forked from Bos55/nix-config
81 lines
4 KiB
Markdown
81 lines
4 KiB
Markdown
# Nix Binary Cache Options Comparison
|
|
|
|
This document provides a formal comparison of various binary cache solutions for Nix, to help decide on the best fit for your Homelab and external development machines.
|
|
|
|
## Overview of Options
|
|
|
|
| Option | Type | Backend | Multi-tenancy | Signing | Best For |
|
|
| :--- | :--- | :--- | :--- | :--- | :--- |
|
|
| **Attic** | Self-hosted Server | S3 / Local / PG | Yes | Server-side | Teams/Homelabs with multiple caches and tenants. |
|
|
| **Harmonia** | Self-hosted Server | Local Store | No | Server-side | Simple setups serving a single machine's store. |
|
|
| **nix-serve** | Self-hosted Server | Local Store | No | Server-side | Legacy/Basic setups. |
|
|
| **Cachix** | Managed SaaS | Hosted S3 | Yes | Cloud-managed | User who wants zero-maintenance and global speed. |
|
|
| **Simple HTTP/S3** | Static Files | S3 / Web Server | No | Client-side | Minimalist, low-cost static hosting. |
|
|
|
|
---
|
|
|
|
## Detailed Analysis
|
|
|
|
### 1. Attic (The "Modern" Choice)
|
|
Attic is a modern, high-performance Nix binary cache server written in Rust.
|
|
|
|
* **Benefits:**
|
|
* **Global Deduplication**: If multiple caches (tenants) contain the same binary, it's only stored once.
|
|
* **Multi-tenancy**: You can create separate, isolated caches for different projects or users.
|
|
* **Management CLI**: Comes with an excellent CLI (`attic login`, `attic use`, `attic push`) that makes client configuration trivial.
|
|
* **Automatic Signing**: The server manages the private keys and signs paths on the fly.
|
|
* **Garbage Collection**: Support for LRU-based garbage collection.
|
|
* **Downsides:**
|
|
* **Complexity**: Requires a PostgreSQL database and persistent storage (though it can run in Docker).
|
|
* **Overhead**: Might be slight overkill for a single-user homelab.
|
|
|
|
### 2. Harmonia (The "Speed" Choice)
|
|
Harmonia is a fast, lightweight server that serves the local `/nix/store` directly.
|
|
|
|
* **Benefits:**
|
|
* **Extreme Performance**: Written in Rust, supports zstd and `http-ranges` for streaming.
|
|
* **Simple Setup**: If you already have a "Build Server", you just run Harmonia on it to expose its store.
|
|
* **Modern**: Uses the `nix-daemon` protocol for better security/integration.
|
|
* **Downsides:**
|
|
* **Single Machine**: Only serves the store of the host it's running on.
|
|
* **No Multi-tenancy**: No isolation between different caches.
|
|
|
|
### 3. nix-serve (The "Classic" Choice)
|
|
The original Perl implementation for serving a Nix store.
|
|
|
|
* **Benefits:**
|
|
* **Compatibility**: Virtually every Nix system knows how to talk to it.
|
|
* **Downsides:**
|
|
* **Performance**: Slower than Rust alternatives; lacks native compression optimizations.
|
|
* **Maintenance**: Requires Nginx for HTTPS/IPv6 support.
|
|
|
|
### 4. Cachix (The "No-Maintenance" Choice)
|
|
A managed service that "just works".
|
|
|
|
* **Benefits:**
|
|
* **Zero Infrastructure**: No servers to manage.
|
|
* **Global Reach**: Uses a CDN for fast downloads everywhere.
|
|
* **Downsides:**
|
|
* **Cost**: Private caches usually require a subscription.
|
|
* **Privacy**: Your binaries are stored on third-party infrastructure.
|
|
|
|
### 5. Simple HTTP / S3 (The "Minimalist" Choice)
|
|
Pushing files to a bucket and serving them statically.
|
|
|
|
* **Benefits:**
|
|
* **Cheap/Offline**: No server process running.
|
|
* **Robust**: No database or service to crash.
|
|
* **Downsides:**
|
|
* **Static Signing**: You must sign binaries on the CI machine before pushing.
|
|
* **No GC**: Managing deletes in a static bucket is manual and prone to errors.
|
|
|
|
---
|
|
|
|
## Recommendation
|
|
|
|
For your requirement of **Homelab integration + External machines**, **Attic** remains the strongest candidate because:
|
|
1. **Ease of Client Setup**: Your personal machines only need to run `attic login` and `attic use` once.
|
|
2. **CI Synergy**: Gitea Actions can push to Attic using standard tokens without needing SSH access to the server's store.
|
|
3. **Sovereignty**: You keep all your data within your own infrastructure.
|
|
|
|
If you prefer something simpler that just "exposes" your existing build host, **Harmonia** is the runner-up.
|