proxy70

Title: Local peer to peer binary cache with NixOS and Peerix
Author: Solène
Date: 25 August 2022
Tags: nixos nocloud
Description: This article explains how to use Peerix on NixOS to
download packages from peers on the network.

# Introduction

There is a cool project related to NixOS, called Peerix.  It's a local
daemon exposed as a local substituter (a server providing binary
packages) that will discover other Peerix daemon on the local network,
and use them as a source of binary packages.

Peerix is a simple way to reuse package already installed somewhere on
the network instead of downloading it again.  Packages delivered by
Peerix substituters are signed with a private key, so you need to
import each computer public key before being able to download/use their
packages.  While this can be cumbersome, this also mandatory to prevent
someone on the network to spoof packages.

Perrix should be used wisely, because secrets in your store could be
leaked to others.

Peerix GitHub page

# Generating the keys

First step is to generate a pair of keys for each computer using
Peerix.

In the directory in which you have your configurations files, use the
command:

```
nix-store --generate-binary-cache-key "peerix-$(hostname -s)" peerix-private peerix-public
```

# Setup

I will only cover the flakes installation on NixOS.  Add the files
peerix-private and peerix-public to git as this is a requirement to
flakes.

NOTE: if you find a way to not add the private key to the store, I'll
be glad to hear about your solution!

Add this input in your flake.nix file:

```nix
  peerix = {
    url = "github:cid-chan/peerix";
    inputs.nixpkgs.follows = "nixpkgs";
  };
```

Add "peerix" in the outputs parameters lile:

```nix
outputs = { eslf, nixpkgs, peerix}: {
```

And in the modules list of your configuration, add this:

```
  peerix.nixosModules.peerix
  {
    services.peerix = {
      enable = true;
      package = peerix.packages.x86_64-linux.peerix;
      openFirewall = true; # UDP/12304
      privateKeyFile = ./peerix-private;
      publicKeyFile =  ./peerix-public;
      publicKey = "THE CONTENT OF peerix-public FROM THE OTHER COMPUTER";
      # example # publicKey = "peerix-laptop:1ZjzxYFhzeRMni4CyK2uKHjgo6xy0=";
    };
  }
```

If you have multiple public keys to use, just add them with a space
between each value.

Run "nix flake lock --update-input peerix" and you can now reconfigure
your system.

# How to use

There is nothing special to do, when you update your system, or use
nix-shell, the nix-daemon will use the local Peerix substituter first
which will discover other Peerix instances if any, and will use them
when possible.

You can check the logs of the peerix daemons using "journalctl -f -u
peerix.service" on both systems.

# Conclusion

While Peerix isn't a big project, it has a lot of potential to help
NixOS users with multiple computers to have a more efficient bandwidth
usage, but also build time.  If you build the same project (with same
inputs) on your computers, you can pull the result from the other.