Using NixOS in an isolated environment

Hi! I will work on a scientific base on Kerguelen Islands for a full year from next November. There, internet access is provided through a low-bandwidth VSAT connection and reserved for professional activities, so I won’t be able to use it to install software for my personal projects.

I want to use this constraint as an opportunity to study the use of NixOS in an isolated environment. My goal is to be able to update my configuration, install new software and deploy NixOS machines without relying on an internet access.

What I already know

So far, I know that setting up a local NixOS channel is as easy as getting I can also copy the corresponding binary cache locally by running:

curl -L \
    | xz -d \
    | xargs \
      nix copy --store \
               --to file:///path/to/nixos-19.03/

Now, that works great if I want to install something that is in the binary cache. And here start my questions.

What I want to know

  1. What exactly is included in the binary cache for a full channel, like nixos-19.03?

    On this first question, I know that any variant of a derivation—by updating its compile flags for instance—is not included. However, its source is cached so I can build it, so it’s not an issue.

  2. For what is not included, are the sources cached?

    If a source is cached, I can build it in an isolated environment, so that’s great.

  3. How can I cache the full set of sources?

    This would permit to install anything that is referenced in nixpkgs, which would be pretty neat. However, I don’t know if it is possible, and how much space it would require.

  4. What about the different architectures?

    How are managed the different architectures, like x86_64 vs aarch64? I would like to be able to setup aarch64 machines too if I want.

Any insight on these subjects is well appreciated :slight_smile:


I would be really interested in how big that cache would be (without sources and with sources).

The sources are also just derivations and as such they are also cached. One possible starting point could be to write a nix functions that walks over all derivations/attributes in the package set and and extracts src.outPath from each of them. You can then create a list and feed that to your nix copy solution above. However, this might miss some fetch* statements that are not directly placed as src attributes.

Another possibility may also be to generate a list of package that nixpkgs contain, and then, for each package, evaluate the package (without compiling, with readonly), with a modified fetchurl function that output the source and the hash of the url. You can then fetch these path with a script.

I’ve finished simple Nix copies for nixos-19.03-small and nixos-19.03, the sizes are here, showing it is not that big:

NAME                                    REFER  COMPRESS  RATIO
helios/test/cache                       1,11M       lz4  1.01x
helios/test/cache/nixos-19.03           71,0G       lz4  1.01x
helios/test/cache/nixos-19.03-small      572M       lz4  1.02x

However, I don’t know (yet) the proportion of what is not included.

@tilpner sent me some scripts on, and notably this repository. I’ll dig into it, maybe there are some interesting things there.

:open_mouth: 71 GB sounds pretty small but those are then all xz compressed nar files. Looking at the output paths this looks like it is only final build products but no sources (which should be sufficient to install packages on a running system?).