hydra: revive nix-serve.hq.c3d2.de binary cache
This commit is contained in:
parent
944d227d17
commit
37c3082fea
|
@ -351,11 +351,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1641664373,
|
||||
"narHash": "sha256-/F17oCX99lBf1IyypncSPL2dCH1qZ5ddgCiYXbjf+Tg=",
|
||||
"lastModified": 1641685255,
|
||||
"narHash": "sha256-x/uImmv13RVSeyviavHNuSrMbNgrAEUytIMMBku0bzc=",
|
||||
"ref": "master",
|
||||
"rev": "4d3e2f68d22fa73effc45a32f675fbe125775ab4",
|
||||
"revCount": 118,
|
||||
"rev": "108355b99088b53eae238c1cee2d5922c1f1d2ac",
|
||||
"revCount": 119,
|
||||
"type": "git",
|
||||
"url": "ssh://gitea@gitea.c3d2.de/c3d2-admins/secrets.git"
|
||||
},
|
||||
|
|
|
@ -377,6 +377,9 @@
|
|||
modules = [
|
||||
./lib/lxc-container.nix
|
||||
./hosts/containers/hydra
|
||||
{
|
||||
sops.defaultSopsFile = "${secrets}/hosts/hydra/secrets.yaml";
|
||||
}
|
||||
];
|
||||
system = "x86_64-linux";
|
||||
};
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
nix-serve.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps=
|
|
@ -1,11 +1,17 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
sops.secrets."nix-serve/secretKey".mode = "0444";
|
||||
# Nix binary cache
|
||||
services.nix-serve = {
|
||||
enable = true;
|
||||
secretKeyFile = "/var/cache-priv-key.pem";
|
||||
# secretKeyFile = config.sops.secrets."nix-serve/secretKey".path;
|
||||
};
|
||||
# nix-serve requires a $HOME.
|
||||
# also, systemd's LoadCredential mechanism doesn't work here.
|
||||
systemd.services.nix-serve.serviceConfig.Environment = "HOME=%S NIX_SECRET_KEY_FILE=${config.sops.secrets."nix-serve/secretKey".path}";
|
||||
|
||||
# Nix binary cache thru reverse proxy for HTTPS
|
||||
services.nginx.virtualHosts."nix-serve.hq.c3d2.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
@ -17,6 +23,7 @@
|
|||
'';
|
||||
};
|
||||
|
||||
# TODO: what is this?
|
||||
services.nginx.virtualHosts."depot.hq.c3d2.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
{ config, lib, ... }:
|
||||
{
|
||||
nix = lib.mkIf (config.networking.hostName != "hydra") {
|
||||
binaryCaches = [
|
||||
"https://nix-serve.hq.c3d2.de"
|
||||
];
|
||||
binaryCachePublicKeys = [
|
||||
(builtins.readFile ../hosts/containers/hydra/cache-pub.key)
|
||||
];
|
||||
};
|
||||
}
|
|
@ -33,6 +33,7 @@ in {
|
|||
./audio-server
|
||||
./pi-sensors.nix
|
||||
./ceph-storage.nix
|
||||
./cache.nix
|
||||
];
|
||||
|
||||
options.c3d2 = with lib;
|
||||
|
|
Loading…
Reference in New Issue