feat(servers): add self-hosted bin cache
All checks were successful
Discord / discord commits (push) Successful in 1m13s

This commit is contained in:
matt1432 2023-12-26 00:48:43 -05:00
parent 035bd58eb2
commit f969c050cf
7 changed files with 53 additions and 44 deletions

View file

@ -1,42 +0,0 @@
name: Binary Cache
on: [push, pull_request, workflow_dispatch]
jobs:
nix:
name: "Build"
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: https://github.com/actions/checkout@v3
with:
submodules: recursive
- name: Setup-Nix
uses: https://github.com/cachix/install-nix-action@v24
with:
github_access_token: ${{ secrets.TOKEN_GH }}
- name: Install-nixci
uses: https://github.com/yaxitech/nix-install-pkgs-action@v3
with:
packages: "nixpkgs#nixci, dig"
- name: Setup-cachix
uses: https://github.com/cachix/cachix-action@v12
with:
name: archives
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Install SSH key
run: |
install -m 600 -D /dev/null ~/.ssh/id_rsa
echo "${{ secrets.PRIVATE_SSH_KEY }}" > ~/.ssh/id_rsa
host='git.nelim.org'
hosts="$(dig +short "$host" | grep -v '\.$' | sed -z 's|\n|,|g')$host"
ssh-keyscan -H "$hosts" > ~/.ssh/known_hosts
- name: Build-configs
run: |
nix flake update
nixci

View file

@ -15,7 +15,7 @@
# Caddy # Caddy
"https://caddycf.cachix.org" "https://caddycf.cachix.org"
# Personal config cache # Personal config cache
"https://archives.cachix.org" "https://cache.nelim.org"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
@ -30,7 +30,7 @@
# Caddy # Caddy
"caddycf.cachix.org-1:6vbQaeiec/zKv9XfEwi9yWVCe7opbeJMu6w81UEXugY=" "caddycf.cachix.org-1:6vbQaeiec/zKv9XfEwi9yWVCe7opbeJMu6w81UEXugY="
# Personal config cache # Personal config cache
"archives.cachix.org-1:6fvCc0qfKnnYVUmNw0TeT4qH/ZNAGLOzw7SlgWN5bV0=" "cache.nelim.org:JmFqkUdH11EA9EZOFAGVHuRYp7EbsdJDHvTQzG2pPyY="
]; ];
}; };
}; };

View file

@ -28,6 +28,7 @@ in {
virtualHosts = let virtualHosts = let
dockerIP = "10.0.0.122"; dockerIP = "10.0.0.122";
jellyIP = "10.0.0.123"; jellyIP = "10.0.0.123";
servivi = "10.0.0.249";
in { in {
"nelim.org" = { "nelim.org" = {
serverAliases = ["*.nelim.org"]; serverAliases = ["*.nelim.org"];
@ -68,6 +69,11 @@ in {
reverseProxy = "${dockerIP}:3000"; reverseProxy = "${dockerIP}:3000";
}; };
nix-binary-cache = {
subDomainName = "cache";
reverseProxy = "${servivi}:5000";
};
calibre = { calibre = {
subDomainName = "books"; subDomainName = "books";
reverseProxy = "${dockerIP}:8083"; reverseProxy = "${dockerIP}:8083";

View file

@ -4,6 +4,8 @@
../../modules/kmscon.nix ../../modules/kmscon.nix
../../modules/tailscale.nix ../../modules/tailscale.nix
./modules/binary-cache.nix
]; ];
vars = { vars = {

View file

@ -0,0 +1,43 @@
{
config,
pkgs,
nixpkgs,
...
}: let
secrets = config.sops.secrets;
vars = config.vars;
in {
services.nix-serve = {
enable = true;
secretKeyFile = secrets.binary-cache-key.path;
};
systemd = {
services.buildAll = {
serviceConfig = {
Type = "oneshot";
User = vars.user;
Group = config.users.users.${vars.user}.group;
};
script = ''
cd /tmp
${pkgs.nix}/bin/nix-shell \
-I "nixpkgs=${nixpkgs}" \
-p openssh nix git nixci --run \
"${builtins.concatStringsSep "; " [
"git clone https://git.nelim.org/matt1432/nixos-configs.git nix-clone"
"cd nix-clone"
"nix flake update"
"nixci ."
"cd .."
"rm -r nix-clone"
]}"
'';
};
timers.buildAll = {
wantedBy = ["timers.target"];
partOf = ["buildAll.service"];
timerConfig.OnCalendar = ["*-*-* 0:00:00"];
};
};
}

Binary file not shown.

BIN
flake.nix

Binary file not shown.