From b86bb8d067af83dd2498da246c88d4e8b5a65ceb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Mon, 3 Apr 2023 20:34:04 +0200
Subject: [PATCH] Rename nix-serve to nix-cache

---
 README.md                             |  4 +--
 config/default.nix                    |  4 +--
 flake.nix                             |  4 +--
 hosts/hydra/default.nix               | 47 ++++++++++++++-------------
 hosts/hydra/secrets.yaml              |  8 ++---
 hosts/public-access-proxy/default.nix |  1 +
 modules/autoupdate.nix                |  4 +--
 modules/microvm-host.nix              |  2 +-
 packages.nix                          |  2 +-
 9 files changed, 40 insertions(+), 36 deletions(-)

diff --git a/README.md b/README.md
index da572553..ed9f67d4 100644
--- a/README.md
+++ b/README.md
@@ -47,8 +47,8 @@ For every host that has a `nixosConfiguration` in our Flake, there are two scrip
   To use the cache from hydra set the following nix options similar to enabling flakes:
 
   ```
-  trusted-public-keys = nix-serve.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps=
-  trusted-substituters = https://nix-serve.hq.c3d2.de
+  trusted-public-keys = nix-cache.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps=
+  trusted-substituters = https://nix-cache.hq.c3d2.de
   ```
 
 ### Checking for updates
diff --git a/config/default.nix b/config/default.nix
index c8ab51a3..33313229 100644
--- a/config/default.nix
+++ b/config/default.nix
@@ -92,11 +92,11 @@
       experimental-features = "nix-command flakes";
       fallback = true;
       trusted-public-keys = [
-        "nix-serve.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps="
+        "nix-cache.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps="
       ];
       # don't self feed hydra
       substituters = lib.mkIf (config.networking.hostName != "hydra") (
-        lib.mkBefore [ "https://nix-serve.hq.c3d2.de" ]
+        lib.mkBefore [ "https://nix-cache.hq.c3d2.de" ]
       );
     };
   };
diff --git a/flake.nix b/flake.nix
index 37399b5e..c561429f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,8 +2,8 @@
   description = "C3D2 NixOS configurations";
 
   nixConfig = {
-    extra-substituters = [ "https://nix-serve.hq.c3d2.de" ];
-    extra-trusted-public-keys = [ "nix-serve.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps=" ];
+    extra-substituters = [ "https://nix-cache.hq.c3d2.de" ];
+    extra-trusted-public-keys = [ "nix-cache.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps=" ];
   };
 
   inputs = {
diff --git a/hosts/hydra/default.nix b/hosts/hydra/default.nix
index 75ef2242..069e2ffd 100644
--- a/hosts/hydra/default.nix
+++ b/hosts/hydra/default.nix
@@ -194,31 +194,34 @@ in
       };
     };
 
-    nginx =
-      let
-        hydraVhost = {
+    nginx = {
+      enable = true;
+      virtualHosts = {
+        "hydra.hq.c3d2.de" = {
+          default = true;
+          enableACME = true;
+          forceSSL = true;
+          locations."/".proxyPass = "http://localhost:${toString config.services.hydra.port}";
+          serverAliases = [
+            "hydra-ca.hq.c3d2.de"
+            "hydra.serv.zentralwerk.org"
+          ];
+        };
+        # "hydra-ca.hq.c3d2.de" = {
+        #   enableACME = true;
+        #   forceSSL = true;
+        #   locations."/".proxyPass = "http://192.168.100.2:3001";
+        # };
+        "nix-cache.hq.c3d2.de" = {
           forceSSL = true;
           enableACME = true;
-          locations."/".proxyPass = "http://localhost:${toString config.services.hydra.port}";
-        };
-      in
-      {
-        enable = true;
-        virtualHosts = {
-          "hydra.hq.c3d2.de" = hydraVhost // {
-            default = true;
-          };
-          # "hydra-ca.hq.c3d2.de" = hydraVhost // {
-          #   locations."/".proxyPass = "http://192.168.100.2:3001";
-          # };
-          "hydra.serv.zentralwerk.org" = hydraVhost;
-          "nix-serve.hq.c3d2.de" = {
-            forceSSL = true;
-            enableACME = true;
-            locations."/".proxyPass = "http://localhost:${toString cachePort}";
-          };
+          locations."/".proxyPass = "http://localhost:${toString cachePort}";
+          serverAliases = [
+            "nix-serve.hq.c3d2.de"
+          ];
         };
       };
+    };
 
     portunus.addToHosts = true;
 
@@ -326,6 +329,6 @@ in
     };
   };
 
-  # allow reading nix-serve secret
+  # allow reading harmonia secret
   users.users.harmonia.extraGroups = [ "hydra" ];
 }
diff --git a/hosts/hydra/secrets.yaml b/hosts/hydra/secrets.yaml
index 7ffb1efd..4fa57aa9 100644
--- a/hosts/hydra/secrets.yaml
+++ b/hosts/hydra/secrets.yaml
@@ -2,8 +2,8 @@ machine-id: ENC[AES256_GCM,data:/DmTA1InXn2MWnqmhkHYWaI504qnT0dFoQj2gganMqA=,iv:
 nix:
     access-tokens: ENC[AES256_GCM,data:6qYsInpdUwkWCFroA9AMUIHfu2/XoKfHPtwLRyaIffrcAa9KaHfgO7fKAvsySkaQ7mc9yImZxC5/AurN6zDMTOe1YQ4tVxcsDcBOtjEF+EBJjY2gS5LmxkreIr5+I8TYHSO0Bj7CZQAZOdtQW7mZ6CQ=,iv:NW4moujf3yCEbmLIW5lp+Zc0IMAy1W8xsVXgaCIpNUY=,tag:GkQNy8IarFWPkCTIxbn1gw==,type:str]
     signing-key:
-        publicKey: ENC[AES256_GCM,data:OV549m0+BA0BkYHQu0wx0d4XYkxwq9aNU7k6lLZ82blI5tf90UlKlCbVmA0wK5aVoGEBvQtBdntBMgubsH1GHJc=,iv:H/upNu0xCDKHPivYTYySKZ6a+XVJWV1vvRwfwKomJLU=,tag:xkFTTGyNS/UCQ5fmlLnnDA==,type:str]
-        secretKey: ENC[AES256_GCM,data:CMEER5Pcv2T0dYrgcrEH10uC6BM1pUOdAaQWA95lNQ3giuHdXzslFq3FTsk8hYODngNdNt/0ZOe67iWdJMjqSPKO2oTDofGtUL9GVordjnRpEtSgFkLbEjJ8kZff/IbXJzScdHEM676UhIdC3g==,iv:yVqWLuXFCCGjaiVHIKQbaagCxasqpVhS+4JnQWdecPk=,tag:F7zPgTzOxUiAJggmZAnaIg==,type:str]
+        publicKey: ENC[AES256_GCM,data:uCu93uTpOjgu0y41mduuP+wthq21Ywren0fwps2KF/7dnuOBbZ7N47khgemZV0mLzk0UTWqdcceRP1V12olpCRM=,iv:m+5kJdcGG+F+Wk2vjmNk/BAka8al6VVsjnP7eqq9VJI=,tag:hID2IX5WU+iRiQnHS9IW1w==,type:str]
+        secretKey: ENC[AES256_GCM,data:o9GEuqRQff4G7sv8f8OVr1tuvMQK97w3+l6MxHGy6ZAzklRQfrGmGCsKi5LVqpRXcc39VPp4kQZ7Iqlv4ZeaAM9p3FneXyPdyWyumsZVjPV8ChY9myQypXhngK/RD1+c+Wuzqlf8t5UnHY3F4Q==,iv:RBjPusXr46YQvuq2P/EenTcQJOutvCUheGya+zEnPHA=,tag:bXKzk4yRIktpZ1/w+6qsug==,type:str]
 ldap:
     search-user-pw: ENC[AES256_GCM,data:tSWin/QPIow2P5Aps/XaT42J+MXb8+a24SEri1QjF1O3bDlCxcR8RHqSX8d4Vg==,iv:P5qMaE2cdKxTaXuKO2nh+LDhKkY3psSlWf+JckmUYt4=,tag:eq8XW7P6FNlkviY5PydkZg==,type:str]
 ssh-keys:
@@ -40,8 +40,8 @@ sops:
             WkRmWkpEYVMrZ0tKQVgrRk5YU0grTFEK3cX9v11MK9LIw4w51hr2zyLP3biGxkdf
             dl77D0IS9m2u0HipmzUs95m+z5j47hiX4Qo1Uza/sshwDBYyia4upg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-01-06T23:28:11Z"
-    mac: ENC[AES256_GCM,data:2+jeXXMS5ZwEXULBHHpFosXW9Z5CAC165QQ7iJ0uY7JRoeAgBYgrYX3LDU56BMY10eiiYoUyqGh5XdLy3dJud3qTQosMo4fgO1THgBa2xtxUNHgVnH8yqJl3ncNiIgPbusa4f3KVaar30Zs31nbuomLDBfbrI6k63QpTz3Kp2xE=,iv:MUt+G1/HRps6GokWAUalA5LbC9tnfN3PpzwBqZ69m30=,tag:HbvuMLTvEbEIDk8t/63O9w==,type:str]
+    lastmodified: "2023-04-03T18:30:22Z"
+    mac: ENC[AES256_GCM,data:dy18dqKru8/ytsg44j2W+dAkW1yRcAHdvQIkVlPid5Kg/yu4c4Ba47p3idEhySmN7JQaqZmVKhrsU3VyJ/vURXyaP+vlkXdIfed2dTd97I07pTpI7+NA2ekN3teDvh/hmuxnUZwNjIY3WbaR1Yyu4zMJ4qPJMKDR59BORy2iigk=,iv:K1X8yjJJI0l6VJnBBUZs8onomILB9QfNtuVk3ToONtw=,tag:ORMFr4XRojlaro2aP9apNQ==,type:str]
     pgp:
         - created_at: "2022-12-26T19:10:03Z"
           enc: |
diff --git a/hosts/public-access-proxy/default.nix b/hosts/public-access-proxy/default.nix
index 6036717d..61e18293 100644
--- a/hosts/public-access-proxy/default.nix
+++ b/hosts/public-access-proxy/default.nix
@@ -77,6 +77,7 @@
       hostNames = [
         "hydra.hq.c3d2.de"
         "hydra-ca.hq.c3d2.de"
+        "nix-cache.hq.c3d2.de"
         "nix-serve.hq.c3d2.de"
       ];
       proxyTo.host = hostRegistry.hydra.ip4;
diff --git a/modules/autoupdate.nix b/modules/autoupdate.nix
index f31a249a..d6d80a53 100644
--- a/modules/autoupdate.nix
+++ b/modules/autoupdate.nix
@@ -38,7 +38,7 @@
         if [ "$OLD" != "$NEW" ]; then
           echo "Fetching new system built by https://hydra.hq.c3d2.de/jobset/c3d2/nix-config"
           # this should fetch the new system from the binary cache
-          nix copy --from https://nix-serve.hq.c3d2.de "$NEW"
+          nix copy --from https://nix-cache.hq.c3d2.de "$NEW"
           if [ -e "$NEW/etc/systemd/system/autoupdate.timer" ]; then
             echo "Switch to the new system..."
             nix-env -p /nix/var/nix/profiles/system --set $NEW
@@ -92,7 +92,7 @@
         if [ "$OLD" != "$NEW" ]; then
           echo "Fetching new system built by https://hydra.hq.c3d2.de/jobset/c3d2/nix-config"
           # this should fetch the new system from the binary cache
-          nix copy --from https://nix-serve.hq.c3d2.de "$NEW"
+          nix copy --from https://nix-cache.hq.c3d2.de "$NEW"
           echo "Switch to the new system..."
           nix-env -p /nix/var/nix/profiles/system --set $NEW
           "$NEW/bin/switch-to-configuration" switch
diff --git a/modules/microvm-host.nix b/modules/microvm-host.nix
index 1c64ecae..a3e256c3 100644
--- a/modules/microvm-host.nix
+++ b/modules/microvm-host.nix
@@ -82,7 +82,7 @@
           cd /var/lib/microvms/$NAME
           if [ "$(cat flake)" = "git+https://gitea.c3d2.de/c3d2/nix-config?ref=flake-update" ]; then
             NEW=$(curl -sLH "Accept: application/json" https://hydra.hq.c3d2.de/job/c3d2/nix-config/$NAME/latest | ${pkgs.jq}/bin/jq -er .buildoutputs.out.path)
-            nix copy --from https://nix-serve.hq.c3d2.de $NEW
+            nix copy --from https://nix-cache.hq.c3d2.de $NEW
 
             if [ -e booted ]; then
               nix store diff-closures $(readlink booted) $NEW
diff --git a/packages.nix b/packages.nix
index cdc99f60..9eccc131 100644
--- a/packages.nix
+++ b/packages.nix
@@ -141,7 +141,7 @@ lib.attrsets.mapAttrs
           ssh ${target} -- bash -e <<EOF
           [[ \$(cat /etc/hostname) == ${name} ]]
           echo Copying data from Hydra to ${name}
-          nix copy --from https://nix-serve.hq.c3d2.de \
+          nix copy --from https://nix-cache.hq.c3d2.de \
             $TOPLEVEL
           echo Activation on ${name}: "$@"
           nix-env -p /nix/var/nix/profiles/system --set $TOPLEVEL