From a615bb8897482be814383a591aed1815e5f2c6a3 Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Wed, 30 Apr 2025 19:01:55 +0200 Subject: [PATCH] nix-serve: setup binarycache --- modules/nixos/submodules/basics/default.nix | 3 +++ secrets/secrets-loptland.yaml | 7 ++++-- systems/x86_64-linux/loptland/default.nix | 24 ++++++++++++++------- 3 files changed, 24 insertions(+), 10 deletions(-) diff --git a/modules/nixos/submodules/basics/default.nix b/modules/nixos/submodules/basics/default.nix index 57a32f8..514b4cc 100644 --- a/modules/nixos/submodules/basics/default.nix +++ b/modules/nixos/submodules/basics/default.nix @@ -42,6 +42,9 @@ in "https://nix-community.cachix.org" = { key = "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="; }; + "https://nixcache.christophhollizeck.dev" = { + key = "christophhollizeck.dev:7pPAvm9xqFQB8FDApVNL6Tii1Jsv+Sj/LjEIkdeGhbA="; + }; }; }; diff --git a/secrets/secrets-loptland.yaml b/secrets/secrets-loptland.yaml index 3fe852a..2268cd5 100644 --- a/secrets/secrets-loptland.yaml +++ b/secrets/secrets-loptland.yaml @@ -15,6 +15,9 @@ netcup: api: key: ENC[AES256_GCM,data:eYTKtJSSXmZfkRjlj65OHi99mpD3Iom8dPc8v34pwJIQSBbxVaqdgb7Gqzhse1c9L+U=,iv:9gmsBwlJ+NQIGY5NBA6Fi/1EQium2pcfQkF7x/fHyFU=,tag:v25eeqT6/WEMG9za7LVWAg==,type:str] password: ENC[AES256_GCM,data:VTW4XGDg19AbE4EM6kS0u89Sz6718vHXvZZmQlkhGJe/4/LQJHmF1FetAClxkLZ9Za0=,iv:sWHvjHEsMXBbtFmkEdAOeSlQ6VTabRJ28kH3iP3GDaY=,tag:5k6NXFXwXHorUGKe+sAbbg==,type:str] +hydra: + cachix: + token: ENC[AES256_GCM,data:FqlJMfw7d1VfWhC+vI4SEMWzzADXK/np33fCsihq3wgC6nWNeTurNn1vDRLIRH+s6iT1C8Ni8iAAlndfUS5SPH6Ymswix9KuJCvYc8Jy+c8pPchYePtMQfv3dVe5a1i06b8I5c+MX8V7j2kaCijYDirnhiD0qlc8SW/mIyB5RNpAgKPTzLjLKJNSUkTGOWUnww==,iv:H2yQ5ioBVnezmhGHbJ7sAlXvUb2MUmHpQpS7f+nIph4=,tag:qvqsbgf2Y/PAd3s9ZFuxWA==,type:str] sops: age: - recipient: age1amdd4hu6k0czf3mtlhd03yj3yzkdaynl7q5fdlqmjzpe9pwgxfjs3j0c85 @@ -35,7 +38,7 @@ sops: UllqSDR1YWl6aU1jSnY2WE9oczg5Q28KfN15tFxXHrJmOHySK+cyLi2bFqArg244 bNTYyuBUtBW1Y/EuNpbyLjSNQpKZWFz7grE64uxrNQHP865N3wv0gg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-29T06:50:56Z" - mac: ENC[AES256_GCM,data:wFf/x2YFqxlojui67t5wsY6mfJMcyNnI3TnQhDKE8KCdqUrUeZCPLr7dkpyAyxP0bI5Y8ynvOpEps56YvPFfZX+RQ3r/1Qp5w/TisLSLdu6CrMHARW0qMZz7MBf6K1HyBKUQJPIVljaOtsgWwzsoy6zx3C9G3WRVI9yWXa+luAo=,iv:3fLNP7lsqvQPFoQWOXV/6bjSjC+DpPP86gjWlKlLysk=,tag:eP/5d87Wmfd6Bk1KyFi9zQ==,type:str] + lastmodified: "2025-04-30T16:13:29Z" + mac: ENC[AES256_GCM,data:KBJJJc30KARd79w7iTZ4DPwpgcZGTf3oE85xVO//KX8uq/rPPWuXBSwDGcIKlWGVpwiNbCqVvoH3DhKxJfKnuGKadK96xjv3KyIR2H8KMvhTQDXodt61ZyNERDEpa1HcuOemYpAe8W1cUzJkm1wxNublNYBdKz1kQKMQ43tgalk=,iv:wr+nqXKB5wW4VgIr1z61f+LXsw76mMs4kFAOYAkV+tk=,tag:m8uLg6HQhIL1oN1pWQoTAg==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 diff --git a/systems/x86_64-linux/loptland/default.nix b/systems/x86_64-linux/loptland/default.nix index 61ec1cf..e29a2d0 100644 --- a/systems/x86_64-linux/loptland/default.nix +++ b/systems/x86_64-linux/loptland/default.nix @@ -76,15 +76,14 @@ in }; }; - # "${domainName}" = { - # forceSSL = cfg.enableAcme; - # useACMEHost = mkIf cfg.enableAcme domainName; + "nixcache.${domainName}" = { + forceSSL = cfg.enableAcme; + useACMEHost = mkIf cfg.enableAcme domainName; - # locations."/" = { - # root = /var/www/website; - # index = "index.html"; - # }; - # }; + locations."/" = { + proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; + }; + }; "_" = { forceSSL = cfg.enableAcme; @@ -146,6 +145,10 @@ in nix = { distributedBuilds = true; + extraOptions = '' + builders-use-substitutes = true + ''; + buildMachines = [ { hostName = "localhost"; @@ -175,6 +178,11 @@ in ]; }; + services.nix-serve = { + enable = true; + secretKeyFile = "/var/cache-priv-key.pem"; + }; + services.hydra = { enable = true; hydraURL = "http://localhost:${toString hydraPort}";