# Nix Binary Cache Options Comparison This document provides a formal comparison of various binary cache solutions for Nix, to help decide on the best fit for your Homelab and external development machines. ## Overview of Options | Option | Type | Backend | Multi-tenancy | Signing | Best For | | :--- | :--- | :--- | :--- | :--- | :--- | | **Attic** | Self-hosted Server | S3 / Local / PG | Yes | Server-side | Teams/Homelabs with multiple caches and tenants. | | **Harmonia** | Self-hosted Server | Local Store | No | Server-side | Simple setups serving a single machine's store. | | **nix-serve** | Self-hosted Server | Local Store | No | Server-side | Legacy/Basic setups. | | **Cachix** | Managed SaaS | Hosted S3 | Yes | Cloud-managed | User who wants zero-maintenance and global speed. | | **Simple HTTP/S3** | Static Files | S3 / Web Server | No | Client-side | Minimalist, low-cost static hosting. | --- ## Detailed Analysis ### 1. Attic (The "Modern" Choice) Attic is a modern, high-performance Nix binary cache server written in Rust. * **Benefits:** * **Global Deduplication**: If multiple caches (tenants) contain the same binary, it's only stored once. * **Multi-tenancy**: You can create separate, isolated caches for different projects or users. * **Management CLI**: Comes with an excellent CLI (`attic login`, `attic use`, `attic push`) that makes client configuration trivial. * **Automatic Signing**: The server manages the private keys and signs paths on the fly. * **Garbage Collection**: Support for LRU-based garbage collection. * **Downsides:** * **Complexity**: Requires a PostgreSQL database and persistent storage (though it can run in Docker). * **Overhead**: Might be slight overkill for a single-user homelab. ### 2. Harmonia (The "Speed" Choice) Harmonia is a fast, lightweight server that serves the local `/nix/store` directly. * **Benefits:** * **Extreme Performance**: Written in Rust, supports zstd and `http-ranges` for streaming. * **Simple Setup**: If you already have a "Build Server", you just run Harmonia on it to expose its store. * **Modern**: Uses the `nix-daemon` protocol for better security/integration. * **Downsides:** * **Single Machine**: Only serves the store of the host it's running on. * **No Multi-tenancy**: No isolation between different caches. ### 3. nix-serve (The "Classic" Choice) The original Perl implementation for serving a Nix store. * **Benefits:** * **Compatibility**: Virtually every Nix system knows how to talk to it. * **Downsides:** * **Performance**: Slower than Rust alternatives; lacks native compression optimizations. * **Maintenance**: Requires Nginx for HTTPS/IPv6 support. ### 4. Cachix (The "No-Maintenance" Choice) A managed service that "just works". * **Benefits:** * **Zero Infrastructure**: No servers to manage. * **Global Reach**: Uses a CDN for fast downloads everywhere. * **Downsides:** * **Cost**: Private caches usually require a subscription. * **Privacy**: Your binaries are stored on third-party infrastructure. ### 5. Simple HTTP / S3 (The "Minimalist" Choice) Pushing files to a bucket and serving them statically. * **Benefits:** * **Cheap/Offline**: No server process running. * **Robust**: No database or service to crash. * **Downsides:** * **Static Signing**: You must sign binaries on the CI machine before pushing. * **No GC**: Managing deletes in a static bucket is manual and prone to errors. --- ## Recommendation For your requirement of **Homelab integration + External machines**, **Attic** remains the strongest candidate because: 1. **Ease of Client Setup**: Your personal machines only need to run `attic login` and `attic use` once. 2. **CI Synergy**: Gitea Actions can push to Attic using standard tokens without needing SSH access to the server's store. 3. **Sovereignty**: You keep all your data within your own infrastructure. If you prefer something simpler that just "exposes" your existing build host, **Harmonia** is the runner-up.