Fails to read nixos-rebuild output correct

[TheArcaneBrony]

Output is spammed with @nix {"action":"start"... and seems to miss a lot of steps.

[TheArcaneBrony]

Update: seems to be related to unbuffer

[maralorn]

Can you please share the command you ran?

[TheArcaneBrony]

unbuffer nixos-rebuild switch --flake .#Rory-nginx -j`nproc` --upgrade-all --log-format internal-json -v |& nom --json

[maralorn]

I am surprised that this is working at all. But I agree it’s weird that it works for some lines and doesn‘t for others.

[TheArcaneBrony]

if this is marked as an enhancement, i wonder if we could get a nom os-rebuild subcommand or similar?

[maralorn]

The wish for a nom supported nixos-rebuild has been voiced before. And is definitely an open feature request. But I think it is more about changing nixos-rebuild than solving this in nom.

The enhancement request that I see in this issue would be "make the --json parser cleanly pass-through non json lines and correctly detect all json lines." I consider this an enhancement and not a bug because the --json parser was never supposed to be used on non-json input.

[TheArcaneBrony]

what i personally ended up doing was using nom build to build the system closure and then using nixos-rebuild afterwards to deploy it

nom build .#nixosConfigurations.${2}.config.system.build.toplevel && sudo nixos-rebuild switch --flake .#${HOSTNAME} || exit 1

[mibmo]

does anyone know if there are any downsides to @TheArcaneBrony's approach? seems pretty good to me, all things considered :)

[maralorn]

No, that’s basically what I do.

[becknik]

You might find the nh cli helper particularly useful when it comes to using nom in conjunction with nixos-rebuild.

[kurnevsky]

does anyone know if there are any downsides to @TheArcaneBrony's approach? seems pretty good to me, all things considered :)

Looks like with this approach nix can't use ssh builders/extra substituters.

[maralorn]

@kurnevsky That seems highly unlikely.

[kurnevsky]

Well, it can use them if nom is launched as root, but not as plain user. Found this relevant nh issue: viperML/nh#70

(the command I'm running is nom build --keep-going --option extra-substituters 'ssh://pc.local' --builders 'ssh://pc.local x86_64-linux,aarch64-linux - 32' "/etc/nixos#nixosConfigurations.${HOST}.config.system.build.toplevel")

[mibmo]

does anyone know if there are any downsides to @TheArcaneBrony's approach? seems pretty good to me, all things considered :)

Looks like with this approach nix can't use ssh builders/extra substituters.

They work fine for me, maybe there's something more to it? have you confirmed they work with the base nix command? maybe it's an issue of trusted vs non-trusted substituters? have you tried declaring them directly in your nix config using the nix.buildMachines and nix.settings.{substituters,trusted-public-keys} options?

I'd assume that, if it works with root, it's due to your normal user not being a trusted user.

[mibmo]

also, just fyi: instead of eval'ing twice (once with nom; once with nixos-rebuild), there's the alternative of building to a known directory (I use /tmp/nixos-configuration) then running sudo $KNOWN_DIR/bin/switch-to-configuration switch. AFAICT, this is exactly what nixos-rebuild switch does.

My full build command is (with added comparison to running system and split across lines):

nom build ~/dev/dotnix#nixosConfigurations.$(hostname).config.system.build.toplevel --out-link /tmp/nixos-configuration && \
  nvd diff /run/current-system /tmp/nixos-configuration && \
  sudo /tmp/nixos-configuration/bin/switch-to-configuration switch

[maralorn]

Well, nixos-rebuild also sets the generation via nix-env.

[kurnevsky]

it's an issue of trusted vs non-trusted substituters

I use trusted-public-keys for my substituters.

have you tried declaring them directly in your nix config using the nix.buildMachines

I haven't, since I don't usually have stable address for them, so I prefer to specify them dynamically.

[kurnevsky]

Also nixos-rebuild executes switch-to-configuration using systemd-run to mitigate NixOS/nixpkgs#39118