –> multi-user Nix remote===

For the common case where your local Nix is installed system-wide, create a user on the '''remote''' machine that will have an unwriteable home directory, with a {{ic|~/.ssh/authorized_keys}} in it, that will allow SSH access to that user without a passphrase. The steps are:

For the common case where your local Nix is installed system-wide in multi-user mode, create a user on the '''remote''' machine that will have an unwriteable home directory, with a {{ic|~/.ssh/authorized_keys}} in it, that will allow SSH access to that user without a passphrase. The steps are:

- {{ic|ssh}} to the remote builder.

Line 66:

- Run (requires privileges) {{ic|mkdir ~nixremote/.ssh}}.

If your '''remote builder''' has Nix installed system-wide, but ~~without~~ NixOS, you may need to add something like the following to your {{ic|/etc/ssh/sshd_config}}:

If your '''remote builder''' has Nix installed system-wide in multi-user mode, but you're not running NixOS, '''you may need to add something like the following to your''' {{ic|/etc/ssh/sshd_config}}:

{{file|/etc/ssh/sshd_config|text|

Line 74:

}}

~~So that straight away when logging in, your~~ {{ic|$PATH}} will ~~include~~ nix' ~~executables' directory~~.

Explanation: This extends the {{ic|$PATH}} variable on your remote builder for your ssh connection such that the installed Nix tools like {{ic|/var/nix/var/nix/profiles/default/bin/nix-store}} can be found on this remote builder when connecting through ssh from your local machine. Otherwise you will get an error on your local machine like "ssh.. nix-store: command not found". The reason is that the Nix ssh connection uses an "non-interactive" shell on the remote builder that doesn't load any {{ic|.bashrc}} files like a normal "interactive" shell would do, when connect manually.

Then, '''on your local machine''', create the private / public key pair without a passphrase, as root:

@@ Line 58: / Line 58: @@
 When the remote machine doesn't have NixOS / System-wide Nix installation, the only option is to allow access without passphrase and with an SSH key to the user with Nix installed for them.
-===Recommended System-wide Nix –> System-wide Nix setup===
+===Recommended setup: multi-user Nix local –> multi-user Nix remote===
-For the common case where your local Nix is installed system-wide, create a user on the '''remote''' machine that will have an unwriteable home directory, with a {{ic|~/.ssh/authorized_keys}} in it, that will allow SSH access to that user without a passphrase. The steps are:
+For the common case where your local Nix is installed system-wide in multi-user mode, create a user on the '''remote''' machine that will have an unwriteable home directory, with a {{ic|~/.ssh/authorized_keys}} in it, that will allow SSH access to that user without a passphrase. The steps are:
 - {{ic|ssh}} to the remote builder.
@@ Line 66: / Line 66: @@
 - Run (requires privileges) {{ic|mkdir ~nixremote/.ssh}}.
-If your '''remote builder''' has Nix installed system-wide, but without NixOS, you may need to add something like the following to your {{ic|/etc/ssh/sshd_config}}:
+If your '''remote builder''' has Nix installed system-wide in multi-user mode, but you're not running NixOS, '''you may need to add something like the following to your''' {{ic|/etc/ssh/sshd_config}}:
 {{file|/etc/ssh/sshd_config|text|
@@ Line 74: / Line 74: @@
 }}
-So that straight away when logging in, your {{ic|$PATH}} will include nix' executables' directory.
+Explanation: This extends the {{ic|$PATH}} variable on your remote builder for your ssh connection such that the installed Nix tools like  {{ic|/var/nix/var/nix/profiles/default/bin/nix-store}} can be found on this remote builder when connecting through ssh from your local machine. Otherwise you will get an error on your local machine like "ssh.. nix-store: command not found". The reason is that the Nix ssh connection uses an "non-interactive" shell on the remote builder that doesn't load any {{ic|.bashrc}} files like a normal "interactive" shell would do, when connect manually.
 Then, '''on your local machine''', create the private / public key pair without a passphrase, as root: