Caching in Nixery
This page gives a quick overview over the caching done by Nixery. All cache data is written to Nixery's storage bucket and is based on deterministic identifiers or content-addressing, meaning that cache entries under the same key never change.
Manifests
Manifests of builds are cached at $BUCKET/manifests/$KEY. The effect of this
cache is that multiple instances of Nixery do not need to rebuild the same
manifest from scratch.
Since the manifest cache is populated only after layers are uploaded, Nixery can immediately return the manifest to its clients without needing to check whether layers have been uploaded already.
$KEY is generated by creating a SHA1 hash of the requested content of a
manifest plus the package source specification.
Manifests are only cached if the package source specification is not a moving target.
Manifest caching only applies in the following cases:
- package source specification is a specific git commit
- package source specification is a specific NixOS/nixpkgs commit
Manifest caching never applies in the following cases:
- package source specification is a local file path (i.e.
NIXERY_PKGS_PATH) - package source specification is a NixOS channel (e.g.
NIXERY_CHANNEL=nixos-20.09) - package source specification is a git branch or tag (e.g.
staging,masterorlatest)
It is thus always preferable to request images from a fully-pinned package source.
Manifests can be removed from the manifest cache without negative consequences.
Layer tarballs
Layer tarballs are the files that Nixery clients retrieve from the storage bucket to download an image.
They are stored content-addressably at $BUCKET/layers/$SHA256HASH and layer
requests sent to Nixery will redirect directly to this storage location.
The effect of this cache is that Nixery does not need to upload identical layers repeatedly. When Nixery notices that a layer already exists in GCS it will skip uploading this layer.
Removing layers from the cache is potentially problematic if there are cached manifests or layer builds referencing those layers.
To clean up layers, a user must ensure that no other cached resources still reference these layers.
Layer builds
Layer builds are cached at $BUCKET/builds/$HASH, where $HASH is a SHA1 of
the Nix store paths included in the layer.
The content of the cached entries is a JSON-object that contains the SHA256 hashes and sizes of the built layer.
The effect of this cache is that different instances of Nixery will not build, hash and upload layers that have identical contents across different instances.
Layer builds can be removed from the cache without negative consequences.