I’m trying to use nix-serve to share binary caches from my personal macbook pro to my work macbook pro as I’m seeing an opendns problem on my work machine for one dependency.
So I’ve done on macbook 1:
% nix-store --generate-binary-cache-key ./.nix-cache-key.sec ./.nix-cache-key.pub
% chmod a+r ./nix-cache-key.sec
% NIX_SECRET_KEY_FILE=./nix-cache-key.sec nix run github:edolstra/nix-serve -- --listen :5001
On macbook 2 - updated /etc/nix/nix.conf
substituters = http://macbook-pro.local:5001 https://cache.nixos.org/
trusted-public-keys = macbook-pro.local-1:fKYXWeTeezaCu7g8EbOgpNqWtwhoQSg8ULiRxo6Odoo= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
build-users-group = nixbld
- restarted the nix daemon:
sudo -i sh -c 'launchctl stop org.nixos.nix-daemon && launchctl start org.nixos.nix-daemon'
- then run
nix store verify --store http://macbook-pro.local:5001 --trusted-public-keys 'macbook-pro.local-1:fKYXWeTeezaCu7g8EbOgpNqWtwhoQSg8ULiRxo6Odoo=' /nix/store/vdfmplgrw8x0ll3r3i2z7qdxv3prk2rm-visual-fill-column-recipe
path '/nix/store/vdfmplgrw8x0ll3r3i2z7qdxv3prk2rm-visual-fill-column-recipe' was modified! expected hash 'sha256:09985d7cqswiqypxz28kr6lly27nakr71fdqa9ri7q2qn0q03igc', got 'sha256:0mdqa9w1p6cmli6976v4wi0sw9r4p5prkj7lzfd1877wk11c9c73'
But then when I run home-manager’s switch I get:
...
warning: the substitute for '/nix/store/vdfmplgrw8x0ll3r3i2z7qdxv3prk2rm-visual-fill-column-recipe' from 'http://macbook-pro.local:5001' is not signed by any of the keys in 'trusted-public-keys'
...
What have I missed? Do I need signing?
Using something like peerix would be great, but there’s minimal detail on how to set that up.
macbook pro 1 info
nix-shell -p nix-info --run "nix-info -m"
- system: `"x86_64-darwin"`
- host os: `Darwin 21.4.0, macOS 10.16`
- multi-user?: `no`
- sandbox: `no`
- version: `nix-env (Nix) 2.8.0`
- channels(root): `"nixpkgs"`
- nixpkgs: `/Users/ldeck/.nix-defexpr/channels/nixpkgs`
macbook pro 2 info
nix-shell -p nix-info --run "nix-info -m"
- system: `"x86_64-darwin"`
- host os: `Darwin 21.4.0, macOS 10.16`
- multi-user?: `yes`
- sandbox: `no`
- version: `nix-env (Nix) 2.8.0`
- channels(root): `"nixpkgs"`
- nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixpkgs`