Official NixOS Wiki

Binary Cache: Difference between revisions

← Older edit
Mdaniels5757 (talk | contribs)
9 edits
VisualWikitext
Drupol (talk | contribs)
13 edits
mNo edit summary
fix some syntaxhighlight errors
 
(3 intermediate revisions by one other user not shown)
Line 2: Line 2:


A binary cache builds Nix packages and caches the result for other machines. Any machine with Nix installed can be a binary cache for another one, no matter the operating system.
A binary cache builds Nix packages and caches the result for other machines. Any machine with Nix installed can be a binary cache for another one, no matter the operating system.
== Setting up a binary cache with attic and caddy ==
Here's a snippet enabling [https://github.com/zhaofengli/attic Attic] and [https://caddyserver.com/ Caddy].
Please refer to the [https://docs.attic.rs/ Attic documentation] to set it up correctly. The goal here is to show how those two services can be used together to provide a solid solution.<syntaxhighlight lang="nix" line="1">
{
  networking.firewall = {
    allowedTCPPorts = [ 8080 ];
  };
  services = {
    atticd = {
      enable = true;
      settings = {
        listen = "127.0.0.1:8081";
      };
      # Path to an EnvironmentFile containing required environment variables:
      # ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64: The base64-encoded RSA PEM PKCS1 of the RS256 JWT secret. Generate it with openssl genrsa -traditional 4096 | base64 -w0.
      environmentFile = "/root/.attic-env-file";
    };
    # Inspired from:
    # 1. https://github.com/phanirithvij/system/blob/main/nixos/applications/nix/selfhosted/proxy-cache.nix
    # 2. https://github.com/rnl-dei/nixrnl/blob/master/profiles/proxy-cache.nix
    caddy = {
      enable = true;
      package = pkgs.caddy.withPlugins {
        plugins = [ "github.com/caddyserver/cache-handler@v0.16.0" ];
        hash = "sha256-CecAx6KelOHEDiOKDTKLlDcnWtRNnDzBw1AzgN5JaFw=";
      };
      globalConfig = ''
        order cache before rewrite
        cache {
          # Global default cache duration (if not overridden below)
          ttl 1h
          log_level debug
        }
      '';
      virtualHosts.":8080" = {
        extraConfig = ''
          log {
            format console
          }
          # Nix cache info endpoint
          @nix_cache_info path /nix-cache-info
          handle @nix_cache_info {
            header Cache-Control "public, max-age=300"
            # 2. Tell Caddy's internal cache to hold this for 5 minutes
            cache {
              ttl 300s
            }
            reverse_proxy https://cache.nixos.org {
              header_up Host cache.nixos.org
            }
          }
          # NAR files (the actual packages)
          @nar path /nar/*
          handle @nar {
            header Cache-Control "public, max-age=31536000, immutable"
            # Cache the actual nar packages for a year
            cache {
              ttl 8760h
            }
            reverse_proxy https://cache.nixos.org {
              header_up Host cache.nixos.org
            }
          }
          # Narinfo files (metadata about packages)
          @narinfo path_regexp ^/[^/]+\.narinfo$
          handle @narinfo {
            header Cache-Control "public, max-age=86400"
            # Narinfo can change, so cache them locally for 24 hours
            cache {
              ttl 24h
            }
            reverse_proxy https://cache.nixos.org {
              header_up Host cache.nixos.org
            }
          }
          # Fallback for other requests
          handle {
            # We omit the `cache` directive here so Caddy doesn't interfere
            # with Attic's API operations or package pushing (PUT/POST requests).
            reverse_proxy 127.0.0.1:8081
          }
        '';
      };
    };
  };
};
</syntaxhighlight>


== Setting up a binary cache with nix-serve and nginx ==
== Setting up a binary cache with nix-serve and nginx ==
Line 134: Line 239:
     };
     };
   };
   };
</syntaxhighlight>As described on [https://search.nixos.org/options?show=nix.settings.substituters&type=packages&query=substituters search.nixos.org] by default <nowiki>https://cache.nixos.org/</nowiki> is added to the substituters. You may need to use lib.mkForce to override this and ensure your substituter is the primary choice.<syntaxhighlight>
</syntaxhighlight>As described on [https://search.nixos.org/options?show=nix.settings.substituters&type=packages&query=substituters search.nixos.org] by default <nowiki>https://cache.nixos.org/</nowiki> is added to the substituters. You may need to use lib.mkForce to override this and ensure your substituter is the primary choice.<syntaxhighlight lang="nix">
# /etc/nixos/configuration.nix
# /etc/nixos/configuration.nix


Line 192: Line 297:
You can place a hint to your binary cache in your Flake so when someone builds an output of your Flake, the nix command will ask interactively to trust the specified binary cache.
You can place a hint to your binary cache in your Flake so when someone builds an output of your Flake, the nix command will ask interactively to trust the specified binary cache.


<syntaxHighlight lang=nix>
<syntaxHighlight lang="nix">
{
{
   nixConfig = {
   nixConfig = {
Retrieved from "https://wiki.nixos.org/wiki/Binary_Cache"