-
Notifications
You must be signed in to change notification settings - Fork 156
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
made sops-install-secrets working when crossSystem is set #469
base: master
Are you sure you want to change the base?
Conversation
modules/home-manager/sops.nix
Outdated
@@ -2,7 +2,7 @@ | |||
|
|||
let | |||
cfg = config.sops; | |||
sops-install-secrets = (pkgs.callPackage ../.. {}).sops-install-secrets; | |||
sops-install-secrets = (pkgs.buildPackages.callPackage ../.. {}).sops-install-secrets; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you sure this correct?
sops-install-secrets needs to run on the host system i.e if you do a x86_64 -> aarch64 build than this would yield an x86_64 binary that cannot run on aarch64 at activation time.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When do you encounter a case where this is needed at build time?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah right, I'm not sure this is correct.
I encounter this not a build time but at activation time as I deploy a x86_64 node an aarch64 home-manager profile that is cross compiled. In this case, the activation scripts need to be x86_64 instead of aarch64.
See nix-community/home-manager#4907, where I've made a similar PR for home-manager.
This will break more "standard" workflow where the activation is done in the node itself.
May I propose an update with an option like activationPackageSet
defaulting to pkgs
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are deploying an aarch64 profile on a x86_64 node? How do you use aarch64 binaries on x86_64? I don't understand the use case. As the patch is just now it would break cross setups i.e. I have a riscv64 machine that gets build by a x86 machine.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My $HOME is on a NFS mount point that is shared between several nodes (x86_64 and aarch64).
As the aarch64 nodes are not much powerfull (or used by other users), my aarch64 profile is build on a x86_64 node and also deployed from it.
NB: On that cluster, binfmt_misc is not configured to run aarch64 binaries on x86_64.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok. But don't you run the activation phase (nixos-rebuild switch) on the aarch64 machine natively?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In fact not and that why I made this patch. I'm building and deploying from the build node.
I've updated this patch and its related patch on home-manager at nix-community/home-manager#4907
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok. I can merge this, when home-manager patch is in.
219e5f3
to
f7e369e
Compare
f7e369e
to
162d5f7
Compare
In NixOS setting
CrossSystem
allow to compile for a system that can be different of the host system but the tools that need to be run on the build host must come frompkgs.buildPackages
.