Welcome to the Nix Community infrastructure project. This project holds all the NixOS and Terraform configuration for this organization.
We also provide one x86 hetzner build machine as a public remote builder for the
nix community. If you want access read the security guide lines on
aarch64-build-box. Than
add your username to roles/builder/users.nix. Don't keep any important data
in your home! We will regularly delete /home without further notice.
If you happen to have your NixOS & home-manager configurations intertwined but
you'd like your familiar environment on our infrastructure you can evaluate
pkgs.writeShellScript "hm-activate" config.systemd.services.home-manager-<yourusername>.serviceConfig.ExecStart
from your NixOS configuration, and send this derivation to be realized remotely:
(in case you aren't a Nix trusted user)
# somehow get the .drv of the above expression into $path
$ nix copy --to ssh://build01.nix-community.org --derivation $path
$ ssh build01.nix-community.org
$ nix-store -r $path
$ $path(My implementation of this ~ckie)
If you want to build your project in our hydra, add a new project in this file.
If you hit any issues, ping us on Matrix in the nix-community room (see the admin list below) or create an issue here: New Issue.
- @adisbladis
- @flokli
- @grahamc
- @Mic92
- @nlewo
- @ryantm
- @zimbatm
- GitLab agent - on build03
- hound - on build03
- https://hydra.nix-community.org - on build03
- matterbridge - on build03
- ryantm-updater bot - on build02
This machine is perfect for running heavy builds.
- Provider: Hetzner
- CPU: AMD Ryzen 7 1700X Eight-Core Processor
- RAM: 64GB
- Drives: 2 x 512 GB SATA SSD
This machine currently just runs r-ryantm/nixpkgs-update.
- Provider: Hetzner
- CPU: AMD Ryzen 7 3700X Eight-Core Processor
- RAM: 64GB DDR4 ECC
- Drives: 2 x 1 TB NVME in RAID 1
This machine is a replacement for build01.
- Provider: Hetzner
- CPU: AMD Ryzen 5 3600 6-Core Processor
- RAM: 64GB DDR4 ECC
- Drives: 2 x 512 GB NVME in RAID 1
This machine is meant as an aarch64 builder for our hydra instance running on build03.
- Provider: Oracle cloud
- Instance type: Ampere A1 Compute
- CPU: 4 VCPUs on an Ampere Altra (arm64)
- RAM: 24GB
- Drives: 200 GB Block
All the builds on these machines are pushed to https://nix-community.cachix.org/
Thanks to Cachix for sponsoring our binary cache!
- ./build\d+ - build machines
- ./ci.sh - What is executed by CI
- ./deploy - Deploy script
- ./roles - shared NixOS configuration modules
- ./services - single instances of NixOS services
- ./terraform - Setup DNS
- ./users - NixOS configuration of our admins
$ ./deployIf you want to reboot a machine, use the following command to also deploy secrets afterwards:
$ inv deploy --hosts build02 reboot --hosts build02-
Install kexec image from Hetzner recovery system as described in kexec.nix and boot into it
-
Format and/or mount all filesystems to /mnt:
$ inv format-disks --hosts buildXX --disks /dev/nvme0n1,/dev/nvme1n1- Setup secrets
$ inv setup-secret --hosts buildXX- Generate configuration and download to the repo
$ nixos-generate-config --root /tmp
# optional, in most cases one can import roles/hardware/hetzner-amd.nix
$ scp buildXX.nix-community.org:/tmp/etc/nixos/hardware-configuration.nix buildXX/hardware-configuration.nix- Build and install
$ inv install-nixos --hosts buildXXYou can start a vm from the rescue system in order to debug the boot:
$ nix-shell -p qemu_kvm --run 'qemu-kvm -m 10G -hda /dev/sda -hdb /dev/sdb -curses -cpu host -enable-kvm'