Creating the cache¶
With Nix and Cachix installed you can cache any Nix build result.
After logging into Cachix you’ll be able to create a new binary cache.
It’s recommended to setup new binary caches per trust model, depending on who are the users that will have write access and the same for read access.
Most teams will have one private and one public cache.
Public caches have read access open to everyone.
If you’d like to keep your binaries protected from public access, make sure to create a private cache.
There are two kinds of auth tokens:
These allow full access to your account and can be generated here.
These allow write and/or read access to only a specific binary cache. On dashboard you can click on your newly generated binary cache Settings and generate new term:access token.
You can set auth token either with:
$ cachix authtoken XXX
$ export CACHIX_AUTH_TOKEN=XXX
Signing key (advanced mode)¶
In case you didn’t opt-in to self-generated signing key, you can skip this step.
To generate a signing key:
$ cachix authtoken <my auth token> $ cachix generate-keypair <mycache>
Signing key is saved locally on your computer (the only copy!) and printed to stdout, make sure to make a backup.
Cachix will automatically pick up the recently written signing key (or if you export it via environment variable
Pushing binaries with Cachix¶
Assuming you have a project with
default.nix you can build it and push:
$ nix-build | cachix push mycache
It’s recommended to set up Continuous Integration to push for every branch of every project.
Using binaries with Nix¶
For read access to private caches you’ll also need to run
cachix authtoken XXX or export $CACHIX_AUTH_TOKEN
cachix use in order to configure access token,
to be used for authenticating using netrc file.
With Nix and Cachix installed invoke:
$ cachix use mycache
to configure Nix to use your binary cache.
There are different ways to configure Nix so Cachix will pick the most appropriate one for your setup.