In this how-to I will explain how to configure two Guix system to share packages from one to another. The idea is that most of the time packages are downloaded from ci.guix.gnu.org but sometimes you can compile local packages too, in both case you will certainly prefer computers from your network to get the same packages from a computer that already had them to save some bandwidth. This is quite easy to achieve in Guix.
We need at least two Guix systems, I'll name the one with the package "server" and the system that will install packages the "client".
Prepare the server §
On the server, edit your /etc/config.scm file and add this service:
(service guix-publish-service-type (guix-publish-configuration (host "0.0.0.0") (port 8080) (advertise? #t))))
Run "guix archive --generate-key" as root to create a public key and then reconfigure the system. Your system is now publishing packages on port 8080 and advertising it with mDNS (involving avahi).
Your port 8080 should be reachable now with a link to a public key.
Prepare the client §
On the client, edit your /etc/config.scm file and modify the "%desktop-services" or "%base-services" if any.
(guix-service-type config => (guix-configuration (inherit config) (discover? #t) (authorized-keys (append (list (local-file "/etc/key.pub")) %default-authorized-guix-keys)))))))
Download the public key from the server (visiting its ip on port 8080 you will get a link) and store it in "/etc/key.pub", reconfigure your system.
Now, when you install a package, you should see from where the substitution (name for packages) are downloaded from.
Declaring a repository (not dynamic) §
In the previous example, we are using advertising on the server and discovery on the client, this may not be desired and won't work from a different network.
You can manually register a remote substitute server instead of using discovery by using "substitute-urls" like this:
(guix-service-type config => (guix-configuration (inherit config) (discover? #t) (substitute-urls (append (list "http://192.168.1.66:8080") %default-substitute-urls)) (authorized-keys (append (list (local-file "/etc/key.pub")) %default-authorized-guix-keys)))))))
I'm doing my best to avoid wasting bandwidth and resources in general, I really like this feature because this doesn't require much configuration or infrastructure and work in a sort of peer-to-peer.
Other projects like Debian prefer using a proxy that keep in cache the packages downloaded and act as a repository provider itself to proxyfi the service.
In case of doubts of the validity of the substitutions provided by an url, the challenge feature can be used to check if reproducible builds done locally match the packages provided by a source.