zuckerberg/nix-config
zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

Basic binary cache
Some checks failed
Check Flake / check-flake (push) Failing after 3h12m27s
Details

Browse Source
This commit is contained in:
Zuckerberg 2023-04-29 19:52:31 -06:00
parent 42d9b7d283
commit 5d4da7c073
6 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
common/binary-cache.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, ... }:
{
nix = {
settings = {
substituters = [
"http://s0.koi-bebop.ts.net:5000"
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
trusted-public-keys = [
"s0.koi-bebop.ts.net:OjbzD86YjyJZpCp9RWaQKANaflcpKhtzBMNP8I2aPUU="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
};
}

1
common/default.nix
View File

@ -3,6 +3,7 @@
{ {
imports = [ imports = [
./backups.nix ./backups.nix
./binary-cache.nix
./flakes.nix ./flakes.nix
./auto-update.nix ./auto-update.nix
./shell.nix ./shell.nix

11
machines/storage/s0/default.nix
View File

@ -14,6 +14,17 @@
boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
nix.gc.automatic = lib.mkForce false; # allow the nix store to serve as a build cache nix.gc.automatic = lib.mkForce false; # allow the nix store to serve as a build cache
# binary cache
services.nix-serve = {
enable = true;
openFirewall = true;
secretKeyFile = "/run/agenix/binary-cache-private-key";
};
age.secrets.binary-cache-private-key = {
file = ../../../secrets/binary-cache-private-key.age;
owner = "nix-serve";
};
services.iperf3.enable = true; services.iperf3.enable = true;
services.iperf3.openFirewall = true; services.iperf3.openFirewall = true;

1
machines/storage/s0/properties.nix
View File

@ -9,6 +9,7 @@
"storage" "storage"
"server" "server"
"pia" "pia"
"binary-cache"
]; ];
hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q"; hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q";

10
secrets/binary-cache-private-key.age Normal file
View File

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 hPp1nw 4fyRGsaEo25EOj/VwPsF0tayghF0URctont4/re6OmY
rs09DCSb2bd/v45a7ABxfLo+Sz3OPLkRzfnP5Tmgi0g
-> ssh-ed25519 dMQYog seRjdySBF1GISaSUWqZNvoW4INDUCxvBKJOgvGeyX1Q
fe6JE5f9A48ujVtuc0QZ7e7pWW+Tu0yyQEyexTvQWAQ
-> Uqf![<-grease O}' _h*Y~ .@=$H,~W
jDlO5MEGPDjJ44cAWuJaTeADbG+wz5PTqq9Pw75QV3Exrsb8/PNGOrUZKuSTCCl3
g/z3ZHelBBqHp16ZTc+LSxDYgvnEfWMPZKo4mxgu
--- GTBCzHJYUKbpcgq7+0HzBpqvo0F7TNSPjFKqdRDUYDk
ÈÚú¡T+ñ—êtµ(פÉF ÆS<C386>/R±+¢¼Š¯‘âLÃÝcÁ‰·1 â<> ÕwÝøº.iFd#TJ±clbâH€5(öï6)®y¯" Ãà¼Î¿ž<C2BF>±º7!Õñ?(Qb “]x(åÛ°Å1ÿðÃZsaôï<15>ûþå

4
secrets/secrets.nix
View File

@ -19,6 +19,10 @@ with roles;
"hashed-robots-email-pw.age".publicKeys = email-server; "hashed-robots-email-pw.age".publicKeys = email-server;
"robots-email-pw.age".publicKeys = gitea; "robots-email-pw.age".publicKeys = gitea;
# nix binary cache
# public key: s0.koi-bebop.ts.net:OjbzD86YjyJZpCp9RWaQKANaflcpKhtzBMNP8I2aPUU=
"binary-cache-private-key.age".publicKeys = binary-cache;
# vpn # vpn
"iodine.age".publicKeys = iodine; "iodine.age".publicKeys = iodine;
"pia-login.age".publicKeys = pia; "pia-login.age".publicKeys = pia;