feat(servers): add self-hosted bin cache
All checks were successful
Discord / discord commits (push) Successful in 1m13s
All checks were successful
Discord / discord commits (push) Successful in 1m13s
This commit is contained in:
parent
035bd58eb2
commit
f969c050cf
7 changed files with 53 additions and 44 deletions
|
@ -1,42 +0,0 @@
|
||||||
name: Binary Cache
|
|
||||||
|
|
||||||
on: [push, pull_request, workflow_dispatch]
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
nix:
|
|
||||||
name: "Build"
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- name: Checkout
|
|
||||||
uses: https://github.com/actions/checkout@v3
|
|
||||||
with:
|
|
||||||
submodules: recursive
|
|
||||||
|
|
||||||
- name: Setup-Nix
|
|
||||||
uses: https://github.com/cachix/install-nix-action@v24
|
|
||||||
with:
|
|
||||||
github_access_token: ${{ secrets.TOKEN_GH }}
|
|
||||||
|
|
||||||
- name: Install-nixci
|
|
||||||
uses: https://github.com/yaxitech/nix-install-pkgs-action@v3
|
|
||||||
with:
|
|
||||||
packages: "nixpkgs#nixci, dig"
|
|
||||||
|
|
||||||
- name: Setup-cachix
|
|
||||||
uses: https://github.com/cachix/cachix-action@v12
|
|
||||||
with:
|
|
||||||
name: archives
|
|
||||||
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
|
|
||||||
|
|
||||||
- name: Install SSH key
|
|
||||||
run: |
|
|
||||||
install -m 600 -D /dev/null ~/.ssh/id_rsa
|
|
||||||
echo "${{ secrets.PRIVATE_SSH_KEY }}" > ~/.ssh/id_rsa
|
|
||||||
host='git.nelim.org'
|
|
||||||
hosts="$(dig +short "$host" | grep -v '\.$' | sed -z 's|\n|,|g')$host"
|
|
||||||
ssh-keyscan -H "$hosts" > ~/.ssh/known_hosts
|
|
||||||
|
|
||||||
- name: Build-configs
|
|
||||||
run: |
|
|
||||||
nix flake update
|
|
||||||
nixci
|
|
|
@ -15,7 +15,7 @@
|
||||||
# Caddy
|
# Caddy
|
||||||
"https://caddycf.cachix.org"
|
"https://caddycf.cachix.org"
|
||||||
# Personal config cache
|
# Personal config cache
|
||||||
"https://archives.cachix.org"
|
"https://cache.nelim.org"
|
||||||
];
|
];
|
||||||
trusted-public-keys = [
|
trusted-public-keys = [
|
||||||
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
|
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
|
||||||
|
@ -30,7 +30,7 @@
|
||||||
# Caddy
|
# Caddy
|
||||||
"caddycf.cachix.org-1:6vbQaeiec/zKv9XfEwi9yWVCe7opbeJMu6w81UEXugY="
|
"caddycf.cachix.org-1:6vbQaeiec/zKv9XfEwi9yWVCe7opbeJMu6w81UEXugY="
|
||||||
# Personal config cache
|
# Personal config cache
|
||||||
"archives.cachix.org-1:6fvCc0qfKnnYVUmNw0TeT4qH/ZNAGLOzw7SlgWN5bV0="
|
"cache.nelim.org:JmFqkUdH11EA9EZOFAGVHuRYp7EbsdJDHvTQzG2pPyY="
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -28,6 +28,7 @@ in {
|
||||||
virtualHosts = let
|
virtualHosts = let
|
||||||
dockerIP = "10.0.0.122";
|
dockerIP = "10.0.0.122";
|
||||||
jellyIP = "10.0.0.123";
|
jellyIP = "10.0.0.123";
|
||||||
|
servivi = "10.0.0.249";
|
||||||
in {
|
in {
|
||||||
"nelim.org" = {
|
"nelim.org" = {
|
||||||
serverAliases = ["*.nelim.org"];
|
serverAliases = ["*.nelim.org"];
|
||||||
|
@ -68,6 +69,11 @@ in {
|
||||||
reverseProxy = "${dockerIP}:3000";
|
reverseProxy = "${dockerIP}:3000";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nix-binary-cache = {
|
||||||
|
subDomainName = "cache";
|
||||||
|
reverseProxy = "${servivi}:5000";
|
||||||
|
};
|
||||||
|
|
||||||
calibre = {
|
calibre = {
|
||||||
subDomainName = "books";
|
subDomainName = "books";
|
||||||
reverseProxy = "${dockerIP}:8083";
|
reverseProxy = "${dockerIP}:8083";
|
||||||
|
|
|
@ -4,6 +4,8 @@
|
||||||
|
|
||||||
../../modules/kmscon.nix
|
../../modules/kmscon.nix
|
||||||
../../modules/tailscale.nix
|
../../modules/tailscale.nix
|
||||||
|
|
||||||
|
./modules/binary-cache.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
vars = {
|
vars = {
|
||||||
|
|
43
devices/servivi/modules/binary-cache.nix
Normal file
43
devices/servivi/modules/binary-cache.nix
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
nixpkgs,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
secrets = config.sops.secrets;
|
||||||
|
vars = config.vars;
|
||||||
|
in {
|
||||||
|
services.nix-serve = {
|
||||||
|
enable = true;
|
||||||
|
secretKeyFile = secrets.binary-cache-key.path;
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd = {
|
||||||
|
services.buildAll = {
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
User = vars.user;
|
||||||
|
Group = config.users.users.${vars.user}.group;
|
||||||
|
};
|
||||||
|
script = ''
|
||||||
|
cd /tmp
|
||||||
|
${pkgs.nix}/bin/nix-shell \
|
||||||
|
-I "nixpkgs=${nixpkgs}" \
|
||||||
|
-p openssh nix git nixci --run \
|
||||||
|
"${builtins.concatStringsSep "; " [
|
||||||
|
"git clone https://git.nelim.org/matt1432/nixos-configs.git nix-clone"
|
||||||
|
"cd nix-clone"
|
||||||
|
"nix flake update"
|
||||||
|
"nixci ."
|
||||||
|
"cd .."
|
||||||
|
"rm -r nix-clone"
|
||||||
|
]}"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
timers.buildAll = {
|
||||||
|
wantedBy = ["timers.target"];
|
||||||
|
partOf = ["buildAll.service"];
|
||||||
|
timerConfig.OnCalendar = ["*-*-* 0:00:00"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
BIN
flake.lock
BIN
flake.lock
Binary file not shown.
BIN
flake.nix
BIN
flake.nix
Binary file not shown.
Loading…
Reference in a new issue