I have been using Nix for several months now and have switched my laptop and some servers to Nixos. Recently, I became interested in the resilience of computer systems, and my experience with Nix has led me to believe that Nix, as a configuration language for computers, could be an important solution to this problem. The declarative approach to configuring computers addresses the issue of non-reproducibility, especially in cases of dependency conflicts. In this sense, Nixos-based systems are resilient to dependency conflicts.
However, from what I understand so far, the configuration of a Nixos-based system could still fail if internet resources are inaccessible or if the hardware is unsupported.
Setting aside the hardware issue, which depends on kernel development, and focusing on the problem of internet availability, I have the following questions:
What could be the Nix community’s response to the potential inaccessibility of internet resources (e.g., GitHub) ?
Would making full disk images of various Nixos systems available be one solution ?
Is it possible to breed Nixos images to construct new nixos systems without relying on atomic configurations from internet ?
Some references and inspiration below (feel free to share yours !):
To mitigate this issue, a binary cache has been set up. If the source becomes unavailable, the build output can still be served from the official cache. However, this does not address the root cause. In such cases, we are forced to assume that the source will always remain accessible… and as we all know, assumptions are among the most dangerous things in our field.
You can of course set up your own binary cache, if you need higher availability requirements; there’s self-hosted options like attic, paid options like cachix, etc.
For the sources of included packages, I believe I’m right in thinking that the FOD results end up on cache.nixos.org as well?
Generally, though, I think this resilience issue is something lots of people would like to see progress on. @mifka01 produced Distributed Nix Cache Server with Cachix Compatibility recently, and there have been various thoughts about using bittorrent, IPFS etc. The general concensus is that ca-derivations would be the best/easiest way to go about that; there’s also various issues around how you trust what is retrieved that way.
Takes a bit of care, but if you make sure to keep your system’s build deps in the store, sure, you can git clone the Nixpkgs checkout and then use the old system as a binary cache for all the sources and some of the prebuilt binaries. You might want to install some version of nix-serve but in principle plain Nix is enough to copy stuff around manually.
So I guess I am going to get my hands dirty and set up a local Nix cache server for fun !
A p2p network would seem like a good way to guarantee some resilience, especially if it is part of a p2p network (even better with derivations getting IPFS path as inputs ?).
Is cache over p2p a serious ongoing thing right now ?
I think the sticking point in the past has been the issue of trust in the downloaded build products and how to ensure that. There have been various attempts at dealing with that too - nix-community/trustix is the one that springs to mind. I would say there is a lot of interest both from a resilience PoV, but also in the interests of reducing the costs of hosting cache.nixos.org. Sadly I’m not sure there’s any sustained momentum though. In the past I’ve seen it said that is was logical to wait for ca-derivations to stabilize before doing more work on this, but that also doesn’t seem to be moving at speed.
Personally I think it might be worth playing with partial solutions, even if only to explore all the practical issues more thoroughly. Perhaps within a small relatively closed community first to minimize the trust issues? I did consider doing something relatively mindless like throwing narinfos and mappings to torrent or ipfs hashes into a radicle repository as a quick way to get going. Realistically I suspect one also might need to “subscribe” in advance to a particular closure to make sure it was all available and downloaded at the point in time where it was needed, which would need a little tooling.
Love the tag here, so thanks. I’m also curious about this, as I’d LOVE to build a custom installer for NixBook that has all these packages locally as to not rely on the internet.
Moreover, curious to see how a NixOS installer can include my custom config as well, (along with the packages required by it).
I’ll be honest and say I don’t know exactly how this will work yet. I know you can build an installer (which I’ve started), but don’t understand yet how to customize calamares or set up the binary cache.