System Configuration¶
nixbuild.net deployments are configured by placing one or more
configuration files in /etc/nixbuild.net/conf.d on the nxb-server instance.
The configuration files should be written in the
libucl configuration language, or any of
languages that libucl can read, like JSON.
Merging of configuration files uses the same semantics that multiplication of objects in jq uses. This is also called recursive merge.
The configuration files are merged in this order:
-
The file
/etc/nixbuild.net/base_config.jsonis read. This file is created when the nixbuild.net distribution is built and can't be changed by system administrators. -
Files found directly under
/etc/nixbuild.net/conf.dare sorted alphabetically, converted to JSON bylibucland merged into the final configuration using the recursive merge approach described above.
On nxb-server you can run the command nixbuild-config get to show the
complete nixbuild.net configuration.
Note that the recursive merge approach used does not allow for an overriding
configuration file to append to a list, only override it. For example,
base_conf.json usually includes the standard Nix substituter in the default
list of substituters to use. So if you have no extra config you'll get this:
$ nixbuild-config get nixbuild default-user-settings substituters
[
"https://cache.nixos.org"
]
Adding a file /etc/nixbuild.net/conf.d/substituters.conf that looks like this:
nixbuild {
default-user-settings {
substituters = [ "https://my-cache.example.com" ]
}
}
will effectively remove https://cache.nixos.org:
$ nixbuild-config get nixbuild default-user-settings substituters
[
"https://my-cache.example.com"
]
Configuration example¶
slurmctld {
host = nxb-server-1
ip = 172.31.32.20
}
nixbuild {
predefined-accounts = [
{ account-id = 1
, email = rickard@nixbuild.net
, ssh-keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPo2vH/gNTctZy2R4Xg9BuExLwqc/xFnqBGLx7WndgQG rickard"
]
}
]
}
ec2 {
build-node-templates = [
{ ami = ami-0917406788c1b79e5
, region = eu-north-1
, security-group = sg-030abe5e2f9ec5e74
, subnet = subnet-07dc948c6500abf4b
, ssh-key-name = nxb-ssh-key-1
, instance-type = c5.large
, count = 2
, weight = 0
}
]
}
Configuration Options¶
ec2.aws-shared-credentials-file¶
Type: string
Default: Not set
If set, the specified file will be used for credentials when provisioning and
de-provisioning EC2 builders instances. This corresponds to the
AWS_SHARED_CREDENTIALS_FILE environment variable.
ec2.build-node-config¶
Type: attribute set
Default: Not set
The configuration that the builder EC2 instances will be provisioned with. This
is used to pass configuration to the builder instances. The contents of this
option will be added as a config file in /etc/nixbuild.net/conf.d on builder
servers.
ec2.build-node-creation-hook¶
Type: string
Default: ""
If set to a path of an executable, this executable will be run after a new builder EC2 instance has been created and is reachable over SSH. The hook will be called with the following environment variables set:
EC2_BUILD_NODE_NAME: The name of the node.EC2_BUILD_NODE_ADDRESS: The IP address of the node.EC2_BUILD_NODE_SSH_CMD: The SSH command that can be used to connect to the node.
If the hook exits with a non-zero exit code, the node creation will be considered failed.
ec2.build-node-files¶
Type: list of strings
Default: []
A list of files that should be copied to the builder EC2 instances when they
are created. Each entry should have the form SRC:DST, where SRC is a file
or directory on your nxb-server instance, and DST is the target path on the
builder instance. Both SRC and DST must be absolute paths.
ec2.build-node-templates¶
A list of "templates" that define the EC2 instances that should be available
for running builds. Each entry in this list defines a group of instances sharing
the same AMI, instance type etc. Each entry also specifies a count attribute
specifying the number of instances that can be created. In total number of
instances that can be used is the sum of all count attributes in this list.
The instances are provisioned when they are needed for running builds, and will
be terminated automatically when no longer needed. slurm handles the selection
of which and how many instances to provision depending how many CPU cores and
how much memory is required by the active builds. If the resources needed by the
builds exceeds what has been defined in this list, builds will be queued. This
list of node templates therefore put an upper limit on how many EC2 instance
can be active at the same time.
ec2.build-node-templates.*.ami¶
Type: string
Required
Specifies the AMI ID to be used for the nodes. You should make sure that the CPU architecture of the AMI ID configured is compatible with the configured EC2 instance type.
ec2.build-node-templates.*.boot-disk-extra-gigabytes¶
Type: int
Default: 8
Specifies the extra size that will be added to the boot disk, in addition to
the space required for the AMI. This extra size will be used for the /var
mount, which is used for storing nar caches.
ec2.build-node-templates.*.count¶
Type: int
Required
The maximal number of nodes that can be created for this node group.
ec2.build-node-templates.*.iam-instance-profile¶
Type: string
Default: ""
If set, the specified IAM instance profile will be assigned to the provisioned EC2 builder instances. The value should be the name of an IAM instance profile that exists in your AWS account. If left empty, no instance profile will be assigned.
ec2.build-node-templates.*.instance-type¶
Type: string
Required
Example:
c6i.xlarge
The name of the EC2 instance type used for the instances. You can specify any valid EC2 instance type here, but your AWS account might have limitations on what instance types you can use. You should also make sure that the instance type you select is available in the region you've specified.
If you select an Arm instance type, make sure that the AMI you specify is built
for aarch64-linux.
ec2.build-node-templates.*.keep-alive¶
Type: bool
Default: false
If keep-alive is set to true, the instances in the template are not
terminated after a period of idleness as is usually the case. The instances
will still start in a turned-off state, only when they first are needed for a
build they will be turned on and then stay on after that. The instances will
still be auto-terminated if the nxb-server instance is turned off or becomes
unreponsive for a longer time.
This can be used to keep one or more instances available with less latency, for interactive builds. For this to work the instances must be large enough to handle the interactive builds, otherwise you still get the latency when NixBuild starts any larger instances needed.
ec2.build-node-templates.*.max-uptime¶
Type: integer
Default: 0
If max-uptime is set to a non-zero integer, the instances in the template
will be terminated after they have been up for the number of seconds defined by
max-uptime. This can be useful together with the keep-alive setting to
avoid instances from being kept up for too long. You can, however, also use
this setting on instances where keep-alive is not set.
Note, the instances will be terminated without any consideration on them being idle or not. Any builds that happen to be running on the instances will therefore be cancelled and restarted.
ec2.build-node-templates.*.memory.zram.compression-ratio¶
Type: float
Default: 2.0
The expected zram compression ratio (see explanation below).
ec2.build-node-templates.*.memory.zram.enable¶
Type: bool
Default: false
If enabled, part of the memory on the EC2 builder instance will be reserved
for zram swap usage. This increases the usable memory for builds beyond what
is offered by the EC2 instance type.
The total memory available to builds is calculated like this:
m + ((m * p / 100) * (r - 1))
where:
m = EC2 instance memory
p = memory.zram.max-memory-percentage
r = memory.zram.compression-ratio
The memory.zram.compression-ratio parameter configures the expected
compression rate. If the actual compression rate is lower, it is possible that
the EC2 instance will run out of memory. Currently, nixbuild.net has no ability
to detect such an event. Instead, nixbuild.net will simply detect that the
builder instance stops working and will restart the build. However, it is then
likely that the same situation will occur again. Once the number of allowed
build restarts has been exhausted, nixbuild.net will fail the build. So, you
should configure the memory.zram.compression-ratio conservatively, and
monitor your builds for excessive failures.
ec2.build-node-templates.*.memory.zram.max-memory-percentage¶
Type: integer
Default: 50
The percentage of memory set aside for zram. See above for explanation on
how zram usage is calculated.
ec2.build-node-templates.*.public-ip¶
Type: bool
Default: true
Example:
false
If set to true (the default) a public IPv4 address will be added to the EC2 instance. If set to false, no public IP will be setup for the instance, in which case you should make sure that you have configured a NAT Gateway or similar for the instance's subnet.
ec2.build-node-templates.*.region¶
Type: string
Required
EC2 region.
ec2.build-node-templates.*.security-group¶
Type: string
Required
EC2 security group.
ec2.build-node-templates.*.ssh-key-name¶
Type: string
Required
EC2 SSH key name.
ec2.build-node-templates.*.subnet¶
Type: string
Required
EC2 subnet.
ec2.build-node-templates.*.tags¶
Type: attribute set of strings
Default: {}
A key-value mapping of EC2 instance tags that should be assigned to the instances.
Example:
{ env = "qa"
, deployment = "A"
}
ec2.build-node-templates.*.weight¶
Type: int
Required
The priority of this node group. A lower number means nodes from this group will have a higher priority when deciding which node to provision if there is no running node that can run a build request.
ec2.instance-creation-retries¶
Type: integer
Default: 10
The number of times EC2 instance creation should be retried when provisioning
new builder instances. When creating EC2 instances the "retry mode" will be set
to standard and the "max attempts" will be set to the configured value. For
more info see
https://docs.aws.amazon.com/sdkref/latest/guide/feature-retry-behavior.html.
ec2.instance-termination-retries¶
Type: integer
Default: 20
The number of times EC2 instance termination should be retried when terminating
idle builder instances. When terminating EC2 instances the "retry mode" will be
set to standard and the "max attempts" will be set to the configured value.
For more info see
https://docs.aws.amazon.com/sdkref/latest/guide/feature-retry-behavior.html.
ec2.node-name-prefix¶
Type: string
Default: "ec2-builder"
The prefix used when naming the EC2 builder nodes. The node names will be formed by appending an index number to this prefix.
ec2.sandbox-paths¶
Type: list of strings
Default: []
Example:
[ "/var/lib/sandbox-files/etc/ssl:/etc/ssl"
, "/var/lib/sandbox-files/tmp/krb5cc_30000:/tmp/krb5cc_30000"
, "/usr/share/zoneinfo:/usr/share/zoneinfo"
]
A list of paths bind-mounted read-only into the builder sandbox environments.
Each entry should have the form SRC:DST, where SRC is a file or directory
on your nxb-server-ec2 instance, and DST is the target path inside the
builder sandbox. Both SRC and DST must be absolute paths. SRC can be
either a regular file or a directory. You must take care not to set DST to
any existing file or directory inside the sandbox that is vital for the sandbox
functioning.
When a builder instance is provisioned, any files or directories defined in
ec2.sandbox-paths will be recursively copied over to the new builder instance.
When a build is launched the corresponding local files on the builder instance
will bind-mounted into the build sandbox.
This is setting is similar to using the sandbox-paths setting in Nix.
nard.profiling.enable¶
Type: bool
Default: false
If set to true, profiling will be activated for nard.service.
Profiling output can be found in /var/log/nard/profiling. Most of
the profiling output will only be available after nard.service
has been stopped or restarted. Each time nard.service is
restarted, a backup of the profiling directory will be created in
/var/log/nard.
The config option nard.profiling.rts-options controls what is included in
the profiling outputs, see below.
nard.profiling.rts-options¶
Type: list of strings
Default: [ "-p" ]
Defines a list of GHC
RTS
options to be used when running the profiled nard binary. While
you can set any GHC RTS options here, you should probably limit yourself to the
ones that concern
profiling.
For the options to take effect, you must also set nard.profiling.enable
to true.
nard.push.s3.buffer-size¶
Type: integer
Default: 12582912
This is the preferred size of the individual multi-part S3 uploads. Regardless
what size you configure, nard will make sure that the buffer size is within
S3's allowed limits (minimum 5MB, and maximum 10000 parts per multi-part
upload). Due to the way concurrent compression works in nard, a bigger buffer
size will improve compression somewhat, since it will avoid having to pad
compressed data to fulfill the minimum limit. A bigger buffer size will
increase memory consumption.
nard.push.s3.compression-chunk-bytes¶
Type: integer
Default: 1048576
When compressing and uploading store paths nard will compress individual
chunks (in parallel if possible) and then concatenate the compressed chunks
into a buffer that will be uploaded to S3 once it is big enough. The
compression-chunk-bytes specifies the preferred chunking size for compression.
nard.push.s3.concurrency¶
Type: integer
Default: 4
This setting specifies the number of threads nard is allowed to have running
compression for S3 uploads at the same time. It should be pretty safe to set
this to the number of available CPU threads, or even slightly more. If you see
the CPU consumption of nard cannibalize other services on the server, you can
turn this setting down.
nard.push.s3.default-compression-level¶
Type: integer
Default: 3
The zstd compression level used when uploading store paths to S3 buckets.
nard.push.s3.max-buffers-per-nar¶
Type: integer
Default: 6
This setting multiplied with the buffer-size setting specifies the maximum
amount of (compressed) data that is allowed to be kept in memory per processed
nar file. Only "large" nar files have this limit. Small nar files are
loaded into memory, compressed and uploaded to S3 as a single HTTP request.
nard.push.s3.max-concurrent-nars¶
Type: integer
Default: 4
The number of large nar files that can be processed concurrently. It is
recommended to increase this value if you have enough memory on your server.
nard.push.s3.max-concurrent-requests¶
Type: integer
Default: 32
The maximum number of in-flight HTTP requests to S3.
nard.push.s3.retry-request-base-delay-seconds¶
Type: integer
Default: 1
The base delay (in seconds) between retries of failed S3 requests.
nard.push.s3.retry-request-max-cumulative-delay-seconds¶
Type: integer
Default: 300
The maximum cumulative delay (in seconds) for retrying failed S3 requests. Once the total delay across all retries exceeds this value, no more retries will be attempted.
nard.s3.allow-ambient-credentials¶
Type: bool
Default: false
If false (the default), nard will not pick up any ambient credentials (like
EC2 IAM instance profiles). Instead you have to configure an
access-token for each S3
bucket your NixBuild account wants to use for substitution or push store paths
to.
nixbuild.biscuit-private-key-file¶
Type: string
Default: "/etc/nixbuild.net/biscuit-key"
The path to the file containing the private key used for creating and verifying Biscuit authorization tokens.
nixbuild.debug-logs¶
Type: bool
Default: false
If set to true, a selection of internal nixbuild.net logs will be forwarded
to the Nix client and show up in the build log.
nixbuild.db-config.connection-pool-size¶
Type: integer
Default: 10
Maximum number of connections in the database connection pool. This limit applies per service, so the total number of PostgreSQL connections will be higher than this value.
nixbuild.db-config.session-timeout-seconds¶
Type: integer
Default: 60
Maximum duration in seconds for a single database transaction session. Sessions exceeding this timeout are terminated.
nixbuild.default-user-settings¶
Type: attribute set
An attribute set that defines the initial configuration of accounts that are
added to your NixBuild Enterprise deployment. The configuration here is a
superset of the settings available through the settings command in the
NixBuild shell, because not all account settings are configurable by users.
For the settings that are available through the NixBuild shell, please see the documentation for the public nixbuild.net service. For other settings, see below.
nixbuild.default-user-settings.input-closure-ttl-seconds¶
Type: integer
Default: 90 * 24 * 3600
Anytime a path closure is used as input for a build, its time to live (TTL)
will be set to specified number of seconds. If a path in the closure already
has a longer TTL, that TTL will not be changed. This means the complete path
closure will remain in the NixBuild store for at least the specified time, as
long as the settings storage-limit-days or storage-limit-gigabytes are not
violated.
nixbuild.default-user-settings.output-closure-ttl-seconds¶
Type: integer
Default: 90 * 24 * 3600
Anytime a build output path closure is produced, its time to live (TTL) will be
set to specified number of seconds. If a path in the closure already has a
longer TTL, that TTL will not be changed. This means the complete path closure
will remain in the NixBuild store for at least the specified time, as long as
the settings storage-limit-days or storage-limit-gigabytes are not
violated.
nixbuild.default-user-settings.queried-path-ttl-seconds¶
Type: integer
Default: 7 * 24 * 3600
Anytime a path is queried by a Nix client, its time to live (TTL) will be
set to specified number of seconds. If a path in the closure already has a
longer TTL, that TTL will not be changed. This means the complete path closure
will remain in the NixBuild store for at least the specified time, as long as
the settings storage-limit-days or storage-limit-gigabytes are not
violated.
nixbuild.default-user-settings.sandbox-nar-cache-enabled¶
Type: bool
Default: false
If set to true, a local nar cache will be used on the builder instances to
speed up builds that need to fetch nars from the NixBuild store.
nixbuild.default-user-settings.sandbox-nar-cache-pagesize¶
Type: integer
Default: 256
The page size (in KiB) used by the sandbox nar cache. Only relevant if
sandbox-nar-cache-enabled is set to true.
nixbuild.default-user-settings.storage-limit-days¶
Type: integer
Default: 1000
Any store path older than the specified number of days will be automatically deleted. The age is based on when the path was last accessed, queried or stored.
This setting puts an absolute upper limit on the time a path can exist in the
NixBuild database and storage. However, the related settings
input-closure-ttl-seconds, output-closure-ttl-seconds,
uploaded-path-ttl-seconds and queried-path-ttl-seconds let you define more
fine-grained lifetimes for paths.
Also see the related setting storage-limit-gigabytes.
nixbuild.default-user-settings.storage-limit-gigabytes¶
Type: float
Default: 1000.0
Limits the total storage space that is allowed for an account. If an account
exceeds the specified storage usage, the oldest (in terms of when they were
last accessed, queried or stored) paths will be removed until
storage-limit-gigabytes is no longer exceeded.
nixbuild.default-user-settings.uploaded-path-ttl-seconds¶
Type: integer
Default: 7 * 24 * 3600
Anytime a path is uploaded to the NixBuild store, its time to live (TTL) will
be set to specified number of seconds. If the path in the already has a longer
TTL, that TTL will not be changed. This means the complete path closure will
remain in the NixBuild store for at least the specified time, as long as the
settings storage-limit-days or storage-limit-gigabytes are not violated.
nixbuild.gc-build-logs-deletion-batch-size¶
Type: integer
Default: 500
The number of build logs to delete in each batch when garbage collecting old build logs.
nixbuild.gc-build-logs-max-age-days¶
Type: integer
Default: Not set
If set, build logs will be automatically deleted once they reach the specified age (number of days) specified by this setting. By default, this setting is unset, and no log deletion happens.
nixbuild.gc-nar-claim-deletion-interval-seconds¶
Type: integer
Default: 3600
The interval (in seconds) between nar claim deletion runs. Nar claims are internal references used to track which nars are in use.
nixbuild.gc-nar-deletion-batch-size¶
Type: integer
Default: 1000
The number of nars to delete in each batch during nar garbage collection.
nixbuild.gc-nar-deletion-interval-seconds¶
Type: integer
Default: 3600
The interval (in seconds) between nar deletion runs.
nixbuild.gc-nar-invalidation-sample-percentage¶
Type: integer
Default: 1
The percentage of nars to sample during each nar invalidation run. The value is clamped to the range 1–100. A higher value means more nars are examined per run, but each run takes longer.
nixbuild.gc-nar-invalidation-chunk-size¶
Type: integer
Default: 512
The number of sampled nars to process in each database transaction during nar invalidation. Smaller values result in shorter transactions but more round-trips to the database.
nixbuild.gc-nar-invalidation-interval-seconds¶
Type: integer
Default: 3600
The interval (in seconds) between nar invalidation runs.
nixbuild.gc-path-deletion-sample-percentage¶
Type: integer
Default: 1
The percentage of paths to sample during each path deletion run. The value is clamped to the range 1–100.
nixbuild.gc-path-deletion-chunk-size¶
Type: integer
Default: 512
The number of sampled paths to process in each database transaction during path deletion. Smaller values result in shorter transactions but more round-trips to the database.
nixbuild.gc-path-deletion-interval-seconds¶
Type: integer
Default: 3600
The interval (in seconds) between path deletion runs.
nixbuild.http-api-base-url¶
Type: string
Default: Not set
The base URL used for the NixBuild HTTP API.
nixbuild.nard-push-connections-limit¶
Type: integer
Default: 32
The maximum number of concurrent connections to nard for push operations.
nixbuild.nard-push-connections-per-account-limit¶
Type: integer
Default: 32
The maximum number of concurrent push connections to nard per account.
nixbuild.nard-read-address¶
Type: string
Required
The address (host:port) of the nard service used for read operations.
nixbuild.nard-read-connections-limit¶
Type: integer
Default: 64
The maximum number of concurrent connections to nard for read operations.
nixbuild.nard-read-connections-per-account-limit¶
Type: integer
Default: 64
The maximum number of concurrent read connections to nard per account.
nixbuild.nard-write-address¶
Type: string
Required
The address (host:port) of the nard service used for write operations.
nixbuild.nard-write-connections-limit¶
Type: integer
Default: 32
The maximum number of concurrent connections to nard for write operations.
nixbuild.nard-write-connections-per-account-limit¶
Type: integer
Default: 32
The maximum number of concurrent write connections to nard per account.
nixbuild.oidc-audience¶
Type: list of strings
Default: [ "nixbuild.net" ]
A list of strings that nixbuild.net should accept as values for the aud field
in incoming OIDC JWTs.
nixbuild.derivation-cache-size¶
Type: integer
Default: 100000
The maximum number of derivations to keep in the in-memory derivation cache. This cache reduces database lookups when the same derivations are requested by multiple concurrent builds. It also reduces memory usage when many similar derivation graphs are built at the same time.
nixbuild.derivation-cache-ttl-seconds¶
Type: integer
Default: 3600
The maximum life time of the derivations in the in-memory derivation cache. Set to zero to disable eviction of old entries.
nixbuild.predefined-accounts¶
Type: list of attribute sets
Default: []
A list of accounts that should be added automatically to the database when
NixBuild starts. You can add new accounts to an existing NixBuild deployment
by adding new entries here, but if you remove entries here they will not be
removed from the NixBuild database. Updating entries here will only be
reflected in the database if the overwrite flag is set for the account entry,
see below.
Example:
[
{ account-id = 1
, email = rickard@nixbuild.net
, ssh-keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/mBylFblBYkAoESGu3dPAYulFOqEmykhCgHhNb2taP rickard"
]
}
]
nixbuild.predefined-accounts.*.account-id¶
Type: integer
Required
The unique integer id of the account. This id is used for looking up existing accounts.
nixbuild.predefined-accounts.*.email¶
Type: string
Required
The account's email address.
nixbuild.predefined-accounts.*.overwrite¶
Type: bool
Default: true
If set to true (the default), any manual changes to this user account will be
overwritten by the configuration defined here. If set to false, the
configuration defined here will only be used for the initial creation of the
user account.
nixbuild.predefined-accounts.*.ssh-keys¶
Type: list of strings
Default: []
A list of public SSH keys of type ed25519 that users can use to access the
account. The SSH keys must be unique between accounts.
You can add and remove SSH keys later using the NixBuild shell.
Example:
ssh-keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/mBylFblBYkAoESGu3dPAYulFOqEmykhCgHhNb2taP rickard"
]
nixbuild.predefined-accounts.*.user-settings¶
Type: attribute set of user settings
Default: {}
Initial settings that should be set for the account. You can change these account settings later through the NixBuild shell.
Example:
{
substituters = []
}
system.services.<service>.rts-options¶
Type: list of strings
Default: Depends on service
Defines a list of GHC
RTS
options to pass to the service via the GHCRTS environment variable. These
options are always applied, regardless of whether profiling is enabled.
Each service has its own default RTS options. Setting this option replaces
the default list entirely rather than appending to it. <service> can be
nixbuild-frontend, nixbuild-http-api, nixbuild-jobs, nixbuild-9p,
nixbuild-web, or nard.
system.services.<service>.profiling.enable¶
Type: bool
Default: false
If set to true, the profiled binary will be used for the service.
Profiling output can be found in /var/log/<service>/profiling. Most of
the profiling output will only be available after the service
has been stopped or restarted. Each time the service is restarted, a backup of
the profiling directory will be created in /var/log/<service>.
system.services.<service>.profiling.rts-options¶
Type: list of strings
Default: [ "-p" ]
Defines additional GHC
RTS
options to use when profiling is enabled. These are appended to the base
system.services.<service>.rts-options. You should typically limit these to
options that concern
profiling.
For these options to take effect, system.services.<service>.profiling.enable
must be set to true.
nixbuild.require-state-volume¶
Type: bool
Default: false
If set to true, a filesystem separate from the boot disk is required to store
all state (database, nar contents etc) that NixBuild produces. This filesystem
must have the label nixbuild. If no such filesystem is found, and this
setting is true, the NixBuild services will not start. If you start the
server without the required filesystem and then make the filesystem available
after boot, the NixBuild services will start automatically once the filesystem
is detected. For more details see NixBuild State
Management.
nixbuild.ssh-auto-login-account-id¶
Type: integer
Default: Not set
If set, SSH authentication will be skipped and the SSH session will be automatically tied to the account id specified. You should only enable this if you have other means of access control, like network boundaries etc.
nixbuild.ssh-host-key-file¶
Type: string
Default: "/etc/nixbuild.net/ssh-host-key"
The path to the SSH host key file used by the NixBuild SSH server.
nixbuild.state-volume-device¶
Type: string
Default: Not set
If you set this option to the device name of the volume you are using for
NixBuild state, this device will be automatically initialised (a filesystem
labeled nixbuild will be created if needed) and activated. You also need to
set the nixbuild.require-state-volume option to true for this automatic
initialisation to happen. For more details see NixBuild State
Management.
nixbuild.upload-to-caches-from-builders¶
Type: bool
Default: true
If true, uploads to caches will be performed from the
builder hosts. If false, uploads will be performed by nard. Any uploads that
fails on the builder will be re-tried by nard.
nixbuild.verify-oidc-jwts¶
Type: bool
Default: true
If set to true, any OIDC ID token provided in the NIXBUILDNET_OIDC_ID_TOKEN
SSH env var or NIXBUILDNET-OIDC-ID-TOKEN HTTP header will automatically be
verified. If the token is valid the relevant Biscuit
facts will be populated.
nixbuild.web-auto-login-account-id¶
Type: integer
Default: Not set
If set, web authentication will be skipped and the web session will be automatically tied to the account id specified. You should only enable this if you have other means of access control, like network boundaries etc.
nixbuild.web-base-url¶
Type: string
Default: Not set
The base URL used for the NixBuild web interface.
nixbuild.web-static-files¶
Type: string
Default: Not set
The path to the directory containing static files served by the NixBuild web interface. If not set, no static files will be served.
nixbuild.web-url-default-ttl-seconds¶
Type: integer
Default: Not set
The default time to live (in seconds) for URLs generated by the NixBuild web interface.
slurmctld.host¶
Type: string
Default: Not set
The hostname of the nxb-server instance running slurmctld. This is used
by builder nodes to connect back to the controller.
slurmctld.ip¶
Type: string
Default: Not set
The IP address of the nxb-server instance running slurmctld. This is used
by builder nodes to connect back to the controller. If not set, the hostname
from slurmctld.host will be used.
slurmctld.suspend-time¶
Type: integer
Default: 400
The number of seconds of idleness after which a builder instance will be suspended (terminated). This controls how long idle builder instances are kept around before being shut down to save costs.