Getting Started

Creating the cache

With Nix and Cachix installed you can cache any Nix build result.

After logging into Cachix you’ll be able to create a new binary cache.

It’s recommended to setup new binary caches per trust model, depending on who are the users that will have write access and the same for read access.

Most teams will have one private and one public cache.

Public caches have read access open to everyone.

If you’d like to keep your binaries protected from public access, make sure to create a private cache.

Authenticating

There are two kinds of auth tokens:

  1. Personal

    These allow full access to your account and can be generated here.

  2. Per-cache

    These allow write and/or read access to only a specific binary cache. On dashboard you can click on your newly generated binary cache Settings and generate new term:access token.

    You can set auth token either with:

    1. $ cachix authtoken XXX

    2. $ export CACHIX_AUTH_TOKEN=XXX

Signing key (optional)

Note

All binary caches created until 2020-11-09 are using self-generated signing key. <https://blog.cachix.org/posts/2020-11-09-write-access-control-for-binary-caches/>

When creating a binary cache you can opt-in to handle the signing key yourself. In case you picked to manage your binary cache with auth tokens only, you can skip this step.

Using an auth token you can generate a signing key:

$ cachix generate-keypair mycache

Signing key is saved locally on your computer and printed to stdout, make sure to make a backup.

Using the recently written signing key (or by exporting it via environment variable $CACHIX_SIGNING_KEY)

Pushing binaries with Cachix

Assuming you have a project with default.nix you can start pushing:

$ nix-build | cachix push mycache

Note

In case you get Signing key not found error, make sure cachix --version says 0.5.1, otherwise install the latest version.

It’s recommended to use Continuous Integration to push for every branch of every project. See Getting Started With Continuous Integration.

Using binaries with Nix

Note

For read access to private caches you’ll also need to run cachix authtoken XXX or export $CACHIX_AUTH_TOKEN before invoking cachix use in order to configure access token, to be used for authenticating using netrc file.

With Nix and Cachix installed invoke:

$ cachix use mycache

to configure Nix to use your binary cache.

There are different ways to configure Nix so Cachix will pick the most appropriate one for your setup.