Skip to content

Commit

Permalink
Revert "Cleanup: hosts/binarycache configuration"
Browse files Browse the repository at this point in the history
This reverts commit 47ab96b.

Signed-off-by: Marko Lindqvist <[email protected]>
  • Loading branch information
Marko Lindqvist committed Dec 12, 2024
1 parent 1404fe5 commit 5c94462
Show file tree
Hide file tree
Showing 2 changed files with 49 additions and 1 deletion.
38 changes: 37 additions & 1 deletion hosts/binarycache/configuration.nix
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,12 @@
self,
inputs,
lib,
config,
...
}:
{
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets.cache-sig-key.owner = "root";

imports =
[
Expand All @@ -18,20 +20,54 @@
]
++ (with self.nixosModules; [
common
qemu-common
ficolo-common
service-openssh
service-binary-cache
service-nginx
user-jrautiola
user-cazfi
user-hrosten
user-mkaapu
user-avnik
]);

nix.settings = {
# we don't want the cache to be a substitutor for itself
substituters = lib.mkForce [ "https://cache.nixos.org/" ];
};

nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
networking.hostName = "binarycache";

networking = {
hostName = "binarycache";
};

security.acme = {
acceptTerms = true;
defaults.email = "[email protected]";
};

services.monitoring = {
metrics.enable = true;
logs.enable = true;
};

services.nginx = {
recommendedZstdSettings = true;
virtualHosts = {
"cache.vedenemo.dev" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/" = {
proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
extraConfig = ''
zstd on;
zstd_types application/x-nix-archive;
'';
};
};
};
};
}
12 changes: 12 additions & 0 deletions services/binary-cache/default.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# SPDX-FileCopyrightText: 2022-2024 TII (SSRC) and the Ghaf contributors
# SPDX-License-Identifier: Apache-2.0
{ config, ... }:
{
services = {
harmonia = {
enable = true;
signKeyPath = config.sops.secrets.cache-sig-key.path;
};
};
networking.firewall.allowedTCPPorts = [ 5000 ];
}

0 comments on commit 5c94462

Please sign in to comment.