Title: Local peer to peer binary cache with NixOS and Peerix
       Author: Solène
       Date: 25 August 2022
       Tags: nixos nocloud
       Description: This article explains how to use Peerix on NixOS to
       download packages from peers on the network.
       
       # Introduction
       
       There is a cool project related to NixOS, called Peerix.  It's a local
       daemon exposed as a local substituter (a server providing binary
       packages) that will discover other Peerix daemon on the local network,
       and use them as a source of binary packages.
       
       Peerix is a simple way to reuse package already installed somewhere on
       the network instead of downloading it again.  Packages delivered by
       Peerix substituters are signed with a private key, so you need to
       import each computer public key before being able to download/use their
       packages.  While this can be cumbersome, this also mandatory to prevent
       someone on the network to spoof packages.
       
       Perrix should be used wisely, because secrets in your store could be
       leaked to others.
       
 (HTM) Peerix GitHub page
       
       # Generating the keys
       
       First step is to generate a pair of keys for each computer using
       Peerix.
       
       In the directory in which you have your configurations files, use the
       command:
       
       ```
       nix-store --generate-binary-cache-key "peerix-$(hostname -s)" peerix-private peerix-public
       ```
       
       # Setup
       
       I will only cover the flakes installation on NixOS.  Add the files
       peerix-private and peerix-public to git as this is a requirement to
       flakes.
       
       NOTE: if you find a way to not add the private key to the store, I'll
       be glad to hear about your solution!
       
       Add this input in your flake.nix file:
       
       ```nix
         peerix = {
           url = "github:cid-chan/peerix";
           inputs.nixpkgs.follows = "nixpkgs";
         };
       ```
       
       Add "peerix" in the outputs parameters lile:
       
       ```nix
       outputs = { eslf, nixpkgs, peerix}: {
       ```
       
       And in the modules list of your configuration, add this:
       
       ```
         peerix.nixosModules.peerix
         {
           services.peerix = {
             enable = true;
             package = peerix.packages.x86_64-linux.peerix;
             openFirewall = true; # UDP/12304
             privateKeyFile = ./peerix-private;
             publicKeyFile =  ./peerix-public;
             publicKey = "THE CONTENT OF peerix-public FROM THE OTHER COMPUTER";
             # example # publicKey = "peerix-laptop:1ZjzxYFhzeRMni4CyK2uKHjgo6xy0=";
           };
         }
       ```
       
       If you have multiple public keys to use, just add them with a space
       between each value.
       
       Run "nix flake lock --update-input peerix" and you can now reconfigure
       your system.
       
       # How to use
       
       There is nothing special to do, when you update your system, or use
       nix-shell, the nix-daemon will use the local Peerix substituter first
       which will discover other Peerix instances if any, and will use them
       when possible.
       
       You can check the logs of the peerix daemons using "journalctl -f -u
       peerix.service" on both systems.
       
       # Conclusion
       
       While Peerix isn't a big project, it has a lot of potential to help
       NixOS users with multiple computers to have a more efficient bandwidth
       usage, but also build time.  If you build the same project (with same
       inputs) on your computers, you can pull the result from the other.