matt1432/nixos-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(servers): add self-hosted bin cache

Browse source
This commit is contained in:
matt1432 2023-12-26 00:48:43 -05:00
parent 035bd58eb2
commit f969c050cf
7 changed files with 64 additions and 52 deletions
.forgejo/workflows
cachix.yml
common/modules
cachix.nix
devices
oksys/modules
caddy.nix
servivi
default.nix
modules
binary-cache.nix
flake.lockflake.nix

42
.forgejo/workflows/cachix.yml
View file

@ -1,42 +0,0 @@
name: Binary Cache
on: [push, pull_request, workflow_dispatch]
jobs:
nix:
name: "Build"
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: https://github.com/actions/checkout@v3
with:
submodules: recursive
- name: Setup-Nix
uses: https://github.com/cachix/install-nix-action@v24
with:
github_access_token: ${{ secrets.TOKEN_GH }}
- name: Install-nixci
uses: https://github.com/yaxitech/nix-install-pkgs-action@v3
with:
packages: "nixpkgs#nixci, dig"
- name: Setup-cachix
uses: https://github.com/cachix/cachix-action@v12
with:
name: archives
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Install SSH key
run: |
install -m 600 -D /dev/null ~/.ssh/id_rsa
echo "${{ secrets.PRIVATE_SSH_KEY }}" > ~/.ssh/id_rsa
host='git.nelim.org'
hosts="$(dig +short "$host" | grep -v '\.$' | sed -z 's|\n|,|g')$host"
ssh-keyscan -H "$hosts" > ~/.ssh/known_hosts
- name: Build-configs
run: |
nix flake update
nixci

4
common/modules/cachix.nix
View file

@ -15,7 +15,7 @@
# Caddy # Caddy
"https://caddycf.cachix.org" "https://caddycf.cachix.org"
# Personal config cache # Personal config cache
"https://archives.cachix.org" "https://cache.nelim.org"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
@ -30,7 +30,7 @@
# Caddy # Caddy
"caddycf.cachix.org-1:6vbQaeiec/zKv9XfEwi9yWVCe7opbeJMu6w81UEXugY=" "caddycf.cachix.org-1:6vbQaeiec/zKv9XfEwi9yWVCe7opbeJMu6w81UEXugY="
# Personal config cache # Personal config cache
"archives.cachix.org-1:6fvCc0qfKnnYVUmNw0TeT4qH/ZNAGLOzw7SlgWN5bV0=" "cache.nelim.org:JmFqkUdH11EA9EZOFAGVHuRYp7EbsdJDHvTQzG2pPyY="
]; ];
}; };
}; };

6
devices/oksys/modules/caddy.nix
View file

@ -28,6 +28,7 @@ in {
virtualHosts = let virtualHosts = let
dockerIP = "10.0.0.122"; dockerIP = "10.0.0.122";
jellyIP = "10.0.0.123"; jellyIP = "10.0.0.123";
servivi = "10.0.0.249";
in { in {
"nelim.org" = { "nelim.org" = {
serverAliases = ["*.nelim.org"]; serverAliases = ["*.nelim.org"];
@ -68,6 +69,11 @@ in {
reverseProxy = "${dockerIP}:3000"; reverseProxy = "${dockerIP}:3000";
}; };
nix-binary-cache = {
subDomainName = "cache";
reverseProxy = "${servivi}:5000";
};
calibre = { calibre = {
subDomainName = "books"; subDomainName = "books";
reverseProxy = "${dockerIP}:8083"; reverseProxy = "${dockerIP}:8083";

2
devices/servivi/default.nix
View file

@ -4,6 +4,8 @@
../../modules/kmscon.nix ../../modules/kmscon.nix
../../modules/tailscale.nix ../../modules/tailscale.nix
./modules/binary-cache.nix
]; ];
vars = { vars = {

43
devices/servivi/modules/binary-cache.nix Normal file
View file

@ -0,0 +1,43 @@
{
config,
pkgs,
nixpkgs,
...
}: let
secrets = config.sops.secrets;
vars = config.vars;
in {
services.nix-serve = {
enable = true;
secretKeyFile = secrets.binary-cache-key.path;
};
systemd = {
services.buildAll = {
serviceConfig = {
Type = "oneshot";
User = vars.user;
Group = config.users.users.${vars.user}.group;
};
script = ''
cd /tmp
${pkgs.nix}/bin/nix-shell \
-I "nixpkgs=${nixpkgs}" \
-p openssh nix git nixci --run \
"${builtins.concatStringsSep "; " [
"git clone https://git.nelim.org/matt1432/nixos-configs.git nix-clone"
"cd nix-clone"
"nix flake update"
"nixci ."
"cd .."
"rm -r nix-clone"
]}"
'';
};
timers.buildAll = {
wantedBy = ["timers.target"];
partOf = ["buildAll.service"];
timerConfig.OnCalendar = ["*-*-* 0:00:00"];
};
};
}

14
flake.lock generated
View file

@ -878,11 +878,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1703558681, "lastModified": 1703562846,
"narHash": "sha256-nMkDgZbKOxq6Nscj86U5uzxmDu6nfLSm/GNNqQx7j4E=", "narHash": "sha256-ZMoJ8o+ey78WUN4CVXWOD+XacH+uRuoZIFJFmB+mTug=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "b3967cffef433fe025ef03ebca93a56376fbcb88", "rev": "a40c29c5c7beb812885ef39f0682457655dc6017",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -940,11 +940,11 @@
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
}, },
"locked": { "locked": {
"lastModified": 1703364898, "lastModified": 1703563864,
"narHash": "sha256-sU02sZfhdxHlMMqSKdlPE9upZ5RXKVzgfW1GSAuf30U=", "narHash": "sha256-sP2Hool59oPdB3pORlEYMg5Fhb+GSzGwSzeYl2+hBXQ=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "04081fc81d9df533d0f81f89b1730eb15bdbc6a8", "rev": "810545ee6ef90fa41f8c0a28e5de45aa646f411c",
"revCount": 6, "revCount": 14,
"type": "git", "type": "git",
"url": "ssh://git@git.nelim.org/matt1432/nixos-secrets" "url": "ssh://git@git.nelim.org/matt1432/nixos-secrets"
}, },

5
flake.nix
View file

@ -33,7 +33,10 @@
wim = mkNixOS [./devices/wim]; wim = mkNixOS [./devices/wim];
binto = mkNixOS [./devices/binto]; binto = mkNixOS [./devices/binto];
servivi = mkNixOS [./devices/servivi]; servivi = mkNixOS [
./devices/servivi
secrets.nixosModules.servivi
];
oksys = mkNixOS [ oksys = mkNixOS [
./devices/oksys ./devices/oksys
secrets.nixosModules.oksys secrets.nixosModules.oksys