Blog
Introducing Pins: Permanent Nix Binary Storage
• Domen
Binary caches are an indispensable ally when it comes to avoiding tedious rebuilds by distributing Nix binaries. However, caches can hoard obsolete store paths that aren’t necessary anymore, which occupy precious storage space. As the cache swells beyond its storage capacity, these old store paths eventually have to be evicted. Cachix takes care of this routinely by initiating a process known as garbage collection.
Previously, the decision of what to remove from the cache was not in the hands of the users.…
Cachix 1.3: Uploads unleashed
• Sander
Serving files is the bread and butter of Cachix. Fetching store paths from Cachix is fast — downloads are served directly from fast distributed cloud storage. Uploads, however, are a different story.
Each upload still had to go directly through one of our servers, making our ingest bandwidth a scarce and highly contested resource during peak times.
Many of our users rely on Cachix in their CI pipelines, where slower uploads lead to longer CI runs and a worse developer experience, which is why we’ve been busy reorganizing our internals to remove this bottleneck.…
ZSTD compression by default
• Domen
We’ve been pioneering and supporting the addition of ZSTD compression to Nix since 2018.
In November 2021, Nix 2.4 was finally released with ZSTD support.
As of today, the Cachix 1.1 client will compress any pushed binaries using zstd by default, which can be reversed back to XZ compression in the binary cache settings.
This will significantly speed up pushing, as it was previously capped at around ~3-5mbit/s due to XZ compression hitting CPU per-core limits.…
Cachix Deploy Public Beta
• Domen
I’m happy to announce the public beta for Cachix Deploy.
Cachix Deploy was built to remove the hassle around managing the life cycle of a Nix profile.
Cachix Deploy provides continuous deployments to a Nix profile (like NixOS, nix-darwin or home-manager) using a binary cache.
It consists of running a simple agent process cachix deploy agent that listens for a new deployment and executes them. There’s no Nix evaluation or building done on the agent.…
NixOS OceanSprint 2021 wrap up
Last week a dozen or so people gathered on the island of Lanzarote to hack on NixOS.
If it wasn’t for COVID-19, we’d have a week long of sauna and a private lake in Finland last year, but we had to cancel the event before it was even announced.
Wrap up The weather on Lanzarote is usually sunny all year long.
Last week we were a bit unfortunate to have two days of wind/clouds and we still managed to hack outdoors all days!…
Introducing Organizations
Today I’m introducing Organizations support in Cachix.
If you’ve ever had to manage multiple Cachix accounts, wanted a team-specific dashboard or needed to have multiple admins, you’re going to love Organizations.
Once you’ve created an organization, it will automatically enter a 14-day trial period.
If you’d like to use Organizations for an open source project, please reach out via live chat or [email protected]
Get started Click on “Select an account” dropdown at the top right corner:…
Postmortem of outage on 20th December
On 20 December, Cachix experienced a six-hour downtime, the second significant outage since the service started operating on 1 June 2018.
Here are the details of what exactly happened and what has been done to prevent similar events from happening.
Timeline (UTC) 02:55:07 - Backend starts to emit errors for all HTTP requests 02:56:00 - Pagerduty tries to notify me of outage via email, phone and mobile app 09:01:00 - I wake up and see the notifications 09:02:02 - Backend is restarted and recovers Root cause analysis All ~24k HTTP requests that reached the backend during the outage failed with the following exception:…
Write access control for binary caches
As Cachix is growing, I have noticed a few issues along the way: Signing keys are still the best way to upload content and not delegate trust to Cachix, but users have also found that they can be difficult to manage, particularly if the secret key needs to be rotated.
At this point, the best option is to clear out the cache completely, and re-sign everything with a newly generated key.…
Changes to Garbage Collection
Based on your feedback, I have made the following two changes:
When downloading <store-hash>.narinfo the timestamp of last access is updated, previously this would happen only with nar archives.
This change allows tools like nix-build-uncached to prevent unneeded downloads and playing nicely with Cachix garbage collection algorithm!
Previously, the algorithm ordered paths first by last accessed timestamp and then by creation timestamp.
That worked well until you had all entries with last accessed and all newly created store paths will get deleted first.…
Upstream caches: avoiding pushing paths in cache.nixos.org
One of the most requested features, the so-called upstream caches was released today.
It is enabled by default for all caches, and the owner of the binary cache can disable it via Settings.
When you push store paths to Cachix, querying cache.nixos.org adds overhead of multiples of 100ms, but you save storage and possibly minutes for avoiding the pushing of already available paths.
Queries to cache.nixos.org are also cached, so that subsequent push operations do not have the overhead.…