Run a remote nix server on the CI

tweag · Aug 27, 2023 · f3ee307 · f3ee307
1 parent 1e28732
commit f3ee307
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 0 deletions.
diff --git a/.github/nix-server/Dockerfile b/.github/nix-server/Dockerfile
@@ -0,0 +1,21 @@
+FROM ubuntu:23.04
+
+RUN apt-get update -qq && \
+    apt-get install openssh-server curl xz-utils sudo locales ca-certificates -y && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN mkdir -m 0755 /nix && \
+    groupadd -r nixbld && \
+    chown root /nix && \
+    for n in $(seq 1 10); do useradd -c "Nix build user $n" -d /var/empty -g nixbld -G nixbld -M -N -r -s "$(command -v nologin)" "nixbld$n"; done
+
+RUN curl -L https://nixos.org/nix/install | bash
+
+COPY .github/nix-server/keys .
+
+RUN cat ci.pub > $HOME/.ssh/authorized_keys
+
+RUN echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
+
+CMD ["/usr/sbin/sshd", "-D"]
diff --git a/.github/nix-server/config b/.github/nix-server/config
@@ -0,0 +1,5 @@
+Host nix-server
+  Hostname localhost
+  Port 2222
+  User root
+  IdentityFile .github/nix-server/keys/ci
diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
@@ -27,6 +27,9 @@ jobs:
         bzlmodEnabled:
           - true
           - false
+        withNixRemote:
+          - true
+          - false
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v3.5.3
@@ -49,13 +52,31 @@ jobs:
           # no-op flag to avoid "ERROR: Config value 'ci' is not defined in any .rc file"
           common:ci --announce_rc=false
           EOF
+      - name: Start remote Nix server
+        if: ${{ matrix.withNixRemote }} == "true"
+        run: |
+          # Generate temporary SSH keys.
+          mkdir -p $HOME/.ssh
+          mkdir -p .github/nix-server/keys
+          ssh-keygen -t ed25519 -f .github/nix-server/keys/ci -C ci-nix-server -q -N ""
+
+          docker build -t nix-server -f .github/nix-server/Dockerfile .
+          docker run -p 2222:22 nix-server
+
+          cp .github/nix-server/config $HOME/.ssh/config
       - name: Build & test
         env:
           BZLMOD_ENABLED: ${{ matrix.bzlmodEnabled }}
+          NIX_REMOTE_ENABLED: ${{ matrix.withNixRemote }}
         run: |
+          if [ "$NIX_REMOTE_ENABLED" == "true" ]; then
+            export BAZEL_NIX_REMOTE=nix-server
+          fi
+
           nix-shell --pure \
             --keep GITHUB_REPOSITORY \
             --keep BZLMOD_ENABLED \
+            --keep BAZEL_NIX_REMOTE \
             --run 'bash .github/build-and-test'
   test-examples:
     name: Build & Test - Examples

diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,5 @@
 /**/bazel-*
 
 /**/node_modules
+
+.github/nix-server/keys