Official NixOS Wiki

Binary Cache: Difference between revisions

← Older editNewer edit →
Drupol (talk | contribs)
12 edits
VisualWikitext
Drupol (talk | contribs)
12 edits
mNo edit summary
Drupol (talk | contribs)
12 edits
Setup a binary cache with Attic and Caddy
Line 2: Line 2:


A binary cache builds Nix packages and caches the result for other machines. Any machine with Nix installed can be a binary cache for another one, no matter the operating system.
A binary cache builds Nix packages and caches the result for other machines. Any machine with Nix installed can be a binary cache for another one, no matter the operating system.
== Setting up a binary cache with attic and caddy ==
Here's a snippet enabling Attic and Caddy.
Please refer to the [https://docs.attic.rs/ Attic documentation] to set it up correctly.<syntaxhighlight lang="nix" line="1">
{
  networking.firewall = {
    allowedTCPPorts = [ 8080 ];
  };
  services = {
    atticd = {
      enable = true;
      settings = {
        listen = "127.0.0.1:8081";
      };
      # Path to an EnvironmentFile containing required environment variables:
      # ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64: The base64-encoded RSA PEM PKCS1 of the RS256 JWT secret. Generate it with openssl genrsa -traditional 4096 | base64 -w0.
      environmentFile = "/root/.attic-env-file";
    };
    # Inspired from https://github.com/phanirithvij/system/blob/main/nixos/applications/nix/selfhosted/proxy-cache.nix
    caddy = {
      enable = true;
      package = pkgs.caddy.withPlugins {
        plugins = [ "github.com/caddyserver/cache-handler@v0.16.0" ];
        hash = "sha256-CecAx6KelOHEDiOKDTKLlDcnWtRNnDzBw1AzgN5JaFw=";
      };
      globalConfig = ''
        order cache before rewrite
        cache {
          # Global default cache duration (if not overridden below)
          ttl 1h
          log_level debug
        }
      '';
      virtualHosts.":8080" = {
        extraConfig = ''
          log {
            format console
          }
          # Nix cache info endpoint
          @nix_cache_info path /nix-cache-info
          handle @nix_cache_info {
            header Cache-Control "public, max-age=300"
            # 2. Tell Caddy's internal cache to hold this for 5 minutes
            cache {
              ttl 300s
            }
            reverse_proxy https://cache.nixos.org {
              header_up Host cache.nixos.org
            }
          }
          # NAR files (the actual packages)
          @nar path /nar/*
          handle @nar {
            header Cache-Control "public, max-age=31536000, immutable"
            # Cache the actual nar packages for a year
            cache {
              ttl 8760h
            }
            reverse_proxy https://cache.nixos.org {
              header_up Host cache.nixos.org
            }
          }
          # Narinfo files (metadata about packages)
          @narinfo path_regexp ^/[^/]+\.narinfo$
          handle @narinfo {
            header Cache-Control "public, max-age=86400"
            # Narinfo can change, so cache them locally for 24 hours
            cache {
              ttl 24h
            }
            reverse_proxy https://cache.nixos.org {
              header_up Host cache.nixos.org
            }
          }
          # Fallback for other requests
          handle {
            # We omit the `cache` directive here so Caddy doesn't interfere
            # with Attic's API operations or package pushing (PUT/POST requests).
            reverse_proxy 127.0.0.1:8081
          }
        '';
      };
    };
  };
};
</syntaxhighlight>


== Setting up a binary cache with nix-serve and nginx ==
== Setting up a binary cache with nix-serve and nginx ==
Retrieved from "https://wiki.nixos.org/wiki/Binary_Cache"