Announcing TUNA Nix mirror

For Nix users in China, the slow download speed of https://cache.nixos.org and other services has been a long standing issue. After quite a bit of time and work, I’m pleased to announce that has the TUNA mirror of Nix/Nixpkgs/NixOS has completed its initial download and is up and running.

If you’re experienced with Nix, this list of URLs should get you started: (URLs listed relative to https://mirrors.tuna.tsinghua.edu.cn)

By the point you read this, the help page (Chinese only, sorry) at /help/nix might have been updated to include more detailed instructions on using this mirror in your own setup. If not you can check it out on GitHub.

The scripts downloading files for this mirror is available in https://github.com/tuna/tunasync-scripts/ as nix*.py, for those who might need it. I’m sorry that this is undocumented for now, but I’ll try my best to help you get those working if you want to use them.

I sincerely hope that this would help the growing China Nix community, and make it easier to get started with Nix for newcomers in China. If you use it and find it helpful, I’d be glad to know. If you find any problems, please also don’t hesitate to report and help make this mirror better.

Many thanks for everyone involved in this. Without the cooperation of the generous support from the Nix community and the help from mirror maintainers from TUNA and USTCLUG, this would have never happened. Although I’m the one talking here I feel hugely indebted for the help received allowing able to do this.

24 Likes

A bit of implementation detail: Yes I had to avoid nix copy which decompresses and recompresses packages. xz is terribly computationally heavy and instantly turns the mirroring server into a build farm. :laughing: As described in this comment I just used nix path-info to get the narinfo data and went from there.

:nix_parrot: fantastic!

Excellent! I was hoping that regional mirroring might become a thing. My experience in Europe has been that cache lookups are transparent but in India I seem to find each cache miss is noticeable.

Just a quick notice: the mirror has been failing because of the recent changes to nixos.org. I’m going to fix this hopefully by grabbing the listings from S3.

Update: The mirror is now updating normally.

1 Like

What changes have you encountered?

This:

1 Like

Where can I find the public key for this binary cache? I can’t find it anywhere.

It’s just a mirror of the official binary cache, so no extra signature is needed.

Just use the default public key. Files you download from this mirror are all copied verbatim from cache.nixos.org so they’ll have the same signature.

Note that the name cache.nixos.org-1 is not necessarily with the domain name.

The minimal docker file workflow shown in the asciinema demo is not reproducible at least on my system (WSL2 NixOS).

Maybe we can use a more reliable demo.

The files transcribed from the demo I am using:

# redis-minimal.nix
{ pkgs ? import <nixpkgs> {}
}:
pkgs.redis.overrideAttrs (old: {
# no need for systemd support in our docker image
makeFlags = old.makeFlags ++ ["USE_SYSTEMD=no"];
# build static binary with musl
preBuild = ''
makeFlagsArray=(PREFIX="$out"
CC="${pkgs.musl.dev}/bin/musl-gcc -static"
CFLAGS="-I${pkgs.musl.dev}/include"
LDFLAGS="-L${pkgs.musl.dev}/lib")
'';
# Let's remove some binaries which we don't need
postInstall = "rm -f $out/bin/redis-{benchmark,check-*,cli}";
})

and

# docker-redis-minimal.nix
{ pkgs ? import <nixpkgs> { system = "x86_64-linux";}
}:
# nixpkgs package set
let
redisMinimal = import ./redis-minimal.nix { inherit pkgs; };
in
pkgs.dockerTools.buildLayeredImage { # helper to build docker image
name = "nix-redis-minimal";        # give docker image a name
tag = "latest";                    # provide a tag
contents = [ redisMinimal ];       # use redisMinimal package
}

leading to this error (tail):

LINK redis-server
/nix/store/9f8y44vmjnwdjvzlff0gm3f3g6ycyyqy-binutils-2.35.1/bin/ld: cannot find -lssl
/nix/store/9f8y44vmjnwdjvzlff0gm3f3g6ycyyqy-binutils-2.35.1/bin/ld: cannot find -lcrypto
collect2: error: ld returned 1 exit status
make[1]: *** [Makefile:302: redis-server] Error 1
make[1]: *** Waiting for unfinished jobs…
make[1]: Leaving directory ‘/build/redis-6.0.10/src’
make: *** [Makefile:6: all] Error 2