search

cid-chan / peerix

Peer2Peer Nix-Binary-Cache
GNU General Public License v3.0
139 stars 13 forks source link

Peerix substituters are ignored because of missing trusted public key #15

Closed rapenne-s closed 2 years ago

rapenne-s commented 2 years ago

I'm currently writing a guide explaining how to setup peerix, but I first need to get it working for me :sweat_smile:

I have peerix correctly installed on two nixos, service are running, I generated the keys on both using nix-store --generate-binary-cache-key $machine_name peerix-private peerix-public.

On computer B, I added computer A public key as services.peerix.publicKey. I switched to the new configuration, the key is definitely in /etc/nix/nix.conf.

When on B I tried to use packages found in A, I have this error:

warning: ignoring substitute for '/nix/store/qh84nk49gxhmf0gr5g5rjpxvn9li1ic5-libiec61883-1.2.0' from 'http://127.0.0.1:12304', as it's not signed by any of the keys in 'trusted-public-keys'

Everything looks fine to me :thinking:

Here is my flake.nix file enabling peerix

            peerix.nixosModules.peerix
            {
              services.peerix = {
                package = peerix.packages.x86_64-linux.peerix;
                enable = true;
                openFirewall = true;
                privateKeyFile = ./peerix-private;
                publicKeyFile =  ./peerix-public;
                publicKey = "t470:uMRQTGoQNSnGOmok7OKPEgliBlut6lQaBVT2NUIzEi0=";
              };
            }
rapenne-s commented 2 years ago

I didn't use the publicKey at first, I solved my issue by setting a globalCacheTTL of 10s to invalidate the cache. It's now working.