Document how to build a NixOS system toplevel

[jpds]

Is your feature request related to a problem? Please describe.

Hydra seems to be great for building nixpkgs, or a subset of this. I've deployed my own Hydra and have my own local S3 cluster and the two work great.

However, I do not wish to build the (multi-TB) entirety of nixpkgs as my systems deployments requires a significantly tiny number of packages within this.

Instead, I'd like to use Hydra to simply build my systems' toplevels and push the relevant artefacts to the S3 store - then my systems can pull those down without having to do any parts of the builds themselves.

However, this usecase isn't documented in the examples.

[alejandro-angulo]

Does services.hydra.useSubstitutes = true; do what you want? https://search.nixos.org/options?channel=unstable&from=0&size=50&sort=relevance&type=packages&query=services.hydra.useSubstitutes

[jpds]

@alejandro-angulo No, that disables the usage of the binary cache within Hydra.

I want to know exactly what I need to stick on my nixosConfigurations.systemName = nixpkgs.lib.nixosSystem in terms of a hydraJob so Hydra can build these.

[9p4]

Take a look at https://git.sr.ht/~fd/nix-configs/tree/main/item/hydra.nix

hydraJobs = import ./hydra.nix { inherit inputs outputs; };

[Lyndeno]

Take a look at https://git.sr.ht/~fd/nix-configs/tree/main/item/hydra.nix

hydraJobs = import ./hydra.nix { inherit inputs outputs; };

I am getting an error on nix flake show about import from derivation being disabled. Does this happen to you as well?

[benaryorg]

I want to know exactly what I need to stick on my nixosConfigurations.systemName = nixpkgs.lib.nixosSystem in terms of a hydraJob so Hydra can build these.

I realise I'm a bit late to the issue, but in general:

{
  inputs.nixpkgs.url = "[…]";

  outputs = { self, nixpkgs, ... }:
  {
    nixosConfigurations.systemName = nixpkgs.lib.nixosSystem {
      system = "aarch64-linux";
      modules = [
        # placeholder so the system actually evaluates and doesn't fail due to a lack of bootloader
        ({ modulesPath, ... }: { imports = [ "${modulesPath}/virtualisation/lxc-container.nix" ]; })
      ];
    };

    # get a single job built:
    hydraJobs = {
      my-nixos-build = self.nixosConfigurations.systemName.config.system.build.toplevel;
    };

    # or if you want to be fancy (the `nodes` is optional, but nice if you ever want other artifacts like custom packages/tarballs/isos):
    hydraJobs.nodes = builtins.mapAttrs (_: node: node.config.system.build.toplevel) self.nixosConfigurations;
  };
}

If you also want to go the extra mile and skip evaluation on a machine:

set -eo pipefail
command="${1:-switch}"
out_path="$(curl -fsLH "accept: application/json" https://hydra.shell.bsocat.net/job/infra/next/node.gnutoo.build/latest | jq -r '.buildproducts | map(select(.type == "nix-build" and (.name | test("\\Anixos-system")))) | first.path')"
grep -Pz "\\A/nix/store/[a-z0-9]+-nixos-system-[^/\\s]+\\n?\\z" <<<"$out_path"
if test "$command" = "test"; then
  nix build --no-link --print-out-paths --print-build-logs "$out_path"
else
  nix build --no-link --print-out-paths --print-build-logs --profile /nix/var/nix/profiles/system "$out_path"
fi
/run/current-system/systemd/bin/systemd-run \
  -E LOCALE_ARCHIVE \
  --collect \
  --no-ask-password \
  --pipe \
  --quiet \
  --same-dir \
  --service-type=exec \
  --unit=nixos-rebuild-switch-to-configuration \
  --wait \
  /nix/var/nix/profiles/system/bin/switch-to-configuration "$command"

Adjust URl as needed, and if you want shove the thing in a [email protected] with an ExecStart=that-script %i so you can run systemctl start [email protected] or whatever.

In terms of pushing the results to an S3 store, upstream hydra configuration looks something like this (requires the appropriate S3 credentials):

https://github.com/NixOS/infra/blob/91ca5733e34f0ef7174b2bc6c258400c32d57684/build/hydra.nix#L81-L83

Hope that answers the question.