Build on target server?

[Mic92]

Is it possible to build the flake on the targets server instead of my laptop?
I don't want to upload big build closures to my machines all the time.

[antifuchs]

I suspect this would also help with the separation between target/deploying system as in #13! Very interested in this, especially for machines that are more powerful than distributed builders / my laptop.

[balsoft]

Not yet, but this is definitely on our roadmap.

[Mic92]

Ok. Apart from that the feature set looks interesting. If someone else is looking for this feature as well: Krops does it by default and can be extended to support flakes: https://github.com/Mic92/dotfiles/blob/master/nixos/krops.nix It is also possible to have a krops running the deploy on a remote machine and push the build nixos closure to a another machine.

[happysalada]

Last but not least, it would also enable darwin users to use this!

[theduke]

Also very interested in this.

It would be nice to not need Nix installed at all on eg CI servers that deploy.

[Mic92]

https://github.com/arnarg/pushnix supports this feature.

[happysalada]

Here is my workaround.
I set up a git bare repo on my server. Add a hook to copy the committed nix config to the /etc/nixos folder and trigger a rebuild in the hook. (template for setting up a bare repo with a push hook
This is basically what pushnix is doing.

[max-privatevoid]

ssh-ng could help here. NIX_REMOTE=ssh-ng://myserver nix build .#pkg will evaluate .#pkg locally, send the derivation (and its dependency derivations) to myserver and build it there without copying the result back to the local store. Seems to be perfect for this use case.

deploy-rs theoretically supports this today with NIX_REMOTE=ssh-ng://myserver deploy -s. Problems: For some reason the call to nix eval causes evaluation to happen on the remote side, which will probably immediately fail because it can't find the flake's source path (nix bug?). If the flake's source path does exist on the remote, the eval step works but takes an eternity to complete. It then fails when trying to push the system closure to the remote, because the path is never realized locally.

TL;DR set NIX_REMOTE=ssh-ng://{deployment user}@{target hostname} for the build step, skip the copy/push step.

[cab404]

So, I've tried to build it via -- --store somewhere. It kind of works, but you will need to copy some paths it will complain about back, and I only have tested it with single target server.

[Mic92]

I am using pyinvoke now with a custom task that uploads configuration with rsync and than just run nixos-rebuild in parallel for all my hosts:

https://github.com/nix-community/infra#deployment-commands
https://github.com/nix-community/infra/blob/a3dd018c629edfa16edf71901b77112e7de282ca/tasks.py#L17