Cache Architecture
GloriousFlywheel uses a multi-layer caching strategy for Nix derivations and
Bazel actions. This page describes the intended architecture and current
internal contract; where older implementation names existed, the current
authority is the nix-cache service family on honey.
Architecture Diagram
Components
| Component | Purpose | Current shape | Scaling |
|---|---|---|---|
| Attic API Server | Nix binary cache HTTP API | single-cluster service on honey |
bounded by current deployment |
| Attic GC Worker | Garbage collection | one worker | fixed |
| Bazel Remote Cache | Bazel action/CAS cache | RustFS/S3-backed service with local hot cache | bounded by current deployment |
| RustFS / S3-compatible storage | object storage backing the Attic family | storage-biased deployment on bumble |
manual |
| PostgreSQL metadata | Attic metadata database | single-node stateful service family | manual |
Data Flow
Nix Cache Push
nix buildproduces derivation in/nix/storeattic watch-storedaemon streams new paths to Attic (incremental)- At build end,
attic pushsends final closure (belt-and-suspenders) - Attic chunks and compresses NARs
- Chunks are stored in the S3-compatible storage plane, metadata in PostgreSQL
Bazel Cache Push/Pull
- Bazel clients talk to
grpc://bazel-cache.nix-cache.svc.cluster.local:9092from shared runner lanes. bazel-remotekeeps a pod-local/datahot cache for fast repeated reads.- Misses and uploads are persisted through the
bazel-cachebucket on the OpenEBS-backedattic-rustfs-openebsRustFS service. - The public
fuzzy-devHTTP cache hostname is not part of the current contract.
Nix Cache Pull
nix buildchecks substituters in order- Attic responds to
/nix-cache-infoand narinfo queries - Matching paths served from the S3-compatible storage plane via Attic API
- Nix validates against trusted public keys
Bazel Cache
just cache-contract-strictproves the shared cache attachment contractjust bazel-build-cachedpasses the real endpoint to Bazel and checks remote cache for action results- Cache hits: download minimal outputs (
--remote_download_minimal) - Cache misses: build locally, upload results async (
--experimental_remote_cache_async) - Storage: the Bazel cache service’s configured backing store with bounded retention
Retention & Cleanup
| Storage | Retention | Mechanism |
|---|---|---|
| NAR files | 90 days | S3-compatible lifecycle policy |
| Chunk files | 90 days | S3-compatible lifecycle policy |
| Attic metadata | 3 months | GC worker (12h cycle) |
| Bazel cache | 100 GB max | LRU eviction |
Network Endpoints
| Service | Internal Address | External / operator path |
|---|---|---|
| Attic API | http://attic.nix-cache.svc.cluster.local |
https://nix-cache.tinyland.dev for internal human/API use |
| Attic Nix substituter | same service family | https://nix-cache.tinyland.dev/main |
| Bazel Cache (gRPC) | grpc://bazel-cache.nix-cache.svc.cluster.local:9092 |
no stable general-consumer external endpoint promised |
| S3-compatible storage | not user-facing | not exposed |
| PostgreSQL metadata | not user-facing | not exposed |