{"id":14109174,"url":"https://github.com/NixOS/aarch64-build-box","last_synced_at":"2025-08-01T07:34:22.930Z","repository":{"id":27486823,"uuid":"114065635","full_name":"NixOS/aarch64-build-box","owner":"NixOS","description":"Config for the Community aarch64 NixOS box","archived":false,"fork":false,"pushed_at":"2024-10-19T23:44:27.000Z","size":432,"stargazers_count":75,"open_issues_count":18,"forks_count":116,"subscribers_count":11,"default_branch":"master","last_synced_at":"2024-10-29T14:37:38.538Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Nix","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/NixOS.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"open_collective":"nixos"}},"created_at":"2017-12-13T02:51:16.000Z","updated_at":"2024-10-25T09:57:21.000Z","dependencies_parsed_at":"2023-11-09T01:26:07.081Z","dependency_job_id":"245d91db-0121-4a98-9783-b4013ae0fd5c","html_url":"https://github.com/NixOS/aarch64-build-box","commit_stats":{"total_commits":330,"total_committers":109,"mean_commits":"3.0275229357798166","dds":0.603030303030303,"last_synced_commit":"437e56ac9d8b99ea895e1d5234f17bc510699896"},"previous_names":["nix-community/aarch64-build-box"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NixOS%2Faarch64-build-box","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NixOS%2Faarch64-build-box/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NixOS%2Faarch64-build-box/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NixOS%2Faarch64-build-box/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/NixOS","download_url":"https://codeload.github.com/NixOS/aarch64-build-box/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":227819012,"owners_count":17824451,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-14T10:02:07.990Z","updated_at":"2025-08-01T07:34:22.913Z","avatar_url":"https://github.com/NixOS.png","language":"Nix","funding_links":["https://opencollective.com/nixos"],"categories":["Nix"],"sub_categories":[],"readme":"# 🚫 Unavailable as of 2024-12-31 🚫\n\nAt 18:30 UTC we shut down all machines that were sponsored by Equinix Metal, since the sponsoring relationship is coming to an end.\n\nWhether we can provide this service again in the future is up for discussion and possibly funding.\n\n# \u003cdel\u003eWant access?\u003c/del\u003e\n\n1. \u003cdel\u003eYou must read literally this entire README. It is critically\n   important that you do so.\u003c/del\u003e\n2. \u003cdel\u003eOpen a PR adding yourself to users.nix\u003c/del\u003e\n\n\u003cdel\u003eI'll grant access to well known members of the community, and people\nwell known members in the community trust.\u003c/del\u003e\n\n## Notes on Security and Safety\n\n***TLDR:*** a trusted but malicious actor could hack your system through\nthis builder. Do not use this builder for secret builds. Be careful\nwhat you use this system for. Do not trust the results. For a more\nnuanced understanding, read on.\n\nFor someone to use a server as a remote builder, they must be a\n`trusted-user` on the remote builder. `man nix.conf` has this to say\nabout Trusted Users:\n\n\u003e User that have additional rights when connecting to the Nix daemon,\n\u003e such as the ability to specify additional binary caches, or to\n\u003e import unsigned NARs.\n\u003e\n\u003e Warning: The users listed here have the ability to compromise the\n\u003e security of a multi-user Nix store. For instance, they could install\n\u003e Trojan horses subsequently executed by other users. So you should\n\u003e consider carefully whether to add users to this list.\n\nNix's model of remote builders requires users to be able to directly\nimport files in to the Nix store, and there is no guarantee what they\nimport hasn't been maliciously modified.\n\nThe following is written as me, @grahamc:\n\nI trust everyone who has access, but with limits:\n\n1. I would comfortably run results from this builder on my Raspberry\n   Pi that I don't use for secret things.\n\n2. ***DO NOT*** trust this builder for systems that contain private\n   data or tools.\n\n3. ***DO NOT*** trust this builder to make binary bootstrap tools,\n   because we have to trust those bootstrap tools for a long time to\n   not be compromised.\n\n4. ***DO NOT*** trust this builder to make tools used to make binary\n   bootstrap tools, because we have to trust those bootstrap tools for\n   a long time to not be compromised.\n\n5. ***DO NOT*** trust this builder to build the disk image for this\n   builder.\n\nIF YOU ARE: making binary bootstrap tools, please only use tools\nbuilt by hydra on a system which have never been exposed to things\nbuilt from this server. If you need help with this, I can help.\n\nNote that point 5 ensures that every time the server reboots, it is in\na clean, uncompromised state.\n\n## Notes on Persistence\n\nThe deployed system has ***ZERO*** persistence. Do not store anything\non it that you want to keep. It will reboot from time to time and\nlose everything on the hard drive.\n\n# Configuring your computer for remote builds\n\nFirst, put this in your `configuration.nix`:\n\n```nix\n{\n  programs.ssh.knownHosts.\"aarch64.nixos.community\".publicKey =\n    \"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUTz5i9u5H2FHNAmZJyoJfIGyUm/HfGhfwnc142L3ds\";\n\n  nix = {\n    distributedBuilds = true;\n    buildMachines = [\n      {\n        hostName = \"aarch64.nixos.community\";\n        maxJobs = 64;\n        sshKey = \"/root/a-private-key\";\n        sshUser = \"your-user-name\";\n        system = \"aarch64-linux\";\n        supportedFeatures = [ \"big-parallel\" \"kvm\" \"nixos-test\" ];\n      }\n    ];\n  };\n}\n```\n\n**Note:** Make sure the SSH key specified above does *not* have a\npassword, otherwise `nix-build` will give an error along the lines of:\n\n\u003e unable to open SSH connection to\n\u003e 'ssh://your-user-name@aarch64.nixos.community': cannot connect to\n\u003e 'your-user-name@aarch64.nixos.community'; trying other available\n\u003e machines...\n\nThen run an initial SSH connection as root to setup the trust\nfingerprint:\n\n\n```\n$ sudo su\n# ssh your-user-name@aarch64.nixos.community -i /root/a-private-key\n```\n\nThe fingerprint should always be:\n\n```\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUTz5i9u5H2FHNAmZJyoJfIGyUm/HfGhfwnc142L3ds\n```\n\n***If it is not, please open an issue!***\n\nFinally, `nix-build . -A hello --argstr system aarch64-linux`.\n\nIf this doesn't work, ping @grahamc and I can help debug.\n\n# Faster nixpkgs clone\n\nYou may want to clone nixpkgs on the box occasionally. It clones nixpkgs on\nboot, allowing faster clones for users — just pass `--reference\n/tmp/nixpkgs.git` to your `git clone` command.\n\n---\n\nps: if you want to build the netbooted image, check out `./DEV_NOTES.md`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FNixOS%2Faarch64-build-box","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FNixOS%2Faarch64-build-box","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FNixOS%2Faarch64-build-box/lists"}