Title: Guix: fetch packages from other Guix in the LAN | |
Author: Solène | |
Date: 07 June 2021 | |
Tags: guix | |
Description: | |
# Introduction | |
In this how-to I will explain how to configure two Guix system to share | |
packages from one to another. The idea is that most of the time | |
packages are downloaded from ci.guix.gnu.org but sometimes you can | |
compile local packages too, in both case you will certainly prefer | |
computers from your network to get the same packages from a computer | |
that already had them to save some bandwidth. This is quite easy to | |
achieve in Guix. | |
We need at least two Guix systems, I'll name the one with the package | |
"server" and the system that will install packages the "client". | |
# Prepare the server | |
On the server, edit your /etc/config.scm file and add this service: | |
```Code: scheme language | |
(service guix-publish-service-type | |
(guix-publish-configuration | |
(host "0.0.0.0") | |
(port 8080) | |
(advertise? #t)))) | |
``` | |
Guix Manual: guix-publish service | |
Run "guix archive --generate-key" as root to create a public key and | |
then reconfigure the system. Your system is now publishing packages on | |
port 8080 and advertising it with mDNS (involving avahi). | |
Your port 8080 should be reachable now with a link to a public key. | |
# Prepare the client | |
On the client, edit your /etc/config.scm file and modify the | |
"%desktop-services" or "%base-services" if any. | |
```Code: scheme language | |
(guix-service-type | |
config => | |
(guix-configuration | |
(inherit config) | |
(discover? #t) | |
(authorized-keys | |
(append (list (local-file "/etc/key.pub")) | |
%default-authorized-guix-keys))))))) | |
``` | |
Guix Manual: Getting substitutes from other servers | |
Download the public key from the server (visiting its ip on port 8080 | |
you will get a link) and store it in "/etc/key.pub", reconfigure your | |
system. | |
Now, when you install a package, you should see from where the | |
substitution (name for packages) are downloaded from. | |
# Declaring a repository (not dynamic) | |
In the previous example, we are using advertising on the server and | |
discovery on the client, this may not be desired and won't work from a | |
different network. | |
You can manually register a remote substitute server instead of using | |
discovery by using "substitute-urls" like this: | |
``` | |
(guix-service-type | |
config => | |
(guix-configuration | |
(inherit config) | |
(discover? #t) | |
(substitute-urls | |
(append (list "http://192.168.1.66:8080") | |
%default-substitute-urls)) | |
(authorized-keys | |
(append (list (local-file "/etc/key.pub")) | |
%default-authorized-guix-keys))))))) | |
``` | |
# Conclusion | |
I'm doing my best to avoid wasting bandwidth and resources in general, | |
I really like this feature because this doesn't require much | |
configuration or infrastructure and work in a sort of peer-to-peer. | |
Other projects like Debian prefer using a proxy that keep in cache the | |
packages downloaded and act as a repository provider itself to proxyfi | |
the service. | |
In case of doubts of the validity of the substitutions provided by an | |
url, the challenge feature can be used to check if reproducible builds | |
done locally match the packages provided by a source. | |
Guix Manual: guix challenge documentation | |
Guix Manual: guix weather, a command to get information from a repository |