servo: disable unused nixcache.uninsane.org
This commit is contained in:
parent
4a15339e0e
commit
9d725a0974
|
@ -28,7 +28,6 @@
|
|||
sane.services.wg-home.forwardToWan = true;
|
||||
sane.services.wg-home.routeThroughServo = false;
|
||||
sane.services.wg-home.ip = config.sane.hosts.by-name."servo".wg-home.ip;
|
||||
sane.nixcache.substituters.servo = false;
|
||||
sane.nixcache.remote-builders.desko = false;
|
||||
sane.nixcache.remote-builders.servo = false;
|
||||
# sane.services.duplicity.enable = true; # TODO: re-enable after HW upgrade
|
||||
|
|
|
@ -20,7 +20,6 @@
|
|||
./navidrome.nix
|
||||
./nginx.nix
|
||||
./nixos-prebuild.nix
|
||||
./nixserve.nix
|
||||
./ntfy
|
||||
./pict-rs.nix
|
||||
./pleroma.nix
|
||||
|
|
|
@ -1,21 +0,0 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
services.nginx.virtualHosts."nixcache.uninsane.org" = {
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
# inherit kTLS;
|
||||
# serverAliases = [ "nixcache" ];
|
||||
locations."/".extraConfig = ''
|
||||
proxy_pass http://localhost:${toString config.services.nix-serve.port};
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
'';
|
||||
};
|
||||
|
||||
sane.dns.zones."uninsane.org".inet.CNAME."nixcache" = "native";
|
||||
|
||||
sane.services.nixserve.enable = true;
|
||||
sane.services.nixserve.secretKeyFile = config.sops.secrets.nix_serve_privkey.path;
|
||||
}
|
|
@ -39,8 +39,6 @@ in
|
|||
in {
|
||||
nixos = subOpt true;
|
||||
cachix = subOpt true;
|
||||
# the interaction particularly between moby and nixcache.uninsane.org is just too finicky.
|
||||
servo = subOpt false;
|
||||
};
|
||||
sane.nixcache.remote-builders.desko = mkOption {
|
||||
default = true;
|
||||
|
@ -58,7 +56,6 @@ in
|
|||
# - `nixos-rebuild ... --option substituters https://cache.nixos.org`
|
||||
# - `nix build ... --substituters ""`
|
||||
nix.settings.substituters = mkIf cfg.enable (lib.flatten [
|
||||
(lib.optional cfg.substituters.servo "https://nixcache.uninsane.org")
|
||||
(lib.optional cfg.substituters.nixos "https://cache.nixos.org/")
|
||||
(lib.optional cfg.substituters.cachix "https://nix-community.cachix.org")
|
||||
]);
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
./dyn-dns.nix
|
||||
./eg25-manager.nix
|
||||
./kiwix-serve.nix
|
||||
./nixserve.nix
|
||||
./trust-dns
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,49 +0,0 @@
|
|||
# docs: <https://nixos.wiki/wiki/Binary_Cache>
|
||||
# to copy something to this machine's nix cache, do:
|
||||
# nix copy --to ssh://nixcache.uninsane.org PACKAGE
|
||||
#
|
||||
# docs: <https://nixos.wiki/wiki/Distributed_build>
|
||||
# to use this machine as a remote builder, just build anything with `-j0`.
|
||||
{ config, lib, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.sane.services.nixserve;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
sane.services.nixserve.enable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
};
|
||||
sane.services.nixserve.port = mkOption {
|
||||
default = 5001;
|
||||
type = types.port;
|
||||
};
|
||||
sane.services.nixserve.secretKeyFile = mkOption {
|
||||
type = types.path;
|
||||
description = "path to file that contains the nix_serve_privkey secret (should not be in the store)";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
# act as a substituter
|
||||
sane.ports.ports."${builtins.toString cfg.port}" = {
|
||||
visibleTo.lan = true; # not needed for servo; only desko
|
||||
protocol = [ "tcp" ];
|
||||
description = "colin-nix-serve-cache";
|
||||
};
|
||||
services.nix-serve = {
|
||||
enable = true;
|
||||
inherit (cfg) port secretKeyFile;
|
||||
};
|
||||
|
||||
# XXX(2024/01/19): upstream service specifies `User=nix-serve`, `Group=nix-serve` but doesn't define the users.
|
||||
# this causes a coredump loop from within a nix-serve subprocess.
|
||||
users.users.nix-serve = {
|
||||
group = "nix-serve";
|
||||
isSystemUser = true;
|
||||
};
|
||||
users.groups.nix-serve = {};
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user