 |
Title: Local peer to peer binary cache with NixOS and Peerix |
|
Author: Solène |
|
Date: 25 August 2022 |
|
Tags: nixos nocloud |
|
Description: This article explains how to use Peerix on NixOS to |
|
download packages from peers on the network. |
|
|
|
# Introduction |
|
|
|
There is a cool project related to NixOS, called Peerix. It's a local |
|
daemon exposed as a local substituter (a server providing binary |
|
packages) that will discover other Peerix daemon on the local network, |
|
and use them as a source of binary packages. |
|
|
|
Peerix is a simple way to reuse package already installed somewhere on |
|
the network instead of downloading it again. Packages delivered by |
|
Peerix substituters are signed with a private key, so you need to |
|
import each computer public key before being able to download/use their |
|
packages. While this can be cumbersome, this also mandatory to prevent |
|
someone on the network to spoof packages. |
|
|
|
Perrix should be used wisely, because secrets in your store could be |
|
leaked to others. |
|
|
 |
Peerix GitHub page |
|
|
|
# Generating the keys |
|
|
|
First step is to generate a pair of keys for each computer using |
|
Peerix. |
|
|
|
In the directory in which you have your configurations files, use the |
|
command: |
|
|
|
``` |
|
nix-store --generate-binary-cache-key "peerix-$(hostname -s)" peerix-private pe… |
|
``` |
|
|
|
# Setup |
|
|
|
I will only cover the flakes installation on NixOS. Add the files |
|
peerix-private and peerix-public to git as this is a requirement to |
|
flakes. |
|
|
|
NOTE: if you find a way to not add the private key to the store, I'll |
|
be glad to hear about your solution! |
|
|
|
Add this input in your flake.nix file: |
|
|
|
```nix |
|
peerix = { |
|
url = "github:cid-chan/peerix"; |
|
inputs.nixpkgs.follows = "nixpkgs"; |
|
}; |
|
``` |
|
|
|
Add "peerix" in the outputs parameters lile: |
|
|
|
```nix |
|
outputs = { eslf, nixpkgs, peerix}: { |
|
``` |
|
|
|
And in the modules list of your configuration, add this: |
|
|
|
``` |
|
peerix.nixosModules.peerix |
|
{ |
|
services.peerix = { |
|
enable = true; |
|
package = peerix.packages.x86_64-linux.peerix; |
|
openFirewall = true; # UDP/12304 |
|
privateKeyFile = ./peerix-private; |
|
publicKeyFile = ./peerix-public; |
|
publicKey = "THE CONTENT OF peerix-public FROM THE OTHER COMPUTER"; |
|
# example # publicKey = "peerix-laptop:1ZjzxYFhzeRMni4CyK2uKHjgo6xy0="; |
|
}; |
|
} |
|
``` |
|
|
|
If you have multiple public keys to use, just add them with a space |
|
between each value. |
|
|
|
Run "nix flake lock --update-input peerix" and you can now reconfigure |
|
your system. |
|
|
|
# How to use |
|
|
|
There is nothing special to do, when you update your system, or use |
|
nix-shell, the nix-daemon will use the local Peerix substituter first |
|
which will discover other Peerix instances if any, and will use them |
|
when possible. |
|
|
|
You can check the logs of the peerix daemons using "journalctl -f -u |
|
peerix.service" on both systems. |
|
|
|
# Conclusion |
|
|
|
While Peerix isn't a big project, it has a lot of potential to help |
|
NixOS users with multiple computers to have a more efficient bandwidth |
|
usage, but also build time. If you build the same project (with same |
|
inputs) on your computers, you can pull the result from the other. |
