feat(servers): add self-hosted bin cache
All checks were successful
Discord / discord commits (push) Successful in 1m13s
All checks were successful
Discord / discord commits (push) Successful in 1m13s
This commit is contained in:
parent
035bd58eb2
commit
f969c050cf
7 changed files with 64 additions and 52 deletions
|
@ -1,42 +0,0 @@
|
|||
name: Binary Cache
|
||||
|
||||
on: [push, pull_request, workflow_dispatch]
|
||||
|
||||
jobs:
|
||||
nix:
|
||||
name: "Build"
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: https://github.com/actions/checkout@v3
|
||||
with:
|
||||
submodules: recursive
|
||||
|
||||
- name: Setup-Nix
|
||||
uses: https://github.com/cachix/install-nix-action@v24
|
||||
with:
|
||||
github_access_token: ${{ secrets.TOKEN_GH }}
|
||||
|
||||
- name: Install-nixci
|
||||
uses: https://github.com/yaxitech/nix-install-pkgs-action@v3
|
||||
with:
|
||||
packages: "nixpkgs#nixci, dig"
|
||||
|
||||
- name: Setup-cachix
|
||||
uses: https://github.com/cachix/cachix-action@v12
|
||||
with:
|
||||
name: archives
|
||||
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
|
||||
|
||||
- name: Install SSH key
|
||||
run: |
|
||||
install -m 600 -D /dev/null ~/.ssh/id_rsa
|
||||
echo "${{ secrets.PRIVATE_SSH_KEY }}" > ~/.ssh/id_rsa
|
||||
host='git.nelim.org'
|
||||
hosts="$(dig +short "$host" | grep -v '\.$' | sed -z 's|\n|,|g')$host"
|
||||
ssh-keyscan -H "$hosts" > ~/.ssh/known_hosts
|
||||
|
||||
- name: Build-configs
|
||||
run: |
|
||||
nix flake update
|
||||
nixci
|
|
@ -15,7 +15,7 @@
|
|||
# Caddy
|
||||
"https://caddycf.cachix.org"
|
||||
# Personal config cache
|
||||
"https://archives.cachix.org"
|
||||
"https://cache.nelim.org"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
|
||||
|
@ -30,7 +30,7 @@
|
|||
# Caddy
|
||||
"caddycf.cachix.org-1:6vbQaeiec/zKv9XfEwi9yWVCe7opbeJMu6w81UEXugY="
|
||||
# Personal config cache
|
||||
"archives.cachix.org-1:6fvCc0qfKnnYVUmNw0TeT4qH/ZNAGLOzw7SlgWN5bV0="
|
||||
"cache.nelim.org:JmFqkUdH11EA9EZOFAGVHuRYp7EbsdJDHvTQzG2pPyY="
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -28,6 +28,7 @@ in {
|
|||
virtualHosts = let
|
||||
dockerIP = "10.0.0.122";
|
||||
jellyIP = "10.0.0.123";
|
||||
servivi = "10.0.0.249";
|
||||
in {
|
||||
"nelim.org" = {
|
||||
serverAliases = ["*.nelim.org"];
|
||||
|
@ -68,6 +69,11 @@ in {
|
|||
reverseProxy = "${dockerIP}:3000";
|
||||
};
|
||||
|
||||
nix-binary-cache = {
|
||||
subDomainName = "cache";
|
||||
reverseProxy = "${servivi}:5000";
|
||||
};
|
||||
|
||||
calibre = {
|
||||
subDomainName = "books";
|
||||
reverseProxy = "${dockerIP}:8083";
|
||||
|
|
|
@ -4,6 +4,8 @@
|
|||
|
||||
../../modules/kmscon.nix
|
||||
../../modules/tailscale.nix
|
||||
|
||||
./modules/binary-cache.nix
|
||||
];
|
||||
|
||||
vars = {
|
||||
|
|
43
devices/servivi/modules/binary-cache.nix
Normal file
43
devices/servivi/modules/binary-cache.nix
Normal file
|
@ -0,0 +1,43 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
nixpkgs,
|
||||
...
|
||||
}: let
|
||||
secrets = config.sops.secrets;
|
||||
vars = config.vars;
|
||||
in {
|
||||
services.nix-serve = {
|
||||
enable = true;
|
||||
secretKeyFile = secrets.binary-cache-key.path;
|
||||
};
|
||||
|
||||
systemd = {
|
||||
services.buildAll = {
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = vars.user;
|
||||
Group = config.users.users.${vars.user}.group;
|
||||
};
|
||||
script = ''
|
||||
cd /tmp
|
||||
${pkgs.nix}/bin/nix-shell \
|
||||
-I "nixpkgs=${nixpkgs}" \
|
||||
-p openssh nix git nixci --run \
|
||||
"${builtins.concatStringsSep "; " [
|
||||
"git clone https://git.nelim.org/matt1432/nixos-configs.git nix-clone"
|
||||
"cd nix-clone"
|
||||
"nix flake update"
|
||||
"nixci ."
|
||||
"cd .."
|
||||
"rm -r nix-clone"
|
||||
]}"
|
||||
'';
|
||||
};
|
||||
timers.buildAll = {
|
||||
wantedBy = ["timers.target"];
|
||||
partOf = ["buildAll.service"];
|
||||
timerConfig.OnCalendar = ["*-*-* 0:00:00"];
|
||||
};
|
||||
};
|
||||
}
|
14
flake.lock
generated
14
flake.lock
generated
|
@ -878,11 +878,11 @@
|
|||
},
|
||||
"nur": {
|
||||
"locked": {
|
||||
"lastModified": 1703558681,
|
||||
"narHash": "sha256-nMkDgZbKOxq6Nscj86U5uzxmDu6nfLSm/GNNqQx7j4E=",
|
||||
"lastModified": 1703562846,
|
||||
"narHash": "sha256-ZMoJ8o+ey78WUN4CVXWOD+XacH+uRuoZIFJFmB+mTug=",
|
||||
"owner": "nix-community",
|
||||
"repo": "NUR",
|
||||
"rev": "b3967cffef433fe025ef03ebca93a56376fbcb88",
|
||||
"rev": "a40c29c5c7beb812885ef39f0682457655dc6017",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -940,11 +940,11 @@
|
|||
"sops-nix": "sops-nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1703364898,
|
||||
"narHash": "sha256-sU02sZfhdxHlMMqSKdlPE9upZ5RXKVzgfW1GSAuf30U=",
|
||||
"lastModified": 1703563864,
|
||||
"narHash": "sha256-sP2Hool59oPdB3pORlEYMg5Fhb+GSzGwSzeYl2+hBXQ=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "04081fc81d9df533d0f81f89b1730eb15bdbc6a8",
|
||||
"revCount": 6,
|
||||
"rev": "810545ee6ef90fa41f8c0a28e5de45aa646f411c",
|
||||
"revCount": 14,
|
||||
"type": "git",
|
||||
"url": "ssh://git@git.nelim.org/matt1432/nixos-secrets"
|
||||
},
|
||||
|
|
|
@ -33,7 +33,10 @@
|
|||
wim = mkNixOS [./devices/wim];
|
||||
binto = mkNixOS [./devices/binto];
|
||||
|
||||
servivi = mkNixOS [./devices/servivi];
|
||||
servivi = mkNixOS [
|
||||
./devices/servivi
|
||||
secrets.nixosModules.servivi
|
||||
];
|
||||
oksys = mkNixOS [
|
||||
./devices/oksys
|
||||
secrets.nixosModules.oksys
|
||||
|
|
Loading…
Add table
Reference in a new issue