https://github.com/nh2/nix-binary-cache-proxy

An NGINX caching proxy to serve the cache.nixos.org binary cache from your local network, ready-to-deploy with nixops
https://github.com/nh2/nix-binary-cache-proxy

Last synced: 25 days ago
JSON representation

An NGINX caching proxy to serve the cache.nixos.org binary cache from your local network, ready-to-deploy with nixops

• Host: GitHub
• URL: https://github.com/nh2/nix-binary-cache-proxy
• Owner: nh2
• License: mit
• Created: 2017-09-18T04:20:56.000Z (over 7 years ago)
• Default Branch: master
• Last Pushed: 2017-11-12T19:17:36.000Z (over 7 years ago)
• Last Synced: 2025-04-09T04:12:31.695Z (about 2 months ago)
• Language: Nix
• Size: 4.88 KB
• Stars: 55
• Watchers: 3
• Forks: 4
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# nix-binary-cache-proxy

An NGINX caching proxy to serve the cache.nixos.org binary cache from your local network.

Using this you can download from a fast machine in your data center or basement instead of the cache.nixos.org CDN, which depending on your geographical location or connection speed can be slow to download from.

The nginx caching proxy transparently fetches any package from the upstream cache.nixos.org on first access, and saves it to its local disk so that subsequent accesses don't hit the internet.

It's ready-to-deploy with [nixops](https://nixos.org/nixops) for your convenience.

## Deploy

### How to deploy to AWS

First change [nginx-binary-cache-proxy.nix](nginx-binary-cache-proxy.nix) to set it up for your AWS account and domain name (best use `~/.aws/credentials`).

Then

* `nixops create  -d nginx-binary-cache-proxy`

* `nixops deploy -d nginx-binary-cache-proxy`

### How to deploy to a dedicated machine running NixOS

Simply follow the AWS steps, but remove all AWS/Route53 related `deployment.*` entries and use

```nix

{

  deployment.targetEnv = "none";

  deployment.targetHost = "1.2.3.4"; # your server's IP you can SSH into

}

```

## Use

Simply point your NixOS boxes at it with:

```nix

{

  nix.binaryCaches = [

    "http://nixos-cache.example.com/"

    "http://cache.nixos.org/" # include this line if you want it to fallback to upstream if your cache is down

  ];

}

```

For non-NixOS nix users, set the `binary-caches` option in `/etc/nix/nix.conf` as described in the last paragraphs of [this manual section](https://nixos.org/nix/manual/#ssec-binary-cache-substituter).

Note we're using plain `http` here, which is safe because nix packages are signed with public-key cryptography.

If you care to have a bit more privacy (a man-in-the-middle not trivially observing what packages are downloaded; but most people don't care if somebody knows what publicly available packages they install) and can tolerate more roundtrips for connection initialisation (which nix < 1.12 does for each package), use `https` here instead.

#### Acknowledgements

Thanks to [@cleverca22](https://github.com/cleverca22/) for lots of help with this!