uninsane: enable nix-cache
note that the other machines can't easily use it unitl i upgrade to nixos-22.05
This commit is contained in:
parent
e9b5ef29c3
commit
6318e66314
15
helpers/universal/nix-cache.nix
Normal file
15
helpers/universal/nix-cache.nix
Normal file
|
@ -0,0 +1,15 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
# use our own binary cache
|
||||
nix.settings = {
|
||||
substituters = [
|
||||
"https://nixcache.uninsane.org"
|
||||
"https://nix-community.cachix.org"
|
||||
"https://cache.nixos.org/"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
];
|
||||
};
|
||||
}
|
|
@ -14,6 +14,7 @@
|
|||
./services/jellyfin.nix
|
||||
./services/matrix.nix
|
||||
./services/nginx.nix
|
||||
./services/nix-serve.nix
|
||||
./services/pleroma.nix
|
||||
./services/postfix.nix
|
||||
./services/postgres.nix
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# docs: https://nixos.wiki/wiki/Nginx
|
||||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
services.nginx.enable = true;
|
||||
|
@ -220,6 +220,17 @@
|
|||
forceSSL = true;
|
||||
enableACME = true;
|
||||
};
|
||||
services.nginx.virtualHosts."nixcache.uninsane.org" = {
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
# serverAliases = [ "nixcache" ];
|
||||
locations."/".extraConfig = ''
|
||||
proxy_pass http://localhost:${toString config.services.nix-serve.port};
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
'';
|
||||
};
|
||||
|
||||
security.acme.acceptTerms = true;
|
||||
security.acme.email = "acme@uninsane.org";
|
||||
|
|
12
machines/uninsane/services/nix-serve.nix
Normal file
12
machines/uninsane/services/nix-serve.nix
Normal file
|
@ -0,0 +1,12 @@
|
|||
# docs: https://nixos.wiki/wiki/Binary_Cache
|
||||
# to copy something to this machine's nix cache, do:
|
||||
# nix copy --to ssh://nixcache.uninsane.org PACKAGE
|
||||
{ secrets, ... }:
|
||||
|
||||
{
|
||||
services.nix-serve = {
|
||||
enable = true;
|
||||
secretKeyFile = builtins.toFile "nix-serve-priv-key.pem" secrets.nix-serve.cache-priv-key;
|
||||
# "/var/cache-priv-key.pem";
|
||||
};
|
||||
}
|
|
@ -29,4 +29,7 @@
|
|||
# use nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "my passwd" to generate the password
|
||||
dovecot.hashedPasswd.colin = "<REPLACEME>";
|
||||
dovecot.hashedPasswd.matrix-synapse = "<REPLACEME>";
|
||||
|
||||
# generate with nix-store --generate-binary-cache-key nixcache.uninsane.org cache-priv-key.pem cache-pub-key.pem
|
||||
nix-serve.cache-priv-key = "<REPLACEME>";
|
||||
} // import ./local.nix
|
||||
|
|
Loading…
Reference in New Issue
Block a user