Allow users to use the server as remote builder #68
Loading…
Reference in a new issue
No description provided.
Delete branch "nix-remote"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Proposal
Allow users who ask for it to use the server as a remote builder for their nix projects.
FSR Infrastructure has a history of being used for private belongings too and there haven't been problems with it. A lot in here follows the fair use principle.
Implementation
Trusted users are managed via an ldap group. And can then use the nix daemon as their local ldap user.
Note the following warning from the nix.conf man page:
So I think access to remote building should be reserved for FSR roots.
Additionally, I wouldn't recommend using a production system as remote builder. Builds tend to be quite resource intensive. For example, disk space can easily fill up as a result of remote building. This will then impact the production infrastructure, which is not nice.
Fair points. I've looked a bit around, https://nixos.wiki/wiki/Distributed_build describes a setup in which no privileged users are needed. But I don't know if this article is still valid.
Pull request closed