Any way to deploy from desktop to phone using deploy-rs or nixus?

[bbigras]

https://github.com/serokell/deploy-rs https://github.com/Infinisil/nixus

Those tools allow us to build multiples machines at once and push deploy them.

If I can build aarch64, can I just build something, nix-copy it to the phone and run an activate command on the phone?

[Gerschtli]

That should be possible I think. Have a look at nix-on-droid/nix-on-droid.sh on how we build and activate :)

[t184256]

You'll need an ssh server on the phone if you're keen on initiating that from a desktop, I guess, otherwise it's just https://github.com/t184256/nix-on-droid/wiki/Remote-building.

But once you have it, "build something, nix-copy it to the phone and run an activate command on the phone" should just work, yeah.

[bbigras]

Thanks. I think I'm making some progress.

Any way to force system to aarch64-linux when running on x86_x64?

right now I'm trying to do this:

        profiles.system.path = deploy-rs.lib.aarch64-linux.activate.custom
          (
            (import (nix-on-droid + "/modules") {
              pkgs = nixpkgs.legacyPackages."aarch64-linux";
              config = nix_on_droid_config;
              home-manager-src = home-manager;
            }).activationPackage
          ) "./activate";

I think maybe I have to specify pkgs = nixpkgs.legacyPackages."aarch64-linux" in a couple of places.

current status:

❯ deploy ".#pixel2" -- --impure
🚀 ℹ️ [deploy] [INFO] Running checks for flake in .
warning: Git tree '/home/bbigras/nix-config' is dirty
warning: unknown flake output 'deploy'
🚀 ℹ️ [deploy] [INFO] Evaluating flake in .
warning: Git tree '/home/bbigras/nix-config' is dirty
🚀 ℹ️ [deploy] [INFO] The following profiles are going to be deployed:
[pixel2.system]
user = "nix-on-droid"
ssh_user = "nix-on-droid"
path = "/nix/store/87hfvlqrb2760ns1jqz6x7b0zdfrn5cm-activatable-nix-on-droid-generation"
hostname = "pixel2"
ssh_opts = []

🚀 ℹ️ [deploy] [INFO] Building profile `system` for node `pixel2`
warning: Git tree '/home/bbigras/nix-config' is dirty
🚀 ℹ️ [deploy] [INFO] Activating profile `system` for node `pixel2`
⭐ ℹ️ [activate] [INFO] Activating profile
/nix/var/nix/profiles/per-user/nix-on-droid/system/deploy-rs-activate: line 2:  8338 Illegal instruction     ./activate
⭐ ❌ [activate] [ERROR] The activation script resulted in a bad exit code: Some(132)
🚀 ❌ [deploy] [ERROR] Failed to deploy profile: Activating over SSH resulted in a bad exit code: Some(1)

In result, it seems my nix-on-droid-path has x86_64 stuff.

activate-rs is aarch64

EDIT: ok nix-on-droid-path is now aarch64

[bbigras]

EDIT: I'm calling ./activate without the full path.

Current status:

❯ deploy ".#pixel2" -- --impure
🚀 ℹ️ [deploy] [INFO] Running checks for flake in .
warning: Git tree '/home/bbigras/nix-config' is dirty
warning: unknown flake output 'deploy'
🚀 ℹ️ [deploy] [INFO] Evaluating flake in .
warning: Git tree '/home/bbigras/nix-config' is dirty
🚀 ℹ️ [deploy] [INFO] The following profiles are going to be deployed:
[pixel2.system]
user = "nix-on-droid"
ssh_user = "nix-on-droid"
path = "/nix/store/zfyia9axhilazg3l1qw8vhi2n2raqj2d-activatable-nix-on-droid-generation"
hostname = "pixel2"
ssh_opts = []

🚀 ℹ️ [deploy] [INFO] Building profile `system` for node `pixel2`
warning: Git tree '/home/bbigras/nix-config' is dirty
copying path '/nix/store/2jjf28m0qvn9cfqrii9gzav5msv0nf0r-bash-interactive-4.4-p23-man' from 'https://cache.nixos.org'...
copying path '/nix/store/q3acm62dxjdw7rfgnz4zyiz2j619ngr3-glibc-locales-2.32-10' from 'https://cache.nixos.org'...
copying path '/nix/store/qq58n27vwpbhqbzzrzwq0gvl64nl7v74-less-563' from 'https://cache.nixos.org'...
copying path '/nix/store/4klvh9qmav5v841rlrnq9hvhz1dvw7ss-vim-8.2.1522' from 'https://cache.nixos.org'...
🚀 ℹ️ [deploy] [INFO] Activating profile `system` for node `pixel2`
⭐ ℹ️ [activate] [INFO] Activating profile
Activating linkBinSh
Activating linkUsrBinEnv
Activating installLogin
Activating installLoginInner
Activating installPackages
replacing old 'nix-on-droid-path'
installing 'nix-on-droid-path'
building '/nix/store/a4axx3d179cm9l21qhnz3fj6ms9ifqvx-user-environment.drv'...
created 528 symlinks in user environment
Activating installProotStatic
Activating setUpEtc
Removing obsolete symlink '/etc/profiles/per-user/nix-on-droid'...
Activating linkProfile
error: --set requires exactly one derivation
⭐ ❌ [activate] [ERROR] The activation script resulted in a bad exit code: Some(1)
🚀 ❌ [deploy] [ERROR] Failed to deploy profile: Activating over SSH resulted in a bad exit code: Some(1)

[bbigras]

It works if I run the full path in my phone!

Edit: well the "no change" might not be normal. Maybe I ran the wrong one.

Openssh doesn't seem to accept my ssh key after the switch for some reason.

[bbigras]

Any ideas why the nix-on-droid user would break?

EDIT: oh for some reason the nix-on-droid's uid in /etc/passwd is 1000 when I deploy with deploy-rs and it's 10294 when I use nix-on-droid switch.

EDIT 2: I was able to work around it by hardcoding the "right uid/gid. You can see my fork for my changes.

-bash-4.4$ whoami
-whoami: cannot find name for user ID 10294

[Gerschtli]

The reason for the wrong uid and gid is, that these values have to be generated on the destination machine. There is a derivation built in modules/user.nix, which has to be built locally.

[Gerschtli]

Furthermore I think you need the activate script in a profile directory, because we use nix-env --set to switch between generations. Have a look at /nix/var/nix/profiles tree in our default setup.

[bbigras]

Furthermore I think you need the activate script in a profile directory, because we use nix-env --set to switch between generations. Have a look at /nix/var/nix/profiles tree in our default setup.

Would that help with the uid thing, or it's related to the other problems I had?

The reason for the wrong uid and gid is, that these values have to be generated on the destination machine. There is a derivation built in modules/user.nix, which has to be built locally.

Could it be a good idea to have a way to optionally set those ids using the config file?

[Gerschtli]

Furthermore I think you need the activate script in a profile directory, because we use nix-env --set to switch between generations. Have a look at /nix/var/nix/profiles tree in our default setup.

Would that help with the uid thing, or it's related to the other problems I had?

I was refering to the comment you made "Edit: well the "no change" might not be normal. Maybe I ran the wrong one.".

Could it be a good idea to have a way to optionally set those ids using the config file?

I mean you could make these configurable, but the UX would be strange to first setup nix-on-droid the default way, gathering uid and gid, and then hardcode these values. Maybe I am just overthinking :D

Would it be possible to build everything remotely except this derivation? IIRC there aren't big dependants of this derivation, so it should be alright to build the remaining things locally on the destination phone.

[bbigras]

I was refering to the comment you made "Edit: well the "no change" might not be normal. Maybe I ran the wrong one.".

Ok I think this issue is working now. Thanks. I'll take a look again if I see the message again.

I mean you could make these configurable, but the UX would be strange to first setup nix-on-droid the default way, gathering uid and gid, and then hardcode these values. Maybe I am just overthinking :D

I was thinking only people wanting to deploy from a desktop like me would have to handle this.

Would it be possible to build everything remotely except this derivation? IIRC there aren't big dependants of this derivation, so it should be alright to build the remaining things locally on the destination phone.

I have no idea how I could build it on my phone while deploying from my desktop (or from github actions).

Do you think it could be done at the activation step (on the phone)?

[Gerschtli]

The activation step is too late, the uid and gid need to be available to build the nix-on-droid generation. Maybe we could refactor everything, but I don't it will work.

Sounds like an exciting idea to deploy nix-on-droid config via github actions. If the uid/gid part is the only thing stopping you, you could add these two values as option if you add a note in their description, when to set these manually and when you should rather leave them emtpy and using the ids.nix derivation. I would be fine with this change.

[Gerschtli]

And if it works for you, it would be awesome if you could and a wiki page explaining your setup :)

[bbigras]

Sounds like an exciting idea to deploy nix-on-droid config via github actions.

Yeah. It would work for people having access to an aarch64 build box though (which I don't). I should check if github actions has aarch64 nodes.

Right now my nix-config builds multiple machines (desktop and laptop) with github actions and pushes it to cachix. Then on my computer I deploy it. It just takes the time required to download and deploy.

If the uid/gid part is the only thing stopping you, you could add these two values as option if you add a note in their description, when to set these manually and when you should rather leave them emtpy and using the ids.nix derivation. I would be fine with this change.

Thanks I'll take a look.

And if it works for you, it would be awesome if you could and a wiki page explaining your setup :)

Will do! :smile:

[Gerschtli]

Unfortunately github actions are not available for aarch64-linux AFAIK..

[bbigras]

I'm using something like the following to build and deploy nix-on-droid with deploy-rs, but I just realized that I'm not using the nix-on-droid overlays.

Any ideas how to set the overlays?

let
pixel2 = (inputs.nix-on-droid.lib.aarch64-linux.nix-on-droid { config = ../hosts/pixel2; }).activationPackage;
in
{
{
  deploy = {
    autoRollback = true;
    magicRollback = true;
    user = "root";

    nodes = [
    {
      pixel2 = {
        hostname = "pixel2";

        # to prevent using sudo
        sshUser = "nix-on-droid";
        user = "nix-on-droid";

        profiles.nix-on-droid.path = deploy-rs.lib.aarch64-linux.activate.custom
          pixel2
          (pixel2 + "/activate");
      };
    };
];
  };
}

https://github.com/bbigras/nix-config/blob/7d7eb023bee13c9bfcd7f87444d2b15c7884cab8/nix/deploy.nix https://github.com/bbigras/nix-config/blob/7d7eb023bee13c9bfcd7f87444d2b15c7884cab8/flake.nix https://github.com/bbigras/nix-config/blob/7d7eb023bee13c9bfcd7f87444d2b15c7884cab8/hosts/pixel2/default.nix

[Gerschtli]

Unfortunately I do not know deploy-rs, but you can use the overlays directory and source all overlays via overlays/default.nix as a list.

[pinage404]

Hello,

I did a deploy script before finding this issue

The script rely on SSH

• SSH options https://gitlab.com/pinage404/dotfiles/-/blob/0af0ff2aeff9ae7d43a0e811580da5b775c16cd6/systems/machine/fairphone_4/options/sshd.nix
• enable SSH options https://gitlab.com/pinage404/dotfiles/-/blob/9635a816ece39182c89cd98390c5c98d08b0d994/systems/machine/fairphone_4/sshd.nix
• start the SSH server once on the phone

  sshd-start
  

• deploy from the computer https://gitlab.com/pinage404/dotfiles/-/blob/9635a816ece39182c89cd98390c5c98d08b0d994/packages/deploy-fairphone_4/default.nix

  nix run '.#deploy-fairphone_4'