Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Cache Options

Options for services.nixfleet-cache-server and services.nixfleet-cache. Both modules are auto-included by mkHost and disabled by default.

The cache server uses harmonia, which serves paths directly from the local Nix store over HTTP. No separate storage backend, database, or push protocol is needed.

services.nixfleet-cache-server

OptionTypeDefaultDescription
enableboolfalseEnable the NixFleet binary cache server (harmonia).
portport5000Port to listen on.
openFirewallboolfalseOpen the cache server port in the firewall.
signingKeyFilestr- (required)Path to the Nix signing key file for on-the-fly signing. Must be readable by the harmonia user (set age.secrets.<name>.owner = "harmonia" with agenix, or sops.secrets.<name>.owner = "harmonia" with sops-nix). Example: "/run/secrets/cache-signing-key".

services.nixfleet-cache

OptionTypeDefaultDescription
enableboolfalseEnable the NixFleet binary cache client.
cacheUrlstr- (required)URL of the binary cache server. Example: "https://cache.fleet.example.com".
publicKeystr- (required)Cache signing public key in name:base64 format. Example: "cache.fleet.example.com:AAAA...=".

Systemd service (server)

SettingValue
Unitnixfleet-cache-server.service
WantedBymulti-user.target
Afternetwork-online.target, nix-daemon.service
Restartalways (10s delay)
NoNewPrivilegestrue
ProtectHometrue
PrivateTmptrue
PrivateDevicestrue
ProtectKernelTunablestrue
ProtectKernelModulestrue
ProtectControlGroupstrue

Harmonia is stateless - it serves directly from the local Nix store. No state directory or persistence configuration is needed.

Using a different cache backend

Fleet repos that need Attic, Cachix, or another cache backend can add them as their own flake input and configure them via plain NixOS modules. The --push-hook CLI flag supports custom push commands for any backend.