Introduction
Stowix is a universal artifact registry — a single platform for storing, serving, and securing build artifacts across every package ecosystem your team uses.
What is Stowix?
Stowix hosts artifact repositories for:
- Nix binary caches — store and serve Nix store paths so machines build from cache instead of from source
- Debian / APT repositories — distribute
.debpackages with automatic index generation - Raw blob storage — store any file or directory with exact path control and parallel uploads
- Docker registries — push and pull container images (coming soon)
A single organization can run multiple repositories of different types, all under one access control model.
How Access Works
Stowix uses a group-based permission system. Every repository operation requires a valid API token carrying the right scope. Scopes are assigned to groups, and accounts inherit permissions from the groups they belong to.
There are three account types:
- Member accounts — human users authenticating via OAuth or email/password
- Device accounts — machine identities tied to a specific host (e.g., a NixOS workstation)
- Service accounts — role-based identities for CI/CD pipelines and automation
Read more in Account Types.
The stowix CLI
The stowix CLI is the primary tool for pushing artifacts to Stowix repositories:
| Command | Purpose |
|---|---|
stowix nix push | Upload Nix store paths and their closures |
stowix deb push | Upload |
stowix blob push | Upload files or directories to blob storage |
All commands authenticate via --token or the STOWIX_TOKEN environment variable.
Where to Start
- Setting up access control → Account Types, Scopes
- Creating API tokens → User Tokens, Machine Account Tokens
- Pushing artifacts → Nix, Debian, Raw Blobs