Cachix 1.3: Uploads unleashed

Serving files is the bread and butter of Cachix. Fetching store paths from Cachix is fast — downloads are served directly from fast distributed cloud storage. Uploads, however, are a different story. Each upload still had to go directly through one of our servers, making our ingest bandwidth a scarce and highly contested resource during peak times. Many of our users rely on Cachix in their CI pipelines, where slower uploads lead to longer CI runs and a worse developer experience, which is why we’ve been busy reorganizing our internals to remove this bottleneck. [Read More]

ZSTD compression by default

We’ve been pioneering and supporting the addition of ZSTD compression to Nix since 2018. In November 2021, Nix 2.4 was finally released with ZSTD support. As of today, the Cachix 1.1 client will compress any pushed binaries using zstd by default, which can be reversed back to XZ compression in the binary cache settings. This will significantly speed up pushing, as it was previously capped at around ~3-5mbit/s due to XZ compression hitting CPU per-core limits. [Read More]

Cachix Deploy Public Beta

I’m happy to announce the public beta for Cachix Deploy. Cachix Deploy was built to remove the hassle around managing the life cycle of a Nix profile. Cachix Deploy provides continuous deployments to a Nix profile (like NixOS, nix-darwin or home-manager) using a binary cache. It consists of running a simple agent process cachix deploy agent that listens for a new deployment and executes them. There’s no Nix evaluation or building done on the agent. [Read More]

NixOS OceanSprint 2021 wrap up

Last week a dozen or so people gathered on the island of Lanzarote to hack on NixOS. If it wasn’t for COVID-19, we’d have a week long of sauna and a private lake in Finland last year, but we had to cancel the event before it was even announced. Wrap up The weather on Lanzarote is usually sunny all year long. Last week we were a bit unfortunate to have two days of wind/clouds and we still managed to hack outdoors all days! [Read More]

Introducing Organizations

Today I’m introducing Organizations support in Cachix. If you’ve ever had to manage multiple Cachix accounts, wanted a team-specific dashboard or needed to have multiple admins, you’re going to love Organizations. Once you’ve created an organization, it will automatically enter a 14-day trial period. If you’d like to use Organizations for an open source project, please reach out via live chat or [email protected] Get started Click on “Select an account” dropdown at the top right corner: [Read More]

Postmortem of outage on 20th December

On 20 December, Cachix experienced a six-hour downtime, the second significant outage since the service started operating on 1 June 2018. Here are the details of what exactly happened and what has been done to prevent similar events from happening. Timeline (UTC) 02:55:07 - Backend starts to emit errors for all HTTP requests 02:56:00 - Pagerduty tries to notify me of outage via email, phone and mobile app 09:01:00 - I wake up and see the notifications 09:02:02 - Backend is restarted and recovers Root cause analysis All ~24k HTTP requests that reached the backend during the outage failed with the following exception: [Read More]

Write access control for binary caches

As Cachix is growing, I have noticed a few issues along the way: Signing keys are still the best way to upload content and not delegate trust to Cachix, but users have also found that they can be difficult to manage, particularly if the secret key needs to be rotated. At this point, the best option is to clear out the cache completely, and re-sign everything with a newly generated key. [Read More]

Changes to Garbage Collection

Based on your feedback, I have made the following two changes: When downloading <store-hash>.narinfo the timestamp of last access is updated, previously this would happen only with nar archives. This change allows tools like nix-build-uncached to prevent unneeded downloads and playing nicely with Cachix garbage collection algorithm! Previously, the algorithm ordered paths first by last accessed timestamp and then by creation timestamp. That worked well until you had all entries with last accessed and all newly created store paths will get deleted first. [Read More]

Upstream caches: avoiding pushing paths in cache.nixos.org

One of the most requested features, the so-called upstream caches was released today. It is enabled by default for all caches, and the owner of the binary cache can disable it via Settings. When you push store paths to Cachix, querying cache.nixos.org adds overhead of multiples of 100ms, but you save storage and possibly minutes for avoiding the pushing of already available paths. Queries to cache.nixos.org are also cached, so that subsequent push operations do not have the overhead. [Read More]

Documentation and More Documentation

Documentation is an important ingredient of a successful software project. Last few weeks I’ve worked on improving status quo on two fronts: https://nix.dev is an opinionated guide for developers getting things done using the Nix ecosystem. A few highlights: Getting started repository template with a tutorial for using declarative and reproducible developer environments Setting up GitHub Actions with Nix Nix language anti-patterns to avoid and recommended alternatives Building docker images with Nix [Read More]