From 52a040da21a48bd3f5d671b5818878eb2c7a31ed Mon Sep 17 00:00:00 2001 From: Tibo De Peuter Date: Tue, 17 Mar 2026 20:10:40 +0100 Subject: [PATCH] Update Nix Binary Cache Options Comparison --- ... => Nix-Binary-Cache-Options-Comparison.md | 160 +++++++++--------- 1 file changed, 79 insertions(+), 81 deletions(-) rename binary-cache-options.md => Nix-Binary-Cache-Options-Comparison.md (98%) diff --git a/binary-cache-options.md b/Nix-Binary-Cache-Options-Comparison.md similarity index 98% rename from binary-cache-options.md rename to Nix-Binary-Cache-Options-Comparison.md index cb3ee4b..bc9a185 100644 --- a/binary-cache-options.md +++ b/Nix-Binary-Cache-Options-Comparison.md @@ -1,81 +1,79 @@ -# Nix Binary Cache Options Comparison - -This document provides a formal comparison of various binary cache solutions for Nix, to help decide on the best fit for your Homelab and external development machines. - -## Overview of Options - -| Option | Type | Backend | Multi-tenancy | Signing | Best For | -| :--- | :--- | :--- | :--- | :--- | :--- | -| **Attic** | Self-hosted Server | S3 / Local / PG | Yes | Server-side | Teams/Homelabs with multiple caches and tenants. | -| **Harmonia** | Self-hosted Server | Local Store | No | Server-side | Simple setups serving a single machine's store. | -| **nix-serve** | Self-hosted Server | Local Store | No | Server-side | Legacy/Basic setups. | -| **Cachix** | Managed SaaS | Hosted S3 | Yes | Cloud-managed | User who wants zero-maintenance and global speed. | -| **Simple HTTP/S3** | Static Files | S3 / Web Server | No | Client-side | Minimalist, low-cost static hosting. | - ---- - -## Detailed Analysis - -### 1. Attic (The "Modern" Choice) -Attic is a modern, high-performance Nix binary cache server written in Rust. - -* **Benefits:** - * **Global Deduplication**: If multiple caches (tenants) contain the same binary, it's only stored once. - * **Multi-tenancy**: You can create separate, isolated caches for different projects or users. - * **Management CLI**: Comes with an excellent CLI (`attic login`, `attic use`, `attic push`) that makes client configuration trivial. - * **Automatic Signing**: The server manages the private keys and signs paths on the fly. - * **Garbage Collection**: Support for LRU-based garbage collection. -* **Downsides:** - * **Complexity**: Requires a PostgreSQL database and persistent storage (though it can run in Docker). - * **Overhead**: Might be slight overkill for a single-user homelab. - -### 2. Harmonia (The "Speed" Choice) -Harmonia is a fast, lightweight server that serves the local `/nix/store` directly. - -* **Benefits:** - * **Extreme Performance**: Written in Rust, supports zstd and `http-ranges` for streaming. - * **Simple Setup**: If you already have a "Build Server", you just run Harmonia on it to expose its store. - * **Modern**: Uses the `nix-daemon` protocol for better security/integration. -* **Downsides:** - * **Single Machine**: Only serves the store of the host it's running on. - * **No Multi-tenancy**: No isolation between different caches. - -### 3. nix-serve (The "Classic" Choice) -The original Perl implementation for serving a Nix store. - -* **Benefits:** - * **Compatibility**: Virtually every Nix system knows how to talk to it. -* **Downsides:** - * **Performance**: Slower than Rust alternatives; lacks native compression optimizations. - * **Maintenance**: Requires Nginx for HTTPS/IPv6 support. - -### 4. Cachix (The "No-Maintenance" Choice) -A managed service that "just works". - -* **Benefits:** - * **Zero Infrastructure**: No servers to manage. - * **Global Reach**: Uses a CDN for fast downloads everywhere. -* **Downsides:** - * **Cost**: Private caches usually require a subscription. - * **Privacy**: Your binaries are stored on third-party infrastructure. - -### 5. Simple HTTP / S3 (The "Minimalist" Choice) -Pushing files to a bucket and serving them statically. - -* **Benefits:** - * **Cheap/Offline**: No server process running. - * **Robust**: No database or service to crash. -* **Downsides:** - * **Static Signing**: You must sign binaries on the CI machine before pushing. - * **No GC**: Managing deletes in a static bucket is manual and prone to errors. - ---- - -## Recommendation - -For your requirement of **Homelab integration + External machines**, **Attic** remains the strongest candidate because: -1. **Ease of Client Setup**: Your personal machines only need to run `attic login` and `attic use` once. -2. **CI Synergy**: Gitea Actions can push to Attic using standard tokens without needing SSH access to the server's store. -3. **Sovereignty**: You keep all your data within your own infrastructure. - -If you prefer something simpler that just "exposes" your existing build host, **Harmonia** is the runner-up. +This document provides a formal comparison of various binary cache solutions for Nix, to help decide on the best fit for your Homelab and external development machines. + +## Overview of Options + +| Option | Type | Backend | Multi-tenancy | Signing | Best For | +| :--- | :--- | :--- | :--- | :--- | :--- | +| **Attic** | Self-hosted Server | S3 / Local / PG | Yes | Server-side | Teams/Homelabs with multiple caches and tenants. | +| **Harmonia** | Self-hosted Server | Local Store | No | Server-side | Simple setups serving a single machine's store. | +| **nix-serve** | Self-hosted Server | Local Store | No | Server-side | Legacy/Basic setups. | +| **Cachix** | Managed SaaS | Hosted S3 | Yes | Cloud-managed | User who wants zero-maintenance and global speed. | +| **Simple HTTP/S3** | Static Files | S3 / Web Server | No | Client-side | Minimalist, low-cost static hosting. | + +--- + +## Detailed Analysis + +### 1. Attic (The "Modern" Choice) +Attic is a modern, high-performance Nix binary cache server written in Rust. + +* **Benefits:** + * **Global Deduplication**: If multiple caches (tenants) contain the same binary, it's only stored once. + * **Multi-tenancy**: You can create separate, isolated caches for different projects or users. + * **Management CLI**: Comes with an excellent CLI (`attic login`, `attic use`, `attic push`) that makes client configuration trivial. + * **Automatic Signing**: The server manages the private keys and signs paths on the fly. + * **Garbage Collection**: Support for LRU-based garbage collection. +* **Downsides:** + * **Complexity**: Requires a PostgreSQL database and persistent storage (though it can run in Docker). + * **Overhead**: Might be slight overkill for a single-user homelab. + +### 2. Harmonia (The "Speed" Choice) +Harmonia is a fast, lightweight server that serves the local `/nix/store` directly. + +* **Benefits:** + * **Extreme Performance**: Written in Rust, supports zstd and `http-ranges` for streaming. + * **Simple Setup**: If you already have a "Build Server", you just run Harmonia on it to expose its store. + * **Modern**: Uses the `nix-daemon` protocol for better security/integration. +* **Downsides:** + * **Single Machine**: Only serves the store of the host it's running on. + * **No Multi-tenancy**: No isolation between different caches. + +### 3. nix-serve (The "Classic" Choice) +The original Perl implementation for serving a Nix store. + +* **Benefits:** + * **Compatibility**: Virtually every Nix system knows how to talk to it. +* **Downsides:** + * **Performance**: Slower than Rust alternatives; lacks native compression optimizations. + * **Maintenance**: Requires Nginx for HTTPS/IPv6 support. + +### 4. Cachix (The "No-Maintenance" Choice) +A managed service that "just works". + +* **Benefits:** + * **Zero Infrastructure**: No servers to manage. + * **Global Reach**: Uses a CDN for fast downloads everywhere. +* **Downsides:** + * **Cost**: Private caches usually require a subscription. + * **Privacy**: Your binaries are stored on third-party infrastructure. + +### 5. Simple HTTP / S3 (The "Minimalist" Choice) +Pushing files to a bucket and serving them statically. + +* **Benefits:** + * **Cheap/Offline**: No server process running. + * **Robust**: No database or service to crash. +* **Downsides:** + * **Static Signing**: You must sign binaries on the CI machine before pushing. + * **No GC**: Managing deletes in a static bucket is manual and prone to errors. + +--- + +## Recommendation + +For your requirement of **Homelab integration + External machines**, **Attic** remains the strongest candidate because: +1. **Ease of Client Setup**: Your personal machines only need to run `attic login` and `attic use` once. +2. **CI Synergy**: Gitea Actions can push to Attic using standard tokens without needing SSH access to the server's store. +3. **Sovereignty**: You keep all your data within your own infrastructure. + +If you prefer something simpler that just "exposes" your existing build host, **Harmonia** is the runner-up.