From 859c1e74ef5a5ab4161249b15dc4eb0618df2f7c Mon Sep 17 00:00:00 2001 From: Sander Date: Tue, 14 May 2024 21:19:49 +0000 Subject: [PATCH 1/3] Enable always-allow-substitutes by default A typical CI machine will have fast internet access, but may not have all the inputs already in the store to rebuild trivial derivations marked with `allowSubstitutes = false`. This leads to expensive cycles of downloads and rebuilds for derivations like the top-level NixOS system, which will be rebuilt from scratch on every CI run, despite being cached. --- install-nix.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/install-nix.sh b/install-nix.sh index 83c4354..911a358 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -56,6 +56,11 @@ fi if [[ ! $INPUT_EXTRA_NIX_CONFIG =~ "experimental-features" ]]; then add_config "experimental-features = nix-command flakes" fi +# Always allow substituting from the cache, even if the derivation has `allowSubstitutes = false`. +# This is a CI optimisation to avoid having to download the inputs for already-cached derivations to rebuild trivial text files. +if [[ ! $INPUT_EXTRA_NIX_CONFIG =~ "always-allow-substitutes" ]]; then + add_config "always-allow-substitutes = true" +fi # Nix installer flags installer_options=( From 01dba9f77095b5f03102533169760a81c51f2205 Mon Sep 17 00:00:00 2001 From: Sander Date: Tue, 14 May 2024 22:11:41 +0000 Subject: [PATCH 2/3] Update README --- README.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a7c06fd..265fbff 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ or [pin nixpkgs yourself](https://nix.dev/reference/pinning-nixpkgs) - Allows specifying extra Nix configuration options via `extra_nix_config` - Allows specifying `$NIX_PATH` and channels via `nix_path` - Share `/nix/store` between builds using [cachix-action](https://github.com/cachix/cachix-action) for simple binary cache setup to speed up your builds and share binaries with your team -- Enables `flakes` and `nix-command` experimental features by default (to disable, set `experimental-features` via `extra_nix_config`) +- Enables KVM on supported machines: run VMs and NixOS tests with full hardware-acceleration ## Usage @@ -75,6 +75,19 @@ To install Nix from any commit, go to [the corresponding installer_test action]( - `enable_kvm`: whether to enable KVM for hardware-accelerated virtualization on Linux. Enabled by default if available. + +## Differences from the default Nix installer + +Some settings have been optimised for use in CI environments: + +- `nix.conf` settings: + + - The experimental `flakes` and `nix-command` features are enabled. Disable by overriding `experimental-features` in `extra_nix_config`. + + - `always-allow-substitutes` is set to `true`. Disable by overriding `always-allow-substitutes` in `extra_nix_config`. + +- KVM is enabled if available. Disable by setting `enable_kvm: false`. + --- ## FAQ From 5dce380a8bcabd02812ffac2471c6a4f5a470c7c Mon Sep 17 00:00:00 2001 From: Sander Date: Wed, 15 May 2024 09:50:19 +0000 Subject: [PATCH 3/3] Update README with more installer differences --- README.md | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 265fbff..a15b882 100644 --- a/README.md +++ b/README.md @@ -80,13 +80,25 @@ To install Nix from any commit, go to [the corresponding installer_test action]( Some settings have been optimised for use in CI environments: -- `nix.conf` settings: +- `nix.conf` settings. Override these defaults with `extra_nix_config`: - The experimental `flakes` and `nix-command` features are enabled. Disable by overriding `experimental-features` in `extra_nix_config`. - - `always-allow-substitutes` is set to `true`. Disable by overriding `always-allow-substitutes` in `extra_nix_config`. + - `max-jobs` is set to `auto`. -- KVM is enabled if available. Disable by setting `enable_kvm: false`. + - `show-trace` is set to `true`. + + - `$USER` is added to `trusted-users`. + + - `$GITHUB_TOKEN` is added to `access_tokens` if no other `github_access_token` is provided. + + - `always-allow-substitutes` is set to `true`. + + - `ssl-cert-file` is set to `/etc/ssl/cert.pem` on macOS. + +- KVM is enabled on Linux if available. Disable by setting `enable_kvm: false`. + +- `$TMPDIR` is set to `$RUNNER_TEMP` if empty. ---