tristan/nixinate
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity

Fix hermetic remote builds and tests

Browse source 
In the previous attempt to add this feature, I had forgotten to add the
new tests to tests/default.nix, which meant I believed the feature
worked when it did not. Additionally, real world testing shows that if
the path does not exist on the remote already, that nix build --store
will not work and will throw the following error: 'path '/nix/store/foo'
is required, but there is no substituter that can build it' To fix this,
I've decided to use nix copy --derivation and then nix-store --realise
on the remote. A lot of refactoring is needed to make this codebase
presentable anyway, so this hack is fine for now, though it is
admittedly an unclean implementation.
This commit is contained in:
matthewcroughan 2022-06-02 00:55:49 +01:00
parent ea61a38231
commit 034013af9d
2 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
flake.nix
View file

@ -30,6 +30,7 @@
inherit (final.lib) getExe; inherit (final.lib) getExe;
nix = "${getExe final.nix}"; nix = "${getExe final.nix}";
nixos-rebuild = "${getExe final.nixos-rebuild}"; nixos-rebuild = "${getExe final.nixos-rebuild}";
nixos-rebuild-drvPath = final.nixos-rebuild.drvPath;
openssh = "${getExe final.openssh}"; openssh = "${getExe final.openssh}";
n = flake.nixosConfigurations.${machine}._module.args.nixinate; n = flake.nixosConfigurations.${machine}._module.args.nixinate;
@ -50,8 +51,8 @@
( set -x; ${nix} copy ${flake} --to ssh://${user}@${host} ) ( set -x; ${nix} copy ${flake} --to ssh://${user}@${host} )
'' + (if hermetic then '' '' + (if hermetic then ''
echo "🤞 Activating configuration hermetically on ${machine} via ssh:" echo "🤞 Activating configuration hermetically on ${machine} via ssh:"
( set -x; ${nix} build ${nixos-rebuild} --no-link --store ssh://${user}@${host} ) ( set -x; ${nix} copy --derivation ${nixos-rebuild} --to ssh://${user}@${host} )
( set -x; ${openssh} -t ${user}@${host} 'sudo ${nixos-rebuild} ${switch} --flake ${flake}#${machine}' ) ( set -x; ${openssh} -t ${user}@${host} 'sudo nix-store --realise ${nixos-rebuild-drvPath} && sudo ${nixos-rebuild} ${switch} --flake ${flake}#${machine}' )
'' else '' '' else ''
echo "🤞 Activating configuration non-hermetically on ${machine} via ssh:" echo "🤞 Activating configuration non-hermetically on ${machine} via ssh:"
( set -x; ${openssh} -t ${user}@${host} 'sudo nixos-rebuild ${switch} --flake ${flake}#${machine}' ) ( set -x; ${openssh} -t ${user}@${host} 'sudo nixos-rebuild ${switch} --flake ${flake}#${machine}' )

2
tests/default.nix
View file

@ -2,4 +2,6 @@
{ {
vmTestLocal = (import ./vmTest { inherit pkgs makeTest inputs; }).local; vmTestLocal = (import ./vmTest { inherit pkgs makeTest inputs; }).local;
vmTestRemote = (import ./vmTest { inherit pkgs makeTest inputs; }).remote; vmTestRemote = (import ./vmTest { inherit pkgs makeTest inputs; }).remote;
vmTestLocalHermetic = (import ./vmTest { inherit pkgs makeTest inputs; }).localHermetic;
vmTestRemoteHermetic = (import ./vmTest { inherit pkgs makeTest inputs; }).remoteHermetic;
} }