Releases: Mic92/niks3
Releases · Mic92/niks3
v1.6.1
What's Changed
- Fix the architecture of niks3 binary in the docker image by @pranaysashank in #403
- fix: upload small NARs with a single PUT to avoid API throttling by @stepbrobd in #402
New Contributors
- @pranaysashank made their first contribution in #403
- @stepbrobd made their first contribution in #402
Full Changelog: v1.6.0...v1.6.1
Contributors
pranaysashank and stepbrobd
Assets 7
v1.6.0
What's Changed
- feat: mTLS client certificate authentication by @Mic92 in #381
- server: support uploading filenames containing .. by @Enzime in #388
- server: accept +, ?, = in upload key validation by @Mic92 in #390
- client: scale multipart part size with NAR size by @Mic92 in #391
New Contributors
Full Changelog: v1.5.0...v1.6.0
Contributors
Mic92 and Enzime
Assets 7
v1.5.0
Highlights
Hook & upload daemon
- Post-build-hook + Unix socket daemon for automatic per-derivation uploads (#249, @philiptaron)
- mTLS support for
niks3-hook serve(#325, @mannp) - Faster NAR serializer (#371)
- Lower memory use during large uploads (#370 @wezzle, #372)
- Handle HTTP 201 on log/NAR uploads (#289, @uninsane)
GitHub Actions integration
- New
Mic92/niks3-actionwraps the full lifecycle: configures the substituter, registers apost-build-hookso each derivation is uploaded as soon as it's built, drains the queue in a post-job step. Intermediate derivations are cached even when the build fails. - New
/api/cache-configendpoint returns substituter URL, public keys, and OIDC audience for a given issuer — workflows only need aserver-url(#375) - New
--auth-token-scriptflag runs a script to fetch a fresh token on demand, for short-lived credentials like OIDC (#376) --auth-tokendeprecated — the value is visible in/procand shell history- The drain loop no longer has a per-batch timeout; the supervisor's shutdown budget (systemd or CI) is the only bound (#375)
Server
- Garbage collection now runs as a tracked background task with progress polling and final object-count reconciliation (#312)
- Validate object keys on upload paths (#373)
- Server hardening: request body limits, additional input validation (#374)
- Read proxy: handle narinfo already decompressed by upstream proxies (#311)
Docker
- Embed the niks3 client binary in the docker image (#344, @cterence)
- Build only the native arch on darwin (#378), drop intermediate per-arch compression to avoid OOM (#377)
- Remove the cleanup job that broke multi-arch tags (#315–#317)
New Contributors
Full Changelog: v1.4.0...v1.5.0
Contributors
philiptaron, wezzle, and 3 other contributors
Assets 7
v1.4.0
What's Changed
- server: add optional S3 read proxy for private buckets by @Mic92 in #235
- Lix path info support by @philiptaron in #247
New Contributors
- @philiptaron made their first contribution in #247
Full Changelog: v1.3.0...v1.4.0
Contributors
philiptaron and Mic92
Assets 7
v1.3.0
What's Changed
Features
- server: Add adaptive rate limiting for S3 requests. Starts disabled, enables on first 429/throttle, backs off CUBIC-style, recovers gradually (new
--s3-rate-limitflag) by @Mic92 in #211 - server: Return 429 with
Retry-Afterheader on S3 rate limit errors instead of 500 by @Mic92 in #212 - client: Add adaptive rate limiting for S3 and server requests by @Mic92 in #231
- Concurrent pending multipart deletion by @Mic92 in #197
Bug Fixes
- server: Fix rate limiter not adapting when
handleS3Errorreceives throttle responses by @Mic92 in #216 - release/docker: Fix uploaded containers by using regctl to push multi-arch images to ghcr.io by @Mic92 in #233
Build & Packaging
New Contributors
Contributors
Mic92 and zowoq
Assets 7
v1.2.0
Contributors
Mic92
Assets 7
v1.1.1
What's Changed
Full Changelog: v1.1.0...v1.1.1
Contributors
mnixry
Assets 7
v1.1.0
What's Changed
- cli: add default XDG path for auth token by @Mic92 in #143
- Auth tokens can now be stored at
$XDG_CONFIG_HOME/niks3/auth-token(defaults to~/.config/niks3/auth-token) without needing to set theNIKS3_AUTH_TOKEN_FILEenvironment variable
- Auth tokens can now be stored at
- Add niks3-docker package to flake-module and create its definition by @mnixry in #140
- Enables deployment in environments without a full Nix installation (Kubernetes, NAS systems, standard container hosts)
- feat: add support for OIDC by @zimbatm in #135
- Enables credential-free authentication in GitHub Actions runners (fixes #85)
- add go-releaser configuration by @Mic92 in #149
- Automates cross-platform binary releases
New Contributors
Full Changelog: v1.0.0...v1.1.0
Contributors
zimbatm, Mic92, and mnixry
Assets 7
v1.0.0
After over a month of testing on https://cache.clan.lol and now also on https://cache.numtide.com,
I am happy to announce niks3 version 1.0.0