tvix: allow specifying a program to execute to dynamically generate builders + substituters

#47
Opened by glittershark at 2020-08-28T21·10+00

My specific agenda here is to make it so that I can omit my work nix cache when I'm not on the work VPN, but this feels like something that'd be generally applicable for things like service discovery of remote builder pools etc.

  1. In other words, this is config generation for builders/substituters? Sounds like a good plan.

    We may want to look at gRPC load balancer discovery, but not everything is using the gRPC client.

    kanepyork at 2020-08-28T21·12+00

  2. In other words, this is config generation for builders/substituters?

    yep, that's the idea

    glittershark at 2020-08-28T21·13+00

  3. open questions:

    • what is the protocol we should use for the config generation? Is spitting out a file in the format accepted by /etc/nix/nix.conf or /etc/nix/machines sufficient?
    • What should the config generators be allowed to do? Should they run in a sandbox? I would assume not if we want them to be able to do service discovery - but then what do we do if the config generators fail?
    • how does the trust model work here? I assume an initial pass would just trust whatever the config generator says - does that break down at any point?

    glittershark at 2020-08-28T21·15+00