Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a way to restrict substituters for a derivation and its CA realisations #11947

Open
2 tasks done
pwaller opened this issue Nov 24, 2024 · 0 comments
Open
2 tasks done

Add a way to restrict substituters for a derivation and its CA realisations #11947

pwaller opened this issue Nov 24, 2024 · 0 comments
Labels
feature Feature request or proposal

Comments

@pwaller
Copy link
Contributor

pwaller commented Nov 24, 2024

Is your feature request related to a problem?

I have a private build cache, and a large number of content addressed builds (tens of thousands, which are updated regularly).

Currently, when substituting, all of these private derivations get their realisation/doi files looked up on the public cache, which is time consuming and a waste of resources.

Proposed solution

Feature request: Add disallowedSubstituters = [ "https://cache.nixos.org" ] or similar to the derivations, or have a notion of private/public derivations and public/private substituters.

Somehow, I need to avoid substituting these private derivations from the public cache. It would be good if I could mark these derivations in some way which would prevent it from querying cache.nixos.org, whilst still querying the private cache. I'm not sure if it would be better to 'ban' the public cache, or 'allow only' the private cache. The latter would probably be safer but less flexible from a configuration standpoint: if we know it's not on the public cache (but it may be in 'some' private cache) it might be better to ban that.

Alternative solutions

Currently I have configured my local nix to not have cache.nixos.org in the set of substituters. However, this means that standard usage of nix breaks, so is not a scalable approach if less experienced users are to make use of these private derivations. It is still useful sometimes to be able to use the public substituters alongside these private derivations within one nix invocation.

I have also tried setting nixConfig.substituters = ""; to remove the default substituters in the flake. This sort of works, but then currently makes it not possible to re-add the public substituter if you need it for something (it appears even --extra-substituters is currently ignored by nix in this scenario).

Checklist

Add 👍 to issues you find important.
@pwaller pwaller added the feature Feature request or proposal label Nov 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature Feature request or proposal
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pwaller