From 7c0c58b3d2614eec14c4bd2efa2961ce4b8b3409 Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Sat, 25 Dec 2021 17:15:58 +0100 Subject: [PATCH] Added bincache --- machines/lisa/default.nix | 4 ++++ modules/bincache/default.nix | 37 ++++++++++++++++++++++++++++++++++++ modules/nix/default.nix | 8 ++++++++ 3 files changed, 49 insertions(+) create mode 100644 modules/bincache/default.nix diff --git a/machines/lisa/default.nix b/machines/lisa/default.nix index 0af0358..6836153 100644 --- a/machines/lisa/default.nix +++ b/machines/lisa/default.nix @@ -14,6 +14,10 @@ luj = { mediaserver.enable = true; homepage.enable = true; + bincache = { + enable = true; + subdomain = "bin"; + }; drone = { enable = true; nginx = { diff --git a/modules/bincache/default.nix b/modules/bincache/default.nix new file mode 100644 index 0000000..b7279dc --- /dev/null +++ b/modules/bincache/default.nix @@ -0,0 +1,37 @@ +{ pkgs, config, lib, inputs, ... }: +let + cfg = config.luj.bincache; + port = 5000; +in +with lib; +{ + options.luj.bincache = { + enable = mkEnableOption "Enable nix bincache"; + subdomain = mkOption { + type = types.str; + }; + + }; + + config = mkIf cfg.enable + { + sops.secrets.bin-cache-priv-key = { + owner = "nix-serve"; + }; + + services.nix-serve = { + enable = true; + secretKeyFile = "/run/secrets/bin-cache-priv-key"; + port = port; + }; + + luj.nginx.enable = true; + services.nginx.virtualHosts."${cfg.subdomain}.julienmalka.me" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${toString port}"; + }; + }; + }; +} diff --git a/modules/nix/default.nix b/modules/nix/default.nix index 52e1e87..d65f4df 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -25,6 +25,14 @@ with lib; nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; + binaryCaches = [ + "https://bin.julienmalka.me" + "https://cache.nixos.org/" + ]; + binaryCachePublicKeys = [ + "bin.julienmalka.me:y0uADfX8ZQ6Pthofm8Pj7v+hED3m2cY0d+Sg6/Jm+s8=" + ]; + };