lnl7 / nix-docker Goto Github PK

View Code? Open in Web Editor NEW

286.0 19.0 41.0 105 KB

Docker images for the Nix package manager

License: MIT License

Nix 71.32% Shell 17.30% Dockerfile 11.38%

nix nixpkgs docker

nix-docker's Introduction

nix-docker

Docker images for the Nix package manager

This repository contains nix expressions to build a minimal docker image for the nix package manager. The current official docker image for nix is based on alpine, this image that is build from scratch and looks a lot more like nixos.

nix, bash and coreutils are installed in a system profile that is linked to /run/current-system/sw, the only global paths are /bin/sh and /usr/bin/env
it's easy to build a new custom baseimage using a specific version of nixpkgs, this makes it a lot easier to create an image with a custom version of nix or nixpkgs.
the lnl7/nix:ssh image can be used to setup an image that can be used as a remote builder, this allows you to build expressions for x86_64-linux on other platforms (ex. building a new baseimage on a darwin machine)

Base Images

All the images are based on the latest baseimage, previous versions are available in my repository https://hub.docker.com/r/lnl7/nix/tags.

lnl7/nix:2020-09-11 (2.3.7)
lnl7/nix:2020-06-07 (2.3.6)
lnl7/nix:2020-03-07 (2.3.3)
lnl7/nix:2019-03-01 (2.2)
lnl7/nix:2018-09-21 (2.1.2)
lnl7/nix:2018-07-17 (2.0.4)
lnl7/nix:2018-04-17 (2.0)
lnl7/nix:2018-03-13-patch1
lnl7/nix:2018-01-13 (1.11.16)
lnl7/nix:2017-10-07 (1.11.15)
lnl7/nix:2017-06-17 (1.11.10)
lnl7/nix:2017-06-09 (1.11.9)
lnl7/nix:2017-01-21 (1.11.6)
lnl7/nix:124f25b (1.11.4)
lnl7/nix:ea9d390 (1.11.2)
lnl7/nix:272cf5c

Default Image

The default image is intended for interactive use and includes some common and useful packages:

docker run --rm -it lnl7/nix nix repl '<nixpkgs>'
nix-repl>

Building an Image

FROM lnl7/nix:2.3.7

RUN nix-env -iA \
 nixpkgs.curl \
 nixpkgs.jq

Building a new Base Image

nix-shell -A env --run './result/bin/run-docker-build'

The src can also can be overridden to use a custom nixpkgs for the image.

nix-shell -A env --argstr src ./srcs/2018-03-13.nix

Running as a remote builder

docker run --restart always --name nix-docker -d -p 3022:22 lnl7/nix:ssh

If you have not setup a remote builder before you can follow these steps.

Configure SSH

An insecure rsa key is provided in the repo, the following assumes you are using it. Optional instructions for generating a fresh key are provided at the end.

Single User Mode

Copy the rsa key to your ssh folder

chmod 600 ssh/insecure_rsa
cp ssh/insecure_rsa ~/.ssh/docker_rsa

Add an entry for the container in your ~/.ssh/config

Host nix-docker
  User root
  HostName 127.0.0.1
  Port 3022
  IdentityFile ~/.ssh/docker_rsa

Multi User Mode (Nix Daemon)

Copy the insecure rsa key to /etc/nix

sudo mkdir -p /etc/nix
chmod 600 ssh/insecure_rsa
sudo cp ssh/insecure_rsa /etc/nix/docker_rsa

Add an ssh entry to /var/root/.ssh/config if you are using nix daemon

Host nix-docker
  User root
  HostName 127.0.0.1
  Port 3022
  IdentityFile /etc/nix/docker_rsa

Optional: setup your own ssh key, instead of using the insecure key.

ssh-keygen -t rsa -b 2048 -N "" -f docker_rsa
docker cp docker_rsa.pub nix-docker:/root/.ssh/authorized_keys

Then copy the key to either /etc/nix or ~/.ssh depending on if you are running nix in single or multi user mode.

Create a signing keypair

openssl genrsa -out /etc/nix/signing-key.sec 2048
openssl rsa -in /etc/nix/signing-key.sec -pubout > /etc/nix/signing-key.pub
chmod 600 /etc/nix/signing-key.sec
ssh nix-docker mkdir -p /etc/nix
docker cp /etc/nix/signing-key.sec nix-docker:/etc/nix/signing-key.sec

Setup the container as a remote builder

sudo cp ssh/remote-build-env /etc/nix/
sudo cp ssh/machines /etc/nix/

Build a linux derivation

nix-build -E 'with import <nixpkgs> { system = "x86_64-linux"; }; hello.overrideAttrs (drv: { REBUILD = builtins.currentTime; })'

nix-docker's People

Contributors

Stargazers

Watchers

nix-docker's Issues

nix 2.0?

This could need an update.

Nix-build failing with DockerTools on MacOS

I'm seeing the following error when I run nix-build with a nix file that uses dockerTools on MacOS.

Running the nix-build with this same script was working previously. But I recently updated to Nix 2.2 and that's when it started breaking.

building '/nix/store/1yki5kfxk7c8rmkvcak7p9jsic4xagx7-tarsum.drv' on 'ssh://root@nix-docker'...
failed to initialize build cache at /homeless-shelter/.cache/go-build: mkdir /homeless-shelter: permission denied
builder for '/nix/store/1yki5kfxk7c8rmkvcak7p9jsic4xagx7-tarsum.drv' failed with exit code 1
error: build of '/nix/store/1yki5kfxk7c8rmkvcak7p9jsic4xagx7-tarsum.drv' on 'ssh://root@nix-docker' failed: builder for '/nix/store/1yki5kfxk7c8rmkvcak7p9jsic4xagx7-tarsum.drv' failed with exit code 1
builder for '/nix/store/1yki5kfxk7c8rmkvcak7p9jsic4xagx7-tarsum.drv' failed with exit code 1

Version bump?

Hey dear devs,

Thanks for sharing this nice image.

Can the nixpkg version be bumped to latest (2.3.7)?

Thanks

unable to load seccomp BPF program: Invalid argument

Progress:

I got the lnl7/nix:ssh docker container running w/out any issues
I'm able to access the docker container via either ssh local-linux or sudo ssh local-linux
I'm using nix-darwin & configured the remote builder like so:

  nix.settings.allowed-users = [ "root" "bohendo" ];
  nix.settings.trusted-users = [ "root" "bohendo" ];
  nix.distributedBuilds = true;
  nix.buildMachines = [{
    hostName = "local-linux";
    sshKey = "/tmp/nix/insecure_rsa";
    sshUser = "root";
    system = "x86_64-linux";
  }];
  nix.extraOptions = ''
    experimental-features = nix-command flakes
  '';

And when I try to run the test command at the end of the readme, I get the following:

$ nix-build -E 'with import <nixpkgs> { system = "x86_64-linux"; }; hello.overrideAttrs (drv: { REBUILD = builtins.currentTime; })'
this derivation will be built:
  /nix/store/zaz9ii7hy0rf37jdfa0yqf4yddqzshfh-hello-2.12.1.drv
this path will be fetched (0.99 MiB download, 0.99 MiB unpacked):
  /nix/store/pa10z4ngm0g83kx9mssrqzz30s84vq7k-hello-2.12.1.tar.gz
copying path '/nix/store/pa10z4ngm0g83kx9mssrqzz30s84vq7k-hello-2.12.1.tar.gz' from 'https://cache.nixos.org'...
building '/nix/store/zaz9ii7hy0rf37jdfa0yqf4yddqzshfh-hello-2.12.1.drv' on 'ssh://root@local-linux'...
copying 1 paths...
copying path '/nix/store/pa10z4ngm0g83kx9mssrqzz30s84vq7k-hello-2.12.1.tar.gz' to 'ssh://root@local-linux'...
error: build of '/nix/store/zaz9ii7hy0rf37jdfa0yqf4yddqzshfh-hello-2.12.1.drv' on 'ssh://root@local-linux' failed: while setting up the build environment: unable to load seccomp BPF program: Invalid argument
error: builder for '/nix/store/zaz9ii7hy0rf37jdfa0yqf4yddqzshfh-hello-2.12.1.drv' failed with exit code 1

I found a related issue that suggested setting filter-syscalls = false but this option doesn't appear to exist anymore. Even if it did, I'd rather provide a valid argument than disable important safety features. One comment suggested it might be bug in docker so maybe it's something that this repo's docker container could fix? I'm not really sure how to proceed.

system: "aarch64-darwin"
host os: Darwin 22.1.0, macOS 13.0.1
multi-user?: yes
sandbox: no
version: nix-env (Nix) 2.10.3
channels(bohendo): "darwin, nixpkgs"
channels(root): "nixpkgs"
nixpkgs: /Users/bohendo/.nix-defexpr/channels/nixpkgs

SSL peer certificate or SSH remote key was not OK

On a freshly set up system, I see this:

ssh dfinity-nix-docker
lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
-bash-4.4# nix-env -iA nixos.curl
installing 'curl-7.68.0'
warning: unable to download 'https://cache.nixos.org/lxw9pidjbdhpg4izygyr8khrzjzfydz9.narinfo': SSL peer certificate or SSH remote key was not OK (60); retrying in 341 ms
...

This usually implies that NIX_SSL_CERT_FILE is not properly set. If I check on the machine:

$ printenv
SSH_CONNECTION=172.17.0.1 47240 172.17.0.2 22
USER=root
NIX_PATH=nixpkgs=/nix/store/p2d6ih9sz4whijgf9i5jvy4g9hycfb02-nixpkgs-20.09pre216190.6b6f9d769a5
PWD=/root
HOME=/root
SSH_CLIENT=172.17.0.1 47240 22
SSL_CERT_FILE=
SSH_TTY=/dev/pts/0
MAIL=/var/mail/root
TERM=xterm-256color
SHELL=/run/current-system/sw/bin/bash
SHLVL=1
LOGNAME=root
PATH=/root/.nix-profile/bin:/run/current-system/sw/bin
_=/run/current-system/sw/bin/printenv

The variable is not there, and SSL_CERT_FILE is empty. Checking /etc/bashrc shows the following:

$ cat /etc/bashrc
export SSL_CERT_FILE=
export PATH=/root/.nix-profile/bin:/run/current-system/sw/bin
export NIX_PATH=nixpkgs=/nix/store/p2d6ih9sz4whijgf9i5jvy4g9hycfb02-nixpkgs-20.09pre216190.6b6f9d769a5

Thus, I think this is a bug. My wild guess would be that sshDocker defines SSL_CERT_FILE=$SSL_CERT_FILE (here), yet image only exports NIX_SSL_CERT_FILE (here). In f750cee image has been changed to export NIX_SSL_CERT_FILE instead of SSL_CERT_FILE.

agent key RSA SHA256:... returned incorrect signature type

I've just run the convenience script start-docker-nix-build-slave and the ssh test succeeds with a warning about an incorrect signature type.

How might that signature type be fixed?

% source <(curl https://raw.githubusercontent.com/grafted-in/nix-docker/build-slave-script/start-docker-nix-build-slave)
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    14  100    14    0     0     33      0 --:--:-- --:--:-- --:--:--    32
/dev/fd/11:1: command not found: 404:
ldeck@rpauql-47w6n12 nix-remote-builder % source <(curl https://raw.githubusercontent.com/LnL7/nix-docker/build-slave-script/start-docker-nix-build-slave)
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100    14  100    14    0     0     40      0 --:--:-- --:--:-- --:--:--    40
/dev/fd/11:1: command not found: 404:
ldeck@rpauql-47w6n12 nix-remote-builder % source <(curl https://raw.githubusercontent.com/LnL7/nix-docker/master/start-docker-nix-build-slave)            
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2414  100  2414    0     0   6335      0 --:--:-- --:--:-- --:--:--  6335
## Use Docker Container as Nix Build Slave
##
## Usage: source /dev/fd/11
##
## Note: if you experience issues, you can clean up the build slave artifacts and start over by:
##   1. rm -r ~/.nix-docker-build-slave
##   2. Delete entry in ~/.ssh/config for
##        Host "nix-docker-build-slave"
##   3. Delete the docker container named
##        nix-docker-build-slave

>>> Downloading SSH credentials for the docker container
>>> Adding an entry to /Users/ldeck/.ssh/config for nix-docker-build-slave
>>> Starting docker container: nix-docker-build-slave
    (This may fail if the container was already created.)
d9d58df41acffe9076fe58755aa005c08ecfe022ca553832ce89a8b897bc7d13
>>> Writing remote systems configuration to /Users/ldeck/.nix-docker-build-slave/remote-systems.conf
>>> Running SSH test
agent key RSA SHA256:mOoSGVOxYNmdMVOiCw3ONAyQOfTZS9k+4rzKehPLYi8 returned incorrect signature type
SSH connection is working.
>>> Setting $NIX_REMOTE_SYSTEMS to use /Users/ldeck/.nix-docker-build-slave/remote-systems.conf

getting stuck trying to use as a nixpkg builder

I am trying to use this as a nixos build environment to test package updates.
I ran:

my-mac $ docker run --rm -it -v "$(pwd):/mnt" lnl7/nix
# nix-shell -p nox --run "nox-review pr 30731"

After the 2nd command one of the derivations failed to build because the locale was not set to UTF8. Is there another image I should use for package building?

cannot build on 'ssh://root@nix-docker'

I'm following the macOS-nix-docker guide here. I installed nix-darwin with

nix-build https://github.com/LnL7/nix-darwin/archive/master.tar.gz -A installer
./result/bin/darwin-installer

and I've set

nix.distributedBuilds = true;
nix.buildMachines = [ {
  hostName = "nix-docker";
  sshUser = "root";
  sshKey = "/etc/nix/docker_rsa";
  systems = [ "x86_64-linux" ];
  maxJobs = 2;
} ];

and

services.nix-daemon.enable = true;

darwin-rebuild switch:

darwin-rebuild switch
building the system configuration...
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
user defaults...
setting up user launchd services...
setting up ~/Applications...
setting up /etc...
warning: not linking environment.etc."nix/nix.conf" because /etc/nix/nix.conf exists, skipping...
system defaults...
setting up launchd services...

( The warning is because I have a vanilla install of nix as well and hence a nix.conf; maybe this would lead to the failure below?)

I can ssh as root to the docker builder, but running the test build fails with

$ nix-build -E 'with import <nixpkgs> { system = "x86_64-linux"; }; hello.overrideAttrs (drv: { rebuild = builtins.currentTime; })'
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
these derivations will be built:
  /nix/store/8f0dgnis487dsr6xz0d9jyqrhqqvfshb-hello-2.10.drv
cannot build on 'ssh://root@nix-docker': cannot connect to 'root@nix-docker': ssh: Could not resolve hostname nix-docker: nodename nor servname provided, or not known
error: a 'x86_64-linux' is required to build '/nix/store/8f0dgnis487dsr6xz0d9jyqrhqqvfshb-hello-2.10.drv', but I am a 'x86_64-darwin'

Is this an issue with the nix-daemon? How can I get it to talk to the docker container?

Trouble getting the remote builder to work on macOS

I've got the ssh remote builder container running in Docker on my macOS box. I can ssh into the container from the macOS host, and I've created and uploaded a signing key for remote builds.

However, when trying to use the container from macOS as a remote builder for Linux targets, I'm running into nixpkgs assertions at various places. For example, when I attempt to build one of my Haskell projects for Linux from macOS, using the remote builder container, after sourcing your remote-build-env script, I get the following:

% nix-build '<nixpkgs>' default.nix --argstr system x86_64-linux
error: assertion failed at /Users/dhess/git/nixpkgs/pkgs/top-level/all-packages.nix:6087:19

I'm using nixpkgs from git; the line shown in the error message above refers to the cross-compiling check:

  binutilsCross = assert crossSystem != null; lowPrio (forceNativeDrv (
    if crossSystem.libc == "libSystem" then darwin.cctools_cross
    else binutils.override {
      noSysDirs = true;
      cross = crossSystem;
    }));

I'm having a similar problem trying to use the ssh container with nixops to provision a NixOS physical host from macOS. nixops breaks as soon as it tries to build a kernel for the target host, though at least in this case it's finding my local remote-systems.conf file:

% nixops deploy -d builder-vm
building all machine configurations...
using predefined remote systems file: /Users/dhess/.nixconf/remote-systems.conf
error: assertion failed at /Users/dhess/git/dhess-nixos/nixpkgs/pkgs/os-specific/linux/kernel/generic.nix:32:1
(use ‘--show-trace’ to show detailed location information)
error: unable to build all machine configurations

Is a local nix-daemon a pre-requisite for using a remote builder? I'm not running one at the moment as I'm not using your nix-darwin repo and I've never needed it for my macOS work.

My remote-systems.conf file looks like this:

nix-docker x86_64-linux ~/.ssh/[email protected]_id_ed25519_20151127.pub 2

macOS updates delete /var/root/.ssh

I followed the instructions to add an entry to /var/root/.ssh/config, which worked until a macOS system update (to 12.4) deleted that file.

It's infeasible for me to reproduce this problem, but for now I've added the entry to /etc/ssh/ssh_config.d/nix-docker and will check this issue again for the next few system updates.

Please comment on this issue if:

You have found the same problem, or
You know whether /etc/ssh/ssh_config.d/nix-docker is a viable alternative to /var/root/.ssh/config

(If the latter is true, we should update the README)

does not bootstrap system.build.etc aka /etc/ which means you should probably avoid nix-docker until it does

Howdy Daiderd,

A quick GitHub issue to say that I appreciate the work you are doing. I don't have time atm to send in a pull-request but here's a repro. Related issues #9

repro

FROM lnl7/nix:2.1.2

# baseline
RUN nix-env -iA nixpkgs.busybox 

# trust/use these 3rd party caches
RUN nix-env -iA cachix -f https://github.com/NixOS/nixpkgs/tarball/889c72032f8595fcd7542c6032c208f6b8033db6
RUN cachix -v use hie-nix

💥

nix-shell -p nix-info --run "nix-info -m" does not work in container

Using lnl7/nix:2018-03-13-patch1 the command nix-shell -p nix-info --run "nix-info -m" fails:

(see /nix/store/15kgcm8hnd99p7plqzx7p4lcr2jni4df-set-source-date-epoch-to-latest.sh: line 13: [: : integer expression expected )

# within the container
sh-4.4# nix-shell -p nix-info --run "nix-info -m"
these derivations will be built:
  /nix/store/y3wqwzz0r1b3n48jfkqd8bkk3wnr9q23-nix-info.drv
building '/nix/store/y3wqwzz0r1b3n48jfkqd8bkk3wnr9q23-nix-info.drv'...
unpacking sources
unpacking source archive /nix/store/wr8bahshiaw2y3yradfkwjml8kp86mrm-info.sh
source root is nix-info
/nix/store/15kgcm8hnd99p7plqzx7p4lcr2jni4df-set-source-date-epoch-to-latest.sh: line 13: [: : integer expression expected
patching sources
configuring
no configure script, doing nothing
building
installing
post-installation fixup
shrinking RPATHs of ELF executables and libraries in /nix/store/hcsg6lbs64ygbaz3x21wsh56ijxm9fc0-nix-info
strip is /nix/store/b0zlxla7dmy1iwc3g459rjznx59797xy-binutils-2.28.1/bin/strip
stripping (with command strip and flags -S) in /nix/store/hcsg6lbs64ygbaz3x21wsh56ijxm9fc0-nix-info/bin 
patching script interpreter paths in /nix/store/hcsg6lbs64ygbaz3x21wsh56ijxm9fc0-nix-info
checking for references to /tmp/nix-build-nix-info.drv-0 in /nix/store/hcsg6lbs64ygbaz3x21wsh56ijxm9fc0-nix-info...
 - system: `"x86_64-linux"`
 - host os: `Linux 4.15.18`
 - multi-user?: `yes`
 - sandbox: `no`
 - version: `nix-env (Nix) 2.0`
 - nixpkgs: `/nix/store/ij1fzas5yrvqcpxmswk8pmwpwlnjllb7-nixpkgs-unstable-2018-03-13`

Help using nix-docker with nix-daemon locally

On my nix-darwin system, I use nix-daemon. I've gotten nix-docker set up per the README, but when I try to build something it complains about there not being a nibbled group on the Docker container. I'm not really sure where to go from here... Any advice?

Related: LnL7/nix-darwin#9

Update to Nix 2.2.2

see:

Why not make this the official Dockerfile for Nix?

It seems that this is more raw as a container for Nix, and it's smaller too.

It also seems this is more updated, since the current Nix container is only at 1.11.

Would be better to market this container as the official Nix container.

And the nixpkgs container should be quietly deprecated (https://hub.docker.com/r/nixos/nixpkgs/).

docker build failing on linux

I am trying to build this dockerfile on AWS linux ec2, but I get this message error. I logged into docker already and still generates this error. Any help would be appreciated.

pull access denied for nix-base, repository does not exist or may require 'docker login'

README: Add a description and more information

What does this repo do? Is it the official image? If not, how does it differ?

Thanks in advance!

Time sync with host in ssh container

The ssh container appears to have the same time sync issue that has plagued Docker for Mac since they switched the implementation to HyperKit (at least that far back), namely that if the host Mac goes to sleep, the container's time does not keep up and will fall behind the host. Unfortunately, in my case, at least, restarting the container does not fix the issue.

This behavior is not unique to your container:

https://www.reddit.com/r/docker/comments/58ozxh/ntp_in_the_container_or_sync_with_host/
docker/for-mac#17
docker/for-mac#500
docker/for-mac#693
moby/moby#27488

That's just a small sample of the issues that have been reported and/or filed on upstream. It seems unlikely they'll fix it anytime soon. In the meantime, perhaps it would help to run ntpd in the container and to run ntpdate on restart.

Official nixos project?

Just curious, have you given consideration to trying to replace the upstream docker container, or become a project under the NixOS organizational umbrella? I have no idea if this is overall desired by the project/community, but it seems like it would help discoverability and possibly reduce any duplication between this repo and the upstream container?

(Also, a thank you, this is a very nice repo/project!)

useradd doesn't work in container

Sorry, I'm quite new to nix - but when I do useradd:

useradd dummy
useradd: PAM: Critical error - immediate abort

What am I missing here ?

Warning: Identity file "[home]/.nix-docker-build-slave/insecure_rsa" not accessible: No such file or directory.

First off, thank you very much for building this project @LnL7, and for making it so easy to use as a remote builder @3noch with the addition of the start-docker-nix-build-slave script.

On macOS 10.12.6 I was able to do the following...

Clone the repo.
run start-docker-nix-build-slave.
use export NIX_REMOTE_SYSTEMS="$HOME/.nix-docker-build-slave/remote-systems.conf" to set my current shell to use the docker container as a remote builder.
Add the following to my .profile for later use...

if [ -f "$HOME/.nix-docker-build-slave/remote-systems.conf" ]
then
        export NIX_REMOTE_SYSTEMS="$HOME/.nix-docker-build-slave/remote-systems.conf"
fi

Then successfully used nixops create ... and nixops deploy ... on the nixops load-balancer example to create a virtualbox network. (the usual fail on first virtualbox deploy requiring nixops stop / start / deploy was expected)

However, during the deploy every build command was followed up by a warning about the identity file not being available, is that due to something I did wrong, or something that could be improved?

...
copying path '/nix/store/yrq9vb5x5snsvn6wbwxxccmjvqh91qdl-etc-nsswitch.conf' from 'ssh://nix-docker-build-slave'...
building '/nix/store/vpc5v8cmfgkbf00z76c2hiq2hjjwxlj5-etc-os-release.drv' on 'ssh://nix-docker-build-slave'...
Warning: Identity file "/Users/ian/.nix-docker-build-slave/insecure_rsa" not accessible: No such file or directory.
copying 1 paths...
copying path '/nix/store/8lk54da6c59qr68hdsjbfvrd6z6b0srs-etc-os-release' from 'ssh://nix-docker-build-slave'...
building '/nix/store/fimqsm153aiijwms1721b6rx4v7czaxp-etc-resolvconf.conf.drv' on 'ssh://nix-docker-build-slave'...
Warning: Identity file "/Users/ian/.nix-docker-build-slave/insecure_rsa" not accessible: No such file or directory.
copying 1 paths...
copying path '/nix/store/i7xxkc18hg91sls004dmk96kq5xx5zjl-etc-resolvconf.conf' from 'ssh://nix-docker-build-slave'...
building '/nix/store/41ssnvsbkhmxjj9vwmlhhnyjgd080jfa-etc-shells.drv' on 'ssh://nix-docker-build-slave'...
copying 3 paths...
...

I think the file it's complaining about is in the right place etc..

Ians-iMac:.nix-docker-build-slave ian$ pwd
/Users/ian/.nix-docker-build-slave
Ians-iMac:.nix-docker-build-slave ian$ ls -la
total 24
drwxr-xr-x   5 ian  staff   170 11 Oct 09:47 .
drwxr-xr-x+ 78 ian  staff  2652 11 Oct 09:58 ..
-rw-------   1 ian  staff  1675 11 Oct 09:47 insecure_rsa
-rw-r--r--   1 ian  staff   401 11 Oct 09:47 insecure_rsa.pub
-rw-r--r--   1 ian  staff    88 11 Oct 09:47 remote-systems.conf
Ians-iMac:.nix-docker-build-slave ian$ cat remote-systems.conf
nix-docker-build-slave x86_64-linux "/Users/ian/.nix-docker-build-slave/insecure_rsa" 1
Ians-iMac:.nix-docker-build-slave ian$

the group 'nixbld' specified in 'build-users-group' does not exist

i cloned the repo and executed the ./start-docker-nix-build-slave script and then followed the guide in the https://github.com/LnL7/nix-docker#building-an-image guide and then in the new environment:

nixops deploy -d test

i get these errors:

... many lines
error: the group 'nixbld' specified in 'build-users-group' does not exist

i've tried this on docker host:

echo "build-users-group =" > /etc/nix/nix.conf'

but it didn't change the error message nor fix it.

nix-darwin + nix-docker + nixops = failed deployment

When trying to deploy a simple web app from my macOS/nix-darwin machine using nix-docker, I get the following error:

error: all build users are currently in use; consider creating additional users and adding them to the ‘nixbld’ group on ‘nix-docker’

I've since changed maxJobs to 1 (from 4) as follows:

{
  nix.distributedBuilds = true;
  nix.buildMachines = [
    {
      hostName = "nix-docker";
      system = "x86_64-linux";
      maxJobs = 1;
      sshKey = "/Users/mohacker/.ssh/docker_rsa";
    }
  ];

Here's hoping that works, but if not, I may need further advice.

Sharing /nix with docker

Using the delegate flag, file sharing with Docker is quite fast.

It would be great to have a minimal image that just needs nix to be installed on macos, and then it pulls it the linux dependencies, runs the image with -v /nix:/nix:delegate and then everything is cached.