feat(servers): add self-hosted bin cache

devices/oksys/modules/caddy.nix

@@ -28,6 +28,7 @@ in {
     virtualHosts = let
       dockerIP = "10.0.0.122";
       jellyIP = "10.0.0.123";
+      servivi = "10.0.0.249";
     in {
       "nelim.org" = {
         serverAliases = ["*.nelim.org"];
@@ -68,6 +69,11 @@ in {
             reverseProxy = "${dockerIP}:3000";
           };
 
+          nix-binary-cache = {
+            subDomainName = "cache";
+            reverseProxy = "${servivi}:5000";
+          };
+
           calibre = {
             subDomainName = "books";
             reverseProxy = "${dockerIP}:8083";

devices/servivi/default.nix

@@ -4,6 +4,8 @@
 
     ../../modules/kmscon.nix
     ../../modules/tailscale.nix
+
+    ./modules/binary-cache.nix
   ];
 
   vars = {

devices/servivi/modules/binary-cache.nix

@@ -0,0 +1,43 @@
+{
+  config,
+  pkgs,
+  nixpkgs,
+  ...
+}: let
+  secrets = config.sops.secrets;
+  vars = config.vars;
+in {
+  services.nix-serve = {
+    enable = true;
+    secretKeyFile = secrets.binary-cache-key.path;
+  };
+
+  systemd = {
+    services.buildAll = {
+      serviceConfig = {
+        Type = "oneshot";
+        User = vars.user;
+        Group = config.users.users.${vars.user}.group;
+      };
+      script = ''
+        cd /tmp
+        ${pkgs.nix}/bin/nix-shell \
+          -I "nixpkgs=${nixpkgs}" \
+          -p openssh nix git nixci --run \
+        "${builtins.concatStringsSep "; " [
+          "git clone https://git.nelim.org/matt1432/nixos-configs.git nix-clone"
+          "cd nix-clone"
+          "nix flake update"
+          "nixci ."
+          "cd .."
+          "rm -r nix-clone"
+        ]}"
+      '';
+    };
+    timers.buildAll = {
+      wantedBy = ["timers.target"];
+      partOf = ["buildAll.service"];
+      timerConfig.OnCalendar = ["*-*-* 0:00:00"];
+    };
+  };
+}