For Nix users in China, the slow download speed of https://cache.nixos.org and other services has been a long standing issue. After quite a bit of time and work, I’m pleased to announce that has the TUNA mirror of Nix/Nixpkgs/NixOS has completed its initial download and is up and running.
By the point you read this, the help page (Chinese only, sorry) at /help/nix might have been updated to include more detailed instructions on using this mirror in your own setup. If not you can check it out on GitHub.
The scripts downloading files for this mirror is available in https://github.com/tuna/tunasync-scripts/ as nix*.py, for those who might need it. I’m sorry that this is undocumented for now, but I’ll try my best to help you get those working if you want to use them.
I sincerely hope that this would help the growing China Nix community, and make it easier to get started with Nix for newcomers in China. If you use it and find it helpful, I’d be glad to know. If you find any problems, please also don’t hesitate to report and help make this mirror better.
Many thanks for everyone involved in this. Without the cooperation of the generous support from the Nix community and the help from mirror maintainers from TUNA and USTCLUG, this would have never happened. Although I’m the one talking here I feel hugely indebted for the help received allowing able to do this.
A bit of implementation detail: Yes I had to avoid nix copy which decompresses and recompresses packages. xz is terribly computationally heavy and instantly turns the mirroring server into a build farm. As described in this comment I just used nix path-info to get the narinfo data and went from there.
Excellent! I was hoping that regional mirroring might become a thing. My experience in Europe has been that cache lookups are transparent but in India I seem to find each cache miss is noticeable.
Just a quick notice: the mirror has been failing because of the recent changes to nixos.org. I’m going to fix this hopefully by grabbing the listings from S3.
The minimal docker file workflow shown in the asciinema demo is not reproducible at least on my system (WSL2 NixOS).
Maybe we can use a more reliable demo.
The files transcribed from the demo I am using:
# redis-minimal.nix
{ pkgs ? import <nixpkgs> {}
}:
pkgs.redis.overrideAttrs (old: {
# no need for systemd support in our docker image
makeFlags = old.makeFlags ++ ["USE_SYSTEMD=no"];
# build static binary with musl
preBuild = ''
makeFlagsArray=(PREFIX="$out"
CC="${pkgs.musl.dev}/bin/musl-gcc -static"
CFLAGS="-I${pkgs.musl.dev}/include"
LDFLAGS="-L${pkgs.musl.dev}/lib")
'';
# Let's remove some binaries which we don't need
postInstall = "rm -f $out/bin/redis-{benchmark,check-*,cli}";
})
and
# docker-redis-minimal.nix
{ pkgs ? import <nixpkgs> { system = "x86_64-linux";}
}:
# nixpkgs package set
let
redisMinimal = import ./redis-minimal.nix { inherit pkgs; };
in
pkgs.dockerTools.buildLayeredImage { # helper to build docker image
name = "nix-redis-minimal"; # give docker image a name
tag = "latest"; # provide a tag
contents = [ redisMinimal ]; # use redisMinimal package
}
leading to this error (tail):
LINK redis-server
/nix/store/9f8y44vmjnwdjvzlff0gm3f3g6ycyyqy-binutils-2.35.1/bin/ld: cannot find -lssl
/nix/store/9f8y44vmjnwdjvzlff0gm3f3g6ycyyqy-binutils-2.35.1/bin/ld: cannot find -lcrypto
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:302: redis-server] Error 1
make[1]: *** Waiting for unfinished jobs…
make[1]: Leaving directory ‘/build/redis-6.0.10/src’
make: *** [Makefile:6: all] Error 2
Is it possible to use this with flakes? I thought I had it figured out, but it was just a fluke. All downloads are still going through https://cache.nixos.org.
error: builder for '/nix/store/a68j9bys24cr3m1bixy4bz92q27bmx7k-bash52-005.drv' failed with exit code 1;
last 25 log lines:
> <p lang="zh-cn">尊敬的访问者, </p>
> <p lang="en">Dear visitor, </p>
> <p lang="fr">Chère cliente, </p>
> <p lang="ja">訪問者へ 、</p>
> <p> </p>
> <p lang="zh-cn">您好!</p>
> <p lang="en">Hello! </p>
> <p lang="fr">Bonjour! </p>
> <p lang="ja">こんにちは !</p>
> <p> </p>
> <p lang="zh-cn">我们检测到您所 在的子网和/或所使用的客户端存在大量下载某些较大二进制 文件 的行为,为保证用户的正常使用,我们阻断了此类请求 。</p>
> <p lang="en">We have detected enormous traffic from your network or client and have blocked your requests to ensure the quality of service for normal users.</p>
> <p lang="fr">Nous avons détecté un grand nombre de téléchargements de certains fichiers binaires volumineux à partir de votre sous-réseau et/ou du client que vous utilisez et avons bloqué ces requêtes pour garantir un accès normal aux utilisateurs.</p>
> <p lang="ja">お客様のサブネ ットおよび/またはクライアントで、特定の大きなバイナリ のダ ウンロードを多数検出しました。お客様の通常の使用 のためこれらのリクエストをブロックさせていただきます。</p>
> <p> </p>
> <p lang="zh-cn">您可以尝试更 改网络环境或更换客户端;您也可以联系 <a href="mailto:support@tuna.tsinghua.edu.cn">support@tuna.tsinghua.edu.cn</a> 并附上下方的标识符。</p>
> <p lang="en">You could try another network or client, or have your network administrator contact <a href="mailto:support@tuna.tsinghua.edu.cn">support@tuna.tsinghua.edu.cn</a> with the identifier below.</p>
> <p lang="fr">Vous pouvez essayer de modifier votre environnement réseau ou de changer de client ; vous pouvez également contacter <a href="mailto:support@tuna.tsinghua.edu.cn">support@tuna.tsinghua.edu.cn</a> avec l'identifiant ci-dessous.</p>
> <p lang="ja">ネットワーク環境の変更、クライアントの変更などをお試しください。ま た、 下記の識別子を用いて <a href="mailto:support@tuna.tsinghua.edu.cn">support@tuna.tsinghua.edu.cn</a> までご連絡ください。</p>
> <p> </p>
> <p><code>00000058 36eba0d278a11817f76bf56bd7fdec09</code></p>
> </div>
> </div>
> </body>
> </html>
I apologize if necrobumping is against the rules. It’s asking me if I want to, but it seems like a good idea since this is where the mirror was announced. Please delete if it’s unwelcome.
As described 
fantastic!