feat(servers): add self-hosted bin cache
All checks were successful
Discord / discord commits (push) Successful in 1m13s
All checks were successful
Discord / discord commits (push) Successful in 1m13s
This commit is contained in:
parent
035bd58eb2
commit
f969c050cf
7 changed files with 53 additions and 44 deletions
|
@ -1,42 +0,0 @@
|
|||
name: Binary Cache
|
||||
|
||||
on: [push, pull_request, workflow_dispatch]
|
||||
|
||||
jobs:
|
||||
nix:
|
||||
name: "Build"
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: https://github.com/actions/checkout@v3
|
||||
with:
|
||||
submodules: recursive
|
||||
|
||||
- name: Setup-Nix
|
||||
uses: https://github.com/cachix/install-nix-action@v24
|
||||
with:
|
||||
github_access_token: ${{ secrets.TOKEN_GH }}
|
||||
|
||||
- name: Install-nixci
|
||||
uses: https://github.com/yaxitech/nix-install-pkgs-action@v3
|
||||
with:
|
||||
packages: "nixpkgs#nixci, dig"
|
||||
|
||||
- name: Setup-cachix
|
||||
uses: https://github.com/cachix/cachix-action@v12
|
||||
with:
|
||||
name: archives
|
||||
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
|
||||
|
||||
- name: Install SSH key
|
||||
run: |
|
||||
install -m 600 -D /dev/null ~/.ssh/id_rsa
|
||||
echo "${{ secrets.PRIVATE_SSH_KEY }}" > ~/.ssh/id_rsa
|
||||
host='git.nelim.org'
|
||||
hosts="$(dig +short "$host" | grep -v '\.$' | sed -z 's|\n|,|g')$host"
|
||||
ssh-keyscan -H "$hosts" > ~/.ssh/known_hosts
|
||||
|
||||
- name: Build-configs
|
||||
run: |
|
||||
nix flake update
|
||||
nixci
|
|
@ -15,7 +15,7 @@
|
|||
# Caddy
|
||||
"https://caddycf.cachix.org"
|
||||
# Personal config cache
|
||||
"https://archives.cachix.org"
|
||||
"https://cache.nelim.org"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
|
||||
|
@ -30,7 +30,7 @@
|
|||
# Caddy
|
||||
"caddycf.cachix.org-1:6vbQaeiec/zKv9XfEwi9yWVCe7opbeJMu6w81UEXugY="
|
||||
# Personal config cache
|
||||
"archives.cachix.org-1:6fvCc0qfKnnYVUmNw0TeT4qH/ZNAGLOzw7SlgWN5bV0="
|
||||
"cache.nelim.org:JmFqkUdH11EA9EZOFAGVHuRYp7EbsdJDHvTQzG2pPyY="
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -28,6 +28,7 @@ in {
|
|||
virtualHosts = let
|
||||
dockerIP = "10.0.0.122";
|
||||
jellyIP = "10.0.0.123";
|
||||
servivi = "10.0.0.249";
|
||||
in {
|
||||
"nelim.org" = {
|
||||
serverAliases = ["*.nelim.org"];
|
||||
|
@ -68,6 +69,11 @@ in {
|
|||
reverseProxy = "${dockerIP}:3000";
|
||||
};
|
||||
|
||||
nix-binary-cache = {
|
||||
subDomainName = "cache";
|
||||
reverseProxy = "${servivi}:5000";
|
||||
};
|
||||
|
||||
calibre = {
|
||||
subDomainName = "books";
|
||||
reverseProxy = "${dockerIP}:8083";
|
||||
|
|
|
@ -4,6 +4,8 @@
|
|||
|
||||
../../modules/kmscon.nix
|
||||
../../modules/tailscale.nix
|
||||
|
||||
./modules/binary-cache.nix
|
||||
];
|
||||
|
||||
vars = {
|
||||
|
|
43
devices/servivi/modules/binary-cache.nix
Normal file
43
devices/servivi/modules/binary-cache.nix
Normal file
|
@ -0,0 +1,43 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
nixpkgs,
|
||||
...
|
||||
}: let
|
||||
secrets = config.sops.secrets;
|
||||
vars = config.vars;
|
||||
in {
|
||||
services.nix-serve = {
|
||||
enable = true;
|
||||
secretKeyFile = secrets.binary-cache-key.path;
|
||||
};
|
||||
|
||||
systemd = {
|
||||
services.buildAll = {
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = vars.user;
|
||||
Group = config.users.users.${vars.user}.group;
|
||||
};
|
||||
script = ''
|
||||
cd /tmp
|
||||
${pkgs.nix}/bin/nix-shell \
|
||||
-I "nixpkgs=${nixpkgs}" \
|
||||
-p openssh nix git nixci --run \
|
||||
"${builtins.concatStringsSep "; " [
|
||||
"git clone https://git.nelim.org/matt1432/nixos-configs.git nix-clone"
|
||||
"cd nix-clone"
|
||||
"nix flake update"
|
||||
"nixci ."
|
||||
"cd .."
|
||||
"rm -r nix-clone"
|
||||
]}"
|
||||
'';
|
||||
};
|
||||
timers.buildAll = {
|
||||
wantedBy = ["timers.target"];
|
||||
partOf = ["buildAll.service"];
|
||||
timerConfig.OnCalendar = ["*-*-* 0:00:00"];
|
||||
};
|
||||
};
|
||||
}
|
BIN
flake.lock
BIN
flake.lock
Binary file not shown.
BIN
flake.nix
BIN
flake.nix
Binary file not shown.
Loading…
Reference in a new issue