uninsane: enable nix-cache
note that the other machines can't easily use it unitl i upgrade to nixos-22.05
This commit is contained in:
parent
e9b5ef29c3
commit
6318e66314
15
helpers/universal/nix-cache.nix
Normal file
15
helpers/universal/nix-cache.nix
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
{ ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
# use our own binary cache
|
||||||
|
nix.settings = {
|
||||||
|
substituters = [
|
||||||
|
"https://nixcache.uninsane.org"
|
||||||
|
"https://nix-community.cachix.org"
|
||||||
|
"https://cache.nixos.org/"
|
||||||
|
];
|
||||||
|
trusted-public-keys = [
|
||||||
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
|
@ -14,6 +14,7 @@
|
||||||
./services/jellyfin.nix
|
./services/jellyfin.nix
|
||||||
./services/matrix.nix
|
./services/matrix.nix
|
||||||
./services/nginx.nix
|
./services/nginx.nix
|
||||||
|
./services/nix-serve.nix
|
||||||
./services/pleroma.nix
|
./services/pleroma.nix
|
||||||
./services/postfix.nix
|
./services/postfix.nix
|
||||||
./services/postgres.nix
|
./services/postgres.nix
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# docs: https://nixos.wiki/wiki/Nginx
|
# docs: https://nixos.wiki/wiki/Nginx
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
services.nginx.enable = true;
|
services.nginx.enable = true;
|
||||||
|
@ -220,6 +220,17 @@
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
};
|
};
|
||||||
|
services.nginx.virtualHosts."nixcache.uninsane.org" = {
|
||||||
|
addSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
# serverAliases = [ "nixcache" ];
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
proxy_pass http://localhost:${toString config.services.nix-serve.port};
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
security.acme.acceptTerms = true;
|
security.acme.acceptTerms = true;
|
||||||
security.acme.email = "acme@uninsane.org";
|
security.acme.email = "acme@uninsane.org";
|
||||||
|
|
12
machines/uninsane/services/nix-serve.nix
Normal file
12
machines/uninsane/services/nix-serve.nix
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
# docs: https://nixos.wiki/wiki/Binary_Cache
|
||||||
|
# to copy something to this machine's nix cache, do:
|
||||||
|
# nix copy --to ssh://nixcache.uninsane.org PACKAGE
|
||||||
|
{ secrets, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.nix-serve = {
|
||||||
|
enable = true;
|
||||||
|
secretKeyFile = builtins.toFile "nix-serve-priv-key.pem" secrets.nix-serve.cache-priv-key;
|
||||||
|
# "/var/cache-priv-key.pem";
|
||||||
|
};
|
||||||
|
}
|
|
@ -29,4 +29,7 @@
|
||||||
# use nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "my passwd" to generate the password
|
# use nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "my passwd" to generate the password
|
||||||
dovecot.hashedPasswd.colin = "<REPLACEME>";
|
dovecot.hashedPasswd.colin = "<REPLACEME>";
|
||||||
dovecot.hashedPasswd.matrix-synapse = "<REPLACEME>";
|
dovecot.hashedPasswd.matrix-synapse = "<REPLACEME>";
|
||||||
|
|
||||||
|
# generate with nix-store --generate-binary-cache-key nixcache.uninsane.org cache-priv-key.pem cache-pub-key.pem
|
||||||
|
nix-serve.cache-priv-key = "<REPLACEME>";
|
||||||
} // import ./local.nix
|
} // import ./local.nix
|
||||||
|
|
Loading…
Reference in New Issue
Block a user