I’m happy to announce the public beta for Cachix Deploy.

Cachix Deploy was built to remove the hassle around managing the life cycle of a Nix profile.

Cachix Deploy provides continuous deployments to a Nix profile (like NixOS, nix-darwin or home-manager) using a binary cache.

It consists of running a simple agent process cachix deploy agent that listens for a new deployment and executes them. There’s no Nix evaluation or building done on the agent. The agent pulls all dependencies from your binary cache and activates the new profile.

To start new deployments you run cachix deploy activate with a specification of what each agent should deploy.

More details about how it all works are in the getting started guide.

Highlights

Binary deployments

Use your favorite way to eval and build Nix derivations and push them to a binary cache.

Agents pull from a binary cache, keeping memory requirements extremely low.

First-Class Continuous integration support

Once everything is built on your CI, push your closures to a binary cache and run cachix deploy activate to trigger a deployment.

Offline friendly deployments

If an agent is offline, it will deploy the latest change as soon as it comes online.

Slow developer internet connection

With remote work and developers traveling all over the world,

there’s nothing more than some metadata coming from your machine executing a deployment.

Firewall friendly

Agents connect to the Cachix backend, so there’s no need to open up your firewall or set up SSH access.

❤️ Open Source

The free plan comes with a limit of 3 devices, allowing you to configure your laptop, home IoT devices, and more, all for free.

Cloud scale

By design, from day one, it’s possible to launch tens of thousands of agents.

Show me how it works!

To run an agent that will manage the system profile:

$ cachix deploy agent myagentname
Jul 28 15:01:05 cherimoya cachix[423197]: [2022-07-28 20:01:05][agent.agent][Info][cherimoya][PID 423197][ThreadId 11][cachix-0.9.0-C7Vc7gBEpI2ERj6v15dAs:Cachix.Deploy.Websocket src/Cachix/Deploy/Websocket.hs:55:9] Agent myagentname 0.9.0 connecting to cachix.org/ws
Jul 28 15:01:06 cherimoya cachix[423197]: [2022-07-28 20:01:06][agent.agent][Info][cherimoya][PID 423197][ThreadId 11][cachix-0.9.0-C7Vc7gBEpI2ERj6v15dAs:Cachix.Deploy.Websocket src/Cachix/Deploy/Websocket.hs:61:13] Connected to Cachix Deploy service
Jul 28 15:01:06 cherimoya cachix[423197]: [2022-07-28 20:01:06][agent.agent][Info][cherimoya][PID 423197][ThreadId 3199][cachix-0.9.0-C7Vc7gBEpI2ERj6v15dAs:Cachix.Deploy.Websocket src/Cachix/Deploy/Websocket.hs:112:3] Agent registered.

The agent will require an agent token, which you can generate in the web interface.

To deploy to a set of agents (called a workspace), you’ll need to build a cachix-deploy.json file:

{ "agents":
    { "myagentname": "/nix/store/k6d87p7abmk4nn8424s2324a5s0p1xq1-nixos-system-myagentname-22.05pre-git"
    }
}

And with an activate auth token you can issue a deployment from anywhere else, like a CI or a developer machine:

cachix deploy activate cachix-deploy.json

The official documentation has instructions on how to use Nix helper functions to generate the JSON file.

See the administration interface to get started.

Examples

• Laptop configuration, built by GitHub Actions
• MacOS M1 agent

More examples to come in the next weeks.

Use cases

Developer Laptop

Version your laptop configuration in a Git repository.

Evaluate and build your laptop Nix files as part of your CI pipeline.

Push the resulting closure to a binary cache.

Deploy it from the last step in CI and as soon as it’s online it will deploy the latest profile.

A big fleet of machines

Using nix-eval-jobs you can evaluate a number of machines in parallel and deploy thousands of machines with a single cachix-deploy.json file.

Due to the CDN in front of the binary caches, all machines will come up in parallel.

IoT devices

Since there’s:

• A low memory requirement due to no building or evaluation done on the machines running the agent,
• Excellent cross-compilation support in Nix, and
• General support for many ARM platforms,

keeping IoT/Raspberry devices up to date has never been so simple.

Production and staging services

Together with CI automation, it’s possible to build a pipeline to:

1. Deploy changes from master to staging.
2. Run a number of functional tests.
3. If all tests pass, deploy to production.

Provisioning with Terraform

Provision machines using Terraform and keep them up to date with Cachix Deploy.

Managing developer environment profiles

Another interesting use case is to keep a set of developer environments up to date by running an agent on each of the machines and deploying a set of tooling to all of them.

Complex applications

It’s possible to run multiple agents on a single machine, each agent managing its own profile.

A typical example is to have one agent for the system profile, like NixOS, to receive only security bug fixes, while the application profile gets a much faster deployment cycle.

Roadmap

Watch the GitHub repository for issues and feature requests.

Depending on your feedback, the following features will be prioritized:

Tutorials

What hosting providers and use cases would you like to see tutorials for?

Multiple workspaces

Workspaces allow you to group agents and share the same binary cache.

Currently it’s only possible to create one workspace, but before general availability, multiple workspaces will be implemented.

Auto-rollback

If something goes wrong during deployment, let’s say you disable networking, the agent will be able to execute sanity checks and auto-rollback.

Secrets management

Support for provisioning secrets to the agents.

Preventing store path from being garbage collected

To prevent deployments being garbage collected in case they need to be rolled back to, pinning store paths will be implemented for caches.

Limitations

Only organizational admins can access Cachix Deploy for now.

Pricing (per month)

Entirely free during the public beta period.

The first 3 agents are free.

4 - 10 agents are $3 per agent.

11 - 90 agents are $1 per agent.

Each additional agent is $0.2.

FAQ

If agents come and go, what counts into the billing?

You’ll be charged the maximum of agents connected at once in a given month.

Does it support binary caches other than Cachix?

Yes, but you have to configure them as part of the provisioning.

Final words

I’m excited to see how Cachix Deploy improves some of your pain points related to Nix tooling.

Happy Nixing!

Domen