Skip to content

feat(nix): add Cachix binary cache to CI#1237

Open
max-miller1204 wants to merge 1 commit intocjpais:mainfrom
max-miller1204:feat/cachix-cache
Open

feat(nix): add Cachix binary cache to CI#1237
max-miller1204 wants to merge 1 commit intocjpais:mainfrom
max-miller1204:feat/cachix-cache

Conversation

@max-miller1204
Copy link
Copy Markdown

@max-miller1204 max-miller1204 commented Apr 6, 2026

Summary

  • Replace magic-nix-cache-action (GitHub-local cache only) with cachix/cachix-action so build artifacts are pushed to a public Cachix binary cache
  • Nix users can then pull pre-built binaries instead of compiling from source (~25 min build)

Setup required

  1. Create the cache: cachix create handy
  2. Generate an auth token at https://app.cachix.org and add it as CACHIX_AUTH_TOKEN in the repo's GitHub Actions secrets
  3. Once the cache exists, users add the substituter to their Nix config: 
    nix.settings = {
  substituters = [ "https://handy.cachix.org" ];
  trusted-public-keys = [ "handy.cachix.org-1:<key from cachix create output>" ];
};

The NixOS module (programs.handy) could also auto-add the substituter — happy to add that in a follow-up once the cache is created and the public key is known.

@max-miller1204
feat(nix): add Cachix binary cache to CI
2339d96 
Replace magic-nix-cache (GitHub-local only) with cachix-action so build
artifacts are pushed to a public binary cache. Nix users can then pull
pre-built binaries instead of compiling from source (~25 min).

Requires repo owner to:
1. Create the cache: cachix create handy
2. Add CACHIX_AUTH_TOKEN to GitHub repo secrets
@cjpais
Copy link
Copy Markdown
Owner

cjpais commented Apr 7, 2026

@y0usaf @VirenMohindra @yuxqiu @xilec @kakapt

@xilec
Copy link
Copy Markdown
Contributor

xilec commented Apr 7, 2026

LGTM! This would significantly reduce build times for Nix users — no more ~25 min compilations from source. I'm sure all Nix users will appreciate this.

One note: @cjpais, this PR requires setup on your side before merging:

  1. cachix create handy — this will also generate the public key
  2. Add the auth token as CACHIX_AUTH_TOKEN in repo secrets

Once the cache is created, it would be great to add the substituter config with the public key to README.md so Nix users know how to enable it:

nix.settings = {
  substituters = [ "https://handy.cachix.org" ];
  trusted-public-keys = [ "handy.cachix.org-1:<public key from step 1>" ];
};

@cjpais
Copy link
Copy Markdown
Owner

cjpais commented Apr 7, 2026
edited
Loading

I see. I didn't realize this is a paid hosting provider. I suspect the 5GB free tier might not be enough, anyone want to get me credits or a free plan? Happy to add them as a sponsor potentially.

@xilec
Copy link
Copy Markdown
Contributor

xilec commented Apr 7, 2026

@cjpais The free 5GB tier should be more than enough. Here's why:

Cachix doesn't store one big blob — it caches each dependency separately. When a user downloads handy, Cachix only serves the pieces that aren't already available from the default Nix package mirror (cache.nixos.org). Most dependencies (gtk, pipewire, etc.) are already there.

So in practice, Cachix only needs to store handy itself (~67MB) and a few project-specific build artifacts. That's roughly 100-200MB per version — well within the 5GB free tier even with several versions cached. Old versions can be cleaned up with cachix trim.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@max-miller1204 @cjpais @xilec