This provides a binary cache for nix machines, so they dont have to recompile everything themselves.

The cache host (ereshkigal, the only host with tsunaminoai.nix.isCache = true) runs nix-serve on port 11111 behind nginx, published at <hostname>.<tailscaleDomain> (the domain defaults to armadillo-banfish.ts.net). Builders push signed paths over SSH (nix.sshServe.write = true), and a post-build-hook queue uploads newly built paths to the cache automatically. On the cache host keep-outputs and keep-derivations are both enabled.

Garbage collection#

The cache keeps outputs and derivations in the store, but this can still be garbage collected. if theres something that take a long time to build, you can pin it:

In this example a host’s full system closure takes a long time to build but rarely changes. As infrequently as octopi updates, the artefact gets removed during collection and we want to prevent that.

# Build the toplevel and pin it as a GC root in one step (matches scripts/cache-build-gcroots.fish)
nh os build .# -H octopi --no-nom --out-link gcroots/octopi-system

Alternatively, fetch the output path and create a GC root by hand. Note that keep-outputs/keep-derivations is only set on the cache host, so pin the realised output path rather than the .drv if you want the built result preserved elsewhere:

# Get the output path for GC root creation
set -x OCTOPI_OUT (nix path-info .#nixosConfigurations.octopi.config.system.build.toplevel)

# The per-user gcroots dir is created by the nix daemon at install time and is
# writable by its owner, so the owning user can create the symlink without root.
ln -s "$OCTOPI_OUT" /nix/var/nix/gcroots/per-user/$USER/octopi-system