NixOS remote builder
Plugin to use the nix store of a remote system to remote build given Nix flake paths
Woodpecker CI plugin which uses the store of a remote NixOS system to build our given Nix flake paths.
The usecase is that the remote system acts as a builder and Nix binarycache. So we build our NixOS systems (or packages) on the remote system and keep the output in the nix store of the remote system.
Our benefits:
- For each build we use the persistent store of the remote system and get much faster builds because we use already build artefacts.
- The result will stay in the Nix store of the remote machine. So we can serve this store as binary cache.
Settings
| Settings Name | Default | Description |
|---|---|---|
| sshkey | none | SSH key for SSH authentification on remote system. This should be applied from a CI secret |
| username | none | Username on remote system |
| hostname | none | Hostname of remote system |
| sshport | none | SSH Port to connect on remote system |
| flakepaths | none | List of flakepaths to build separated by , |
Example
steps:
remote-build:
image: johnwalkerx/nix-remote-builder-plugin:latest
pull: true
settings:
hostname: binarycache.example.com
sshport: 22
username: uploaduser
sshkey:
from_secret: sshkey
flakepaths: >-
.#nixosConfigurations.machine1.config.system.build.toplevel,
.#nixosConfigurations.machine2.config.system.build.toplevel
NOTE: Make sure to restrict usage of the secret to this specific docker image and select that only plugins can use this secrets.