From 1ed248eac2c8bb368fa4c383bca22017fb3d6d20 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Mon, 1 Oct 2018 20:17:17 -0400 Subject: [PATCH 1/3] nixos/nix-daemon: Organize buildMachine options with a submodule --- nixos/modules/services/misc/nix-daemon.nix | 99 ++++++++++++++++++++-- 1 file changed, 92 insertions(+), 7 deletions(-) diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index 0b3d7f3f03c..ee0f8a228b1 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -193,7 +193,92 @@ in }; buildMachines = mkOption { - type = types.listOf types.attrs; + type = types.loaOf (submodule ({ config }: { + options = { + sshUser = mkOption { + type = types.nullOr types.string; + default = null; + description = '' + The user as who to SSH to the build machine. + ''; + }; + hostName = mkOption { + type = types.string; + description = '' + The hostname of the build machine. + ''; + }; + system = mkOption { + type = types.string; + default = null; + description = '' + The system type the build machine can execute derivations on. + null if multiple are supported. + ''; + }; + systems = mkOption { + type = types.listOf types.string; + default = []; + description = '' + The system types the build machine can execute derivations on. + ''; + }; + sshKey = mkOption { + type = types.string; + default = "-"; + description = '' + The path to the SSH private key with which to authenticate with + the build machine. "-" indicates falling back + on defaults. + ''; + }; + maxJobs = mkOption { + type = types.int; + default = 1; + description = '' + The number of concurrent jobs the build machine supports. The + build machine will enforce its own limits but this allows hydra + to schedule better since there is no work-stealing between build + machines. + ''; + }; + speedFactor = mkOption { + type = types.int; + default = 1; + description = '' + Something at indicates how fast the machine is relative to an + arbitrary norm??? + ''; + }; + mandatoryFeatures = mkOptions { + type = types.listOf types.string; + default = []; + decriptions = '' + A list of features derivations built with this remote are + required to opt into using. (See the documentation on Nix itself + for what those features are.) + ''; + }; + supportedFeatures = mkOptions { + type = types.listOf types.string; + default = []; + decriptions = '' + A list of features derivations built with this remote may choose + to use or not. (See the documentation on Nix itself for what + those features are.) + ''; + }; + }; + config = { + assertions = [{ + assertion = config.system != null || config.systems != null; + message = '' + At least one system type (via system or + systems) must be set for every build machine. + ''; + }]; + }; + })); default = []; example = literalExample '' [ { hostName = "voila.labs.cs.uu.nl"; @@ -461,14 +546,14 @@ in { enable = cfg.buildMachines != []; text = concatMapStrings (machine: - "${if machine ? sshUser then "${machine.sshUser}@" else ""}${machine.hostName} " - + machine.system or (concatStringsSep "," machine.systems) - + " ${machine.sshKey or "-"} ${toString machine.maxJobs or 1} " - + toString (machine.speedFactor or 1) + "${if machine.sshUser != null then "${machine.sshUser}@" else ""}${machine.hostName} " + + (if machine.system != null then machine.system else concatStringsSep "," machine.systems) + + " ${machine.sshKey} ${toString machine.maxJobs} " + + toString (machine.speedFactor) + " " - + concatStringsSep "," (machine.mandatoryFeatures or [] ++ machine.supportedFeatures or []) + + concatStringsSep "," (machine.mandatoryFeatures ++ machine.supportedFeatures) + " " - + concatStringsSep "," machine.mandatoryFeatures or [] + + concatStringsSep "," machine.mandatoryFeatures + "\n" ) cfg.buildMachines; }; From 5395397fd6abc45e4d6e6aadec1053733f6b0452 Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Sat, 21 Mar 2020 20:21:58 +0100 Subject: [PATCH 2/3] nixos/nix-daemon: work on buildMachines submodule --- nixos/modules/services/misc/nix-daemon.nix | 142 +++++++++------------ 1 file changed, 59 insertions(+), 83 deletions(-) diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix index ee0f8a228b1..0fbc9cecb4d 100644 --- a/nixos/modules/services/misc/nix-daemon.nix +++ b/nixos/modules/services/misc/nix-daemon.nix @@ -193,43 +193,60 @@ in }; buildMachines = mkOption { - type = types.loaOf (submodule ({ config }: { + type = types.listOf (types.submodule ({ options = { - sshUser = mkOption { - type = types.nullOr types.string; - default = null; - description = '' - The user as who to SSH to the build machine. - ''; - }; hostName = mkOption { - type = types.string; + type = types.str; + example = "nixbuilder.example.org"; description = '' The hostname of the build machine. ''; }; system = mkOption { - type = types.string; + type = types.nullOr types.str; default = null; + example = "x86_64-linux"; description = '' The system type the build machine can execute derivations on. - null if multiple are supported. + Either this attribute or systems must be + present, where system takes precedence if + both are set. ''; }; systems = mkOption { - type = types.listOf types.string; + type = types.listOf types.str; default = []; + example = [ "x86_64-linux" "aarch64-linux" ]; description = '' The system types the build machine can execute derivations on. + Either this attribute or system must be + present, where system takes precedence if + both are set. + ''; + }; + sshUser = mkOption { + type = types.nullOr types.str; + default = null; + example = "builder"; + description = '' + The username to log in as on the remote host. This user must be + able to log in and run nix commands non-interactively. It must + also be privileged to build derivations, so must be included in + . ''; }; sshKey = mkOption { - type = types.string; - default = "-"; + type = types.nullOr types.str; + default = null; + example = "/root/.ssh/id_buildhost_builduser"; description = '' - The path to the SSH private key with which to authenticate with - the build machine. "-" indicates falling back - on defaults. + The path to the SSH private key with which to authenticate on + the build machine. The private key must not have a passphrase. + If null, the building user (root on NixOS machines) must have an + appropriate ssh configuration to log in non-interactively. + + Note that for security reasons, this path must point to a file + in the local filesystem, *not* to the nix store. ''; }; maxJobs = mkOption { @@ -237,7 +254,7 @@ in default = 1; description = '' The number of concurrent jobs the build machine supports. The - build machine will enforce its own limits but this allows hydra + build machine will enforce its own limits, but this allows hydra to schedule better since there is no work-stealing between build machines. ''; @@ -246,82 +263,41 @@ in type = types.int; default = 1; description = '' - Something at indicates how fast the machine is relative to an - arbitrary norm??? + The relative speed of this builder. This is an arbitrary integer + that indicates the speed of this builder, relative to other + builders. Higher is faster. ''; }; - mandatoryFeatures = mkOptions { - type = types.listOf types.string; + mandatoryFeatures = mkOption { + type = types.listOf types.str; default = []; - decriptions = '' - A list of features derivations built with this remote are - required to opt into using. (See the documentation on Nix itself - for what those features are.) + example = [ "big-parallel" ]; + description = '' + A list of features mandatory for this builder. The builder will + be ignored for derivations that don't require all features in + this list. All mandatory features are automatically included in + supportedFeatures. ''; }; - supportedFeatures = mkOptions { - type = types.listOf types.string; + supportedFeatures = mkOption { + type = types.listOf types.str; default = []; - decriptions = '' - A list of features derivations built with this remote may choose - to use or not. (See the documentation on Nix itself for what - those features are.) + example = [ "kvm" "big-parallel" ]; + description = '' + A list of features supported by this builder. The builder will + be ignored for derivations that require features not in this + list. ''; }; }; - config = { - assertions = [{ - assertion = config.system != null || config.systems != null; - message = '' - At least one system type (via system or - systems) must be set for every build machine. - ''; - }]; - }; })); default = []; - example = literalExample '' - [ { hostName = "voila.labs.cs.uu.nl"; - sshUser = "nix"; - sshKey = "/root/.ssh/id_buildfarm"; - system = "powerpc-darwin"; - maxJobs = 1; - } - { hostName = "linux64.example.org"; - sshUser = "buildfarm"; - sshKey = "/root/.ssh/id_buildfarm"; - system = "x86_64-linux"; - maxJobs = 2; - speedFactor = 2; - supportedFeatures = [ "kvm" ]; - mandatoryFeatures = [ "perf" ]; - } - ] - ''; description = '' - This option lists the machines to be used if distributed - builds are enabled (see - ). Nix will perform - derivations on those machines via SSH by copying the inputs - to the Nix store on the remote machine, starting the build, - then copying the output back to the local Nix store. Each - element of the list should be an attribute set containing - the machine's host name (hostname), the - user name to be used for the SSH connection - (sshUser), the Nix system type - (system, e.g., - "i686-linux"), the maximum number of - jobs to be run in parallel on that machine - (maxJobs), the path to the SSH private - key to be used to connect (sshKey), a - list of supported features of the machine - (supportedFeatures) and a list of - mandatory features of the machine - (mandatoryFeatures). The SSH private key - should not have a passphrase, and the corresponding public - key should be added to - ~sshUser/authorized_keys - on the remote machine. + This option lists the machines to be used if distributed builds are + enabled (see ). + Nix will perform derivations on those machines via SSH by copying the + inputs to the Nix store on the remote machine, starting the build, + then copying the output back to the local Nix store. ''; }; @@ -548,7 +524,7 @@ in concatMapStrings (machine: "${if machine.sshUser != null then "${machine.sshUser}@" else ""}${machine.hostName} " + (if machine.system != null then machine.system else concatStringsSep "," machine.systems) - + " ${machine.sshKey} ${toString machine.maxJobs} " + + " ${if machine.sshKey != null then machine.sshKey else "-"} ${toString machine.maxJobs} " + toString (machine.speedFactor) + " " + concatStringsSep "," (machine.mandatoryFeatures ++ machine.supportedFeatures) From 6d52e2e8977091c5e984f61039cefe01a3d4e491 Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Sun, 5 Jul 2020 16:48:15 +0200 Subject: [PATCH 3/3] nixos/nix-daemon: mention potential breakage in release notes --- nixos/doc/manual/release-notes/rl-2009.xml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index c2f26371d66..a28ce4721fe 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -682,6 +682,12 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ]; behaviour and keep the same VM state between different test runs. + + + The nix.buildMachine option is now type-checked. + There are no functional changes, however this may require updating some configurations to use correct types for all attributes. + +