diff --git a/.forgejo/workflows/cachix.yml b/.forgejo/workflows/cachix.yml deleted file mode 100644 index 0142f0d..0000000 --- a/.forgejo/workflows/cachix.yml +++ /dev/null @@ -1,42 +0,0 @@ -name: Binary Cache - -on: [push, pull_request, workflow_dispatch] - -jobs: - nix: - name: "Build" - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: https://github.com/actions/checkout@v3 - with: - submodules: recursive - - - name: Setup-Nix - uses: https://github.com/cachix/install-nix-action@v24 - with: - github_access_token: ${{ secrets.TOKEN_GH }} - - - name: Install-nixci - uses: https://github.com/yaxitech/nix-install-pkgs-action@v3 - with: - packages: "nixpkgs#nixci, dig" - - - name: Setup-cachix - uses: https://github.com/cachix/cachix-action@v12 - with: - name: archives - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - - - name: Install SSH key - run: | - install -m 600 -D /dev/null ~/.ssh/id_rsa - echo "${{ secrets.PRIVATE_SSH_KEY }}" > ~/.ssh/id_rsa - host='git.nelim.org' - hosts="$(dig +short "$host" | grep -v '\.$' | sed -z 's|\n|,|g')$host" - ssh-keyscan -H "$hosts" > ~/.ssh/known_hosts - - - name: Build-configs - run: | - nix flake update - nixci diff --git a/common/modules/cachix.nix b/common/modules/cachix.nix index 9c7c6fc..3366fa2 100644 --- a/common/modules/cachix.nix +++ b/common/modules/cachix.nix @@ -15,7 +15,7 @@ # Caddy "https://caddycf.cachix.org" # Personal config cache - "https://archives.cachix.org" + "https://cache.nelim.org" ]; trusted-public-keys = [ "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" @@ -30,7 +30,7 @@ # Caddy "caddycf.cachix.org-1:6vbQaeiec/zKv9XfEwi9yWVCe7opbeJMu6w81UEXugY=" # Personal config cache - "archives.cachix.org-1:6fvCc0qfKnnYVUmNw0TeT4qH/ZNAGLOzw7SlgWN5bV0=" + "cache.nelim.org:JmFqkUdH11EA9EZOFAGVHuRYp7EbsdJDHvTQzG2pPyY=" ]; }; }; diff --git a/devices/oksys/modules/caddy.nix b/devices/oksys/modules/caddy.nix index 0ccdd91..8147eda 100644 --- a/devices/oksys/modules/caddy.nix +++ b/devices/oksys/modules/caddy.nix @@ -28,6 +28,7 @@ in { virtualHosts = let dockerIP = "10.0.0.122"; jellyIP = "10.0.0.123"; + servivi = "10.0.0.249"; in { "nelim.org" = { serverAliases = ["*.nelim.org"]; @@ -68,6 +69,11 @@ in { reverseProxy = "${dockerIP}:3000"; }; + nix-binary-cache = { + subDomainName = "cache"; + reverseProxy = "${servivi}:5000"; + }; + calibre = { subDomainName = "books"; reverseProxy = "${dockerIP}:8083"; diff --git a/devices/servivi/default.nix b/devices/servivi/default.nix index d155a0e..70f9f5e 100644 --- a/devices/servivi/default.nix +++ b/devices/servivi/default.nix @@ -4,6 +4,8 @@ ../../modules/kmscon.nix ../../modules/tailscale.nix + + ./modules/binary-cache.nix ]; vars = { diff --git a/devices/servivi/modules/binary-cache.nix b/devices/servivi/modules/binary-cache.nix new file mode 100644 index 0000000..b13fd4f --- /dev/null +++ b/devices/servivi/modules/binary-cache.nix @@ -0,0 +1,43 @@ +{ + config, + pkgs, + nixpkgs, + ... +}: let + secrets = config.sops.secrets; + vars = config.vars; +in { + services.nix-serve = { + enable = true; + secretKeyFile = secrets.binary-cache-key.path; + }; + + systemd = { + services.buildAll = { + serviceConfig = { + Type = "oneshot"; + User = vars.user; + Group = config.users.users.${vars.user}.group; + }; + script = '' + cd /tmp + ${pkgs.nix}/bin/nix-shell \ + -I "nixpkgs=${nixpkgs}" \ + -p openssh nix git nixci --run \ + "${builtins.concatStringsSep "; " [ + "git clone https://git.nelim.org/matt1432/nixos-configs.git nix-clone" + "cd nix-clone" + "nix flake update" + "nixci ." + "cd .." + "rm -r nix-clone" + ]}" + ''; + }; + timers.buildAll = { + wantedBy = ["timers.target"]; + partOf = ["buildAll.service"]; + timerConfig.OnCalendar = ["*-*-* 0:00:00"]; + }; + }; +} diff --git a/flake.lock b/flake.lock index 2dfd616..de5eccd 100644 --- a/flake.lock +++ b/flake.lock @@ -878,11 +878,11 @@ }, "nur": { "locked": { - "lastModified": 1703558681, - "narHash": "sha256-nMkDgZbKOxq6Nscj86U5uzxmDu6nfLSm/GNNqQx7j4E=", + "lastModified": 1703562846, + "narHash": "sha256-ZMoJ8o+ey78WUN4CVXWOD+XacH+uRuoZIFJFmB+mTug=", "owner": "nix-community", "repo": "NUR", - "rev": "b3967cffef433fe025ef03ebca93a56376fbcb88", + "rev": "a40c29c5c7beb812885ef39f0682457655dc6017", "type": "github" }, "original": { @@ -940,11 +940,11 @@ "sops-nix": "sops-nix" }, "locked": { - "lastModified": 1703364898, - "narHash": "sha256-sU02sZfhdxHlMMqSKdlPE9upZ5RXKVzgfW1GSAuf30U=", + "lastModified": 1703563864, + "narHash": "sha256-sP2Hool59oPdB3pORlEYMg5Fhb+GSzGwSzeYl2+hBXQ=", "ref": "refs/heads/main", - "rev": "04081fc81d9df533d0f81f89b1730eb15bdbc6a8", - "revCount": 6, + "rev": "810545ee6ef90fa41f8c0a28e5de45aa646f411c", + "revCount": 14, "type": "git", "url": "ssh://git@git.nelim.org/matt1432/nixos-secrets" }, diff --git a/flake.nix b/flake.nix index e7df663..c1f08f8 100644 --- a/flake.nix +++ b/flake.nix @@ -33,7 +33,10 @@ wim = mkNixOS [./devices/wim]; binto = mkNixOS [./devices/binto]; - servivi = mkNixOS [./devices/servivi]; + servivi = mkNixOS [ + ./devices/servivi + secrets.nixosModules.servivi + ]; oksys = mkNixOS [ ./devices/oksys secrets.nixosModules.oksys