| 16 Dec 2025 |
 WeetHet | I don't think macOS has root ssh configuration so I don't know how to set a 32222 port | 12:15:24 |
| WeetHet | * I don't think macOS has root ssh configuration so I don't know how to set a 32222 port to be used by the remote builder | 12:15:33 |
 Randy Eckenrode | I think it can be enabled in the SSH config, but it’s disabled by default. | 12:17:19 |
| WeetHet | Hmm, builder.pl> error: you are not privileged to build input-addressed derivations | 12:29:21 |
 niklaskorz | you can have a look at how the nix-darwin linux builder module does it | 12:30:31 |
| niklaskorz | it adds the ssh config to /etc/ssh/ssh_config.d/ | 12:30:42 |
| niklaskorz | https://github.com/nix-darwin/nix-darwin/blob/master/modules/nix/linux-builder.nix | 12:30:51 |
| niklaskorz | oh well | 12:31:00 |
| WeetHet | Okay I fixed this | 12:32:59 |
| WeetHet | This is horrible though:
{ config, lib, ... }:
{
options.services.orbstack = {
enable = lib.mkEnableOption "OrbStack Linux Machine";
};
config = lib.mkIf config.services.orbstack.enable {
system.requiresPrimaryUser = true;
nix.distributedBuilds = true;
nix.buildMachines = [
{
hostName = "orb-builder";
system = "aarch64-linux";
}
];
environment.etc."ssh/ssh_config.d/200-orbstack-builder.conf".text = ''
Host orb-builder
Hostname 127.0.0.1
Port 32222
User builder
IdentityFile ${config.system.primaryUserHome}/.orbstack/ssh/id_ed25519
IdentitiesOnly yes
UserKnownHostsFile ${config.system.primaryUserHome}/.orbstack/ssh/known_hosts
'';
};
}
| 12:33:11 |
| niklaskorz | looks ok to me 😅 | 12:33:42 |
| WeetHet | Needing primaryUser is the thing I have an issue with | 12:34:00 |
| niklaskorz | ah, well you can also provide a store file there I guess | 12:34:20 |
| niklaskorz | as there's no secret information in known_hosts | 12:34:35 |
| niklaskorz | and about the identityfile, the linux-builder sets it up in /etc/nix/ | 12:34:53 |
| niklaskorz | ❯ ls -la /etc/nix
.rw------- 411 root 11 Jan 16:06 builder_ed25519
.rw-r--r-- 99 root 11 Jan 16:06 builder_ed25519.pub
| 12:35:10 |
| niklaskorz | you could also move the known_hosts there I guess | 12:35:15 |
| WeetHet | It has an advantage of being able to modify the authorized keys on the machine | 12:35:26 |
| WeetHet | I also can do it but then it's less automatic | 12:35:38 |
| WeetHet | Ehh, for now I'm gonna live with a primaryUser | 12:35:51 |
| WeetHet | I'm gonna come up with something else when it gets removed from nix-darwin | 12:36:06 |
| Randy Eckenrode | Knowing that I need to primarily build packages from source, I’m not going to package any more dependencies other than what I have. These are used by the toolchain and build with CMake. | 12:39:21 |
| Randy Eckenrode | For some reason though, statically building SwiftASN1 breaks building Swift Crypto. It makes absolutely no sense. | 12:39:57 |
| Randy Eckenrode | I really wish SwiftPM had a way to provide pre-built artifacts for these, but AFAIK it does not. The intent is you build everything from source. | 12:41:02 |
| Randy Eckenrode | I may go back to the drawing board and provide a binary output that actually does the build, so things that use SwiftPM can still build right. | 12:41:44 |
| Randy Eckenrode | I do want to hack up Swift PM to make it use our toolchain’s binaries for the experimental Swift Syntax binaries flag, but I still need to separate them out. | 12:42:27 |
| Randy Eckenrode | I’m currently grinding through getting SwiftPM building. I want the result to look like what it would if build by SwiftPM. The CMake files do not seem meant for production use …. | 12:43:25 |
|  vic set their display name to oeiuwq. | 15:10:07 |
| vic set a profile picture. | 21:32:12 |
| vic changed their display name from oeiuwq to vic. | 21:32:21 |
