Hi,

I decided to solve the problem of store-sharing by
letting the nix-worker on localhost forward everything
to the nix-worker on another host. This way, I can
let a "client host" mount the store read-only, but
it is still possible to perform builds and installation,
since it is really the master host that does all
writing to the shared store. This is in my opinion
a very nice solution for thin disk-less clients.

One thing to note about this solution is that the
master of course don't add any gcroots for the new
builds, so the builds might be garbage collected
by the Nix master even though a client host uses
them. I intend to solve this by sharing some
subdirectory of /nix/var/nix/profiles on the master
to the hosts. That is orthogonal to the nix-worker
forwarding, though.

The forwarding was done like this:

jobs.nixRemoteDaemon = {
name = "nix-remote-daemon";
startOn = "startup";
script = ''
export
PATH=${pkgs.openssh}/bin:${pkgs.socat}/bin:${pkgs.coreutils}/bin
NIX_SOCKET=/nix/var/nix/daemon-socket/socket
NIX_REMOTE_SSHKEY=/etc/secrets/nix-remote-daemon.id_dsa
NIX_REMOTE_USER=nixremote
NIX_REMOTE_HOST=mynixmaster
mkdir -p $(dirname "$NIX_SOCKET")
rm -f "$NIX_SOCKET"
exec socat UNIX-LISTEN:$NIX_SOCKET,fork EXEC:"ssh -i
$NIX_REMOTE_SSHKEY $NIX_REMOTE_USER@$NIX_REMOTE_HOST socat -
UNIX-CONNECT\:$NIX_SOCKET"
'';
};

I simply define a new job that listens on the nix-worker
socket and forwards everything via ssh to the nix-worker
socket on the master. This works flawlessly for me.

I want to ask for recommendations on how to package this
and submit it to Nix/NixOS. I my opinion, this should really
be a feature of nix-worker itself, maybe something like this:

nix-worker --remote --remote-host ... --remote-user .. --remote-key ..

The simplest implementation of this is to just write a bash
wrapper around the existing nix-worker that uses socat and
ssh like above.

Is this a good idea, or should it rather be packaged as a separate
nix-remote-worker daemon?


Best regards,
Rickard Nilsson