Distributed builds setup (single user setup only)

authorized_keys

command="/nix/var/nix/profiles/default/bin/nix-store --serve --write" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFiwKsqtlnuDyF+c9AJO+krQQmvWRtdvEM3d2FMwYOU0sVU1gGHXHpdb/QtvZyZV+bvSro+UfedJW+FaLMd+twun4llp/mlOEzKX6mz1xY6OtGIVc1a5wb2MY2Eb6aptlJUNzW469HqdvJKGlEOEcOt1b74WBERry5vNzGlS8MWX1qdjKlsnuQg6Xeb0XLLM7gi6S8x+H4ZuFtkjdaTC6Je+Gi61O1n845L767tOTHJZUDhCLPbwdg1zpwD+lMI10QgkPkgc9uatXkjvCcX8O51WxB2UTp4w4NwP/Lp5BZV/SgcbMUjhKNVtRDqH1CdRgQMg5Bo5WIyYatx/nAdb4P insecure docker key

configure.sh

#!/usr/bin/env bash
set -e

openssl genrsa -out /etc/nix/signing-key.sec 2048
openssl rsa -in /etc/nix/signing-key.sec -pubout > /etc/nix/signing-key.pub
chmod 600 /etc/nix/signing-key.sec

# Copy signing key.
scp /etc/nix/signing-key.sec mac1:/etc/nix/signing-key.sec
scp /etc/nix/signing-key.sec mac1:/etc/nix/signing-key.sec

# Configure known hosts.
ssh-keyscan mac1 > ~/.ssh/known_hosts
ssh-keyscan mac2 > ~/.ssh/known_hosts

# Create current-load.
mkdir -p /tmp/nix/current-load
chmod a+rwX /tmp/nix/current-load

machines

mac1 x86_64-darwin /etc/nix/build_rsa 4 4
mac2 x86_64-darwin /etc/nix/build_rsa 4 4

remote-nix-build.sh

#!/usr/bin/env bash
set -e

export NIX_BUILD_HOOK="/nix/var/nix/profiles/default/libexec/nix/build-remote.pl"
export NIX_REMOTE_SYSTEMS="/etc/nix/machines"
export NIX_CURRENT_LOAD="/tmp/nix/current-load"

nix-build "$@"

These are some issues I've run into when setting it up:

• NIX_CURRENT_LOAD has to exist.
• make sure nix-store available in PATH, this might not be the case for non-interactive ssh sessions.
• the machine was not in the know_hosts yet, what's important to know is that when using the nix-daemon this has to be done for root
• the signing key was not setup properly, I think this is not required when using the nix-daemon

WARNING: don't use nix-build --check to verify if this is working correctly, it always builds locally.