I’m excited to announce ncps, a new proxy server designed to speed up your Nix dependency retrieval and build times, especially in environments with multiple machines.
ncps acts as a local binary cache on your network, fetching store paths from upstream caches (like cache.nixos.org) and storing them locally. This means:
Reduced bandwidth usage: Each dependency is pulled only once onto the cache, and then all machines on your network can use it, saving on internet costs and improving network performance.
Faster build times: Get your projects built quicker with readily available dependencies.
Here’s what makes ncps stand out:
Easy setup: Get it running with just a few configuration flags.
Multiple upstream caches: Configure multiple sources for redundancy and flexibility.
Secure caching: ncps signs cached paths with its own key, ensuring integrity.
Cache size management: Prevent your cache from growing indefinitely with configurable maximum size and automated cleanup.
Zstandard compression support: Specifically designed for use with Harmonia, ncps efficiently stores and serves NAR files compressed with zstd as received during HTTP transport, without any decompression overhead. This results in faster storage and retrieval of dependencies.
OpenTelemetry support: Integrate with OpenTelemetry for centralized logging, metrics, and tracing.
no, nix does not handle this well; you need to put things like this in trusted-substituters and specify them on the command line when you want to use them.
One key hope for a proxy like this is that it might help handle the errors more gracefully, as long as the proxy itself is reachable (which perhaps means local)
I was thinking of adding a feature to return priority based on client’s IP address: Less than 30 for local clients and >100 for remote; But I wanted to wait to gather more use-cases before I commit to adding more complexity.
This looks really interesting, as this duplication of downloads is something I’m definitely hitting!
However I was hoping to use a binary cache also for anything I end up compiling, when it’s not already in the official cache.
Is there a way I could achieve that automatically, as well as ncps primary benefits?
If not, is some kind of ability to automatically push locally built packages to ncps a realistic possibility in future?
Is there any nix proposal that would allow us to “set a cache proxy” that would always be used when fetching store paths and would allow us to cache store paths from every nix caches we use?
In other words, with ncps, we need to specify the upstream caches in advance. Wouldn’t it be nice to just have a “proxy” that would cache everything (without having to use a MITM proxy)?
Yes, it does. I use it all the time. I build my servers locally, send them to my nix cache and when I apply each server it goes pretty fast since it pulls from the cache over my 10G network; My aim is to minimize downtime on my Kubernetes cluster.
That’s exactly why I added the PUT functionality gated with the --cache-allow-put-verb which allows you to push directly to the cache. Example of how I use it:
Not at this time since that will complicate garbage collection (implemented as LRU). I would be willing to review pull requests for it. Please consider opening an issue on ncps to allow people to vote on it, with enough votes, I’d consider spending the time on it.