2022-09-14 21:30:35 +00:00
|
|
|
# docs: https://nixos.wiki/wiki/Binary_Cache
|
|
|
|
|
# to copy something to this machine's nix cache, do:
|
|
|
|
|
# nix copy --to ssh://nixcache.uninsane.org PACKAGE
|
|
|
|
|
{ config, lib, ... }:
|
|
|
|
|
|
|
|
|
|
with lib;
|
|
|
|
|
let
|
|
|
|
|
cfg = config.sane.services.nixserve;
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
options = {
|
|
|
|
|
sane.services.nixserve.enable = mkOption {
|
|
|
|
|
default = false;
|
|
|
|
|
type = types.bool;
|
|
|
|
|
};
|
2022-09-14 21:45:07 +00:00
|
|
|
sane.services.nixserve.sopsFile = mkOption {
|
|
|
|
|
type = types.path;
|
2022-11-22 03:20:50 +00:00
|
|
|
description = "path to file that contains the nix_serv_privkey secret (can be in VCS)";
|
2022-09-14 21:45:07 +00:00
|
|
|
};
|
2022-09-14 21:30:35 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
|
services.nix-serve = {
|
|
|
|
|
enable = true;
|
|
|
|
|
secretKeyFile = config.sops.secrets.nix_serve_privkey.path;
|
2022-09-15 01:19:56 +00:00
|
|
|
openFirewall = true; # not needed for servo; only desko
|
2022-09-14 21:30:35 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
sops.secrets.nix_serve_privkey = {
|
2022-09-14 21:45:07 +00:00
|
|
|
sopsFile = cfg.sopsFile;
|
2022-09-14 21:30:35 +00:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
