mirror of https://github.com/zhaofengli/attic.git synced 2024-12-14 11:57:30 +00:00

Multi-tenant Nix Binary Cache

Find a file

Zhaofeng Li 880ca6d477 Merge pull request #181 from zhaofengli/hs256-allow-arbitrary-byte-string token: Don't require valid UTF-8 for HS256 secrets		2024-10-06 12:29:24 -06:00
.cargo	.cargo: Rename config to config.toml	2024-09-02 14:07:37 -04:00
.ci	Build and push multi-arch images	2024-09-11 09:59:49 -04:00
.github	.github: Update deps	2024-09-11 09:59:49 -04:00
attic	Merge branch 'main' into HEAD	2024-10-05 11:50:16 -06:00
book	book: update nixos config example	2023-11-12 11:19:34 -08:00
client	client/push: Use PushSession for --stdin	2024-10-04 13:18:15 -06:00
flake	flake: Follow package Nix version in dev shell	2024-09-11 11:10:46 -04:00
integration-tests	Merge branch 'main' into HEAD	2024-10-05 11:50:16 -06:00
nixos	Merge branch 'main' into HEAD	2024-10-05 11:50:16 -06:00
server	server/config: Fail fast on token decoding errors	2024-10-06 11:19:03 -06:00
token	token: Don't require valid UTF-8 for HS256 secrets	2024-10-06 11:19:03 -06:00
.editorconfig	.editorconfig: Fix indentation	2024-06-01 13:47:27 -06:00
.envrc	Initial public commit	2022-12-31 17:01:07 -07:00
.gitattributes	book: Add vendored highlight.js with Nix syntax	2023-01-29 17:23:59 -07:00
.gitignore	Initial public commit	2022-12-31 17:01:07 -07:00
Cargo.lock	Merge branch 'main' into HEAD	2024-10-05 11:50:16 -06:00
Cargo.toml	Cargo.toml: set resolver = 2	2023-12-18 09:28:43 -07:00
ci-installer.nix	ci-installer: Remove drvPath from fake derivation	2024-07-09 07:56:03 -04:00
crane.nix	flake: Follow package Nix version in dev shell	2024-09-11 11:10:46 -04:00
default.nix	Initial public commit	2022-12-31 17:01:07 -07:00
flake-compat.nix	Initial public commit	2022-12-31 17:01:07 -07:00
flake.lock	flake.lock: Update nixpkgs	2024-09-11 11:10:46 -04:00
flake.nix	flake: Remove flake-utils	2024-09-08 12:44:22 -04:00
garnix.yaml	Add garnix config	2023-01-06 00:59:38 -07:00
justfile	Build and push multi-arch images	2024-09-11 09:59:49 -04:00
LICENSE	Initial public commit	2022-12-31 17:01:07 -07:00
package.nix	Fix build on Nix 2.19+	2024-03-29 11:59:20 -06:00
README.md	Fix typo in readme	2023-01-23 18:16:37 +01:00
shell.nix	Initial public commit	2022-12-31 17:01:07 -07:00

README.md

Attic

Attic is a self-hostable Nix Binary Cache server backed by an S3-compatible storage provider. It has support for global deduplication and garbage collection.

Attic is an early prototype.

⚙️ Pushing 5 paths to "demo" on "local" (566 already cached, 2001 in upstream)...
✅ gnvi1x7r8kl3clzx0d266wi82fgyzidv-steam-run-fhs (29.69 MiB/s)
✅ rw7bx7ak2p02ljm3z4hhpkjlr8rzg6xz-steam-fhs (30.56 MiB/s)
✅ y92f9y7qhkpcvrqhzvf6k40j6iaxddq8-0p36ammvgyr55q9w75845kw4fw1c65ln-source (19.96 MiB/s)
🕒 vscode-1.74.2        ███████████████████████████████████████  345.66 MiB (41.32 MiB/s)
🕓 zoom-5.12.9.367      ███████████████████████████              329.36 MiB (39.47 MiB/s)

Try it out (15 minutes)

Let's spin up Attic in just 15 minutes. And yes, it works on macOS too!

Goals

Multi-Tenancy: Create a private cache for yourself, and one for friends and co-workers. Tenants are mutually untrusting and cannot pollute the views of other caches.
Global Deduplication: Individual caches (tenants) are simply restricted views of the content-addressed NAR Store and Chunk Store. When paths are uploaded, a mapping is created to grant the local cache access to the global NAR.
Managed Signing: Signing is done on-the-fly by the server when store paths are fetched. The user pushing store paths does not have access to the signing key.
Scalabilty: Attic can be easily replicated. It's designed to be deployed to serverless platforms like fly.io but also works nicely in a single-machine setup.
Garbage Collection: Unused store paths can be garbage-collected in an LRU manner.

Licensing

Attic is available under the Apache License, Version 2.0. See LICENSE for details.

By contributing to the project, you agree to license your work under the aforementioned license.