From 96de109d62ceccdd21dc28bf9d019965360b6580 Mon Sep 17 00:00:00 2001 From: Zuckerberg Date: Sat, 29 Apr 2023 19:52:31 -0600 Subject: [PATCH] Basic binary cache --- common/binary-cache.nix | 17 +++++++++++++++++ common/default.nix | 1 + machines/storage/s0/default.nix | 8 ++++++++ machines/storage/s0/properties.nix | 1 + secrets/binary-cache-private-key.age | 10 ++++++++++ secrets/secrets.nix | 4 ++++ 6 files changed, 41 insertions(+) create mode 100644 common/binary-cache.nix create mode 100644 secrets/binary-cache-private-key.age diff --git a/common/binary-cache.nix b/common/binary-cache.nix new file mode 100644 index 0000000..9015695 --- /dev/null +++ b/common/binary-cache.nix @@ -0,0 +1,17 @@ +{ config, lib, ... }: + +{ + nix = { + settings = { + substituters = [ + "http://s0.koi-bebop.ts.net:5000" + "https://nix-community.cachix.org" + "https://cache.nixos.org/" + ]; + trusted-public-keys = [ + "s0.koi-bebop.ts.net:OjbzD86YjyJZpCp9RWaQKANaflcpKhtzBMNP8I2aPUU=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + }; + }; +} diff --git a/common/default.nix b/common/default.nix index f6ca89b..5f164b6 100644 --- a/common/default.nix +++ b/common/default.nix @@ -3,6 +3,7 @@ { imports = [ ./backups.nix + ./binary-cache.nix ./flakes.nix ./auto-update.nix ./shell.nix diff --git a/machines/storage/s0/default.nix b/machines/storage/s0/default.nix index 845ba03..3185229 100644 --- a/machines/storage/s0/default.nix +++ b/machines/storage/s0/default.nix @@ -14,6 +14,14 @@ boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; nix.gc.automatic = lib.mkForce false; # allow the nix store to serve as a build cache + # binary cache + services.nix-serve = { + enable = true; + openFirewall = true; + secretKeyFile = "/run/agenix/binary-cache-private-key"; + }; + age.secrets.binary-cache-private-key.file = ../../../secrets/binary-cache-private-key.age; + services.iperf3.enable = true; services.iperf3.openFirewall = true; diff --git a/machines/storage/s0/properties.nix b/machines/storage/s0/properties.nix index a55b7e1..f420be7 100644 --- a/machines/storage/s0/properties.nix +++ b/machines/storage/s0/properties.nix @@ -9,6 +9,7 @@ "storage" "server" "pia" + "binary-cache" ]; hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q"; diff --git a/secrets/binary-cache-private-key.age b/secrets/binary-cache-private-key.age new file mode 100644 index 0000000..d310a48 --- /dev/null +++ b/secrets/binary-cache-private-key.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 hPp1nw 4fyRGsaEo25EOj/VwPsF0tayghF0URctont4/re6OmY +rs09DCSb2bd/v45a7ABxfLo+Sz3OPLkRzfnP5Tmgi0g +-> ssh-ed25519 dMQYog seRjdySBF1GISaSUWqZNvoW4INDUCxvBKJOgvGeyX1Q +fe6JE5f9A48ujVtuc0QZ7e7pWW+Tu0yyQEyexTvQWAQ +-> Uqf![<-grease O}' _h*Y~ .@=$H,~W +jDlO5MEGPDjJ44cAWuJaTeADbG+wz5PTqq9Pw75QV3Exrsb8/PNGOrUZKuSTCCl3 +g/z3ZHelBBqHp16ZTc+LSxDYgvnEfWMPZKo4mxgu +--- GTBCzHJYUKbpcgq7+0HzBpqvo0F7TNSPjFKqdRDUYDk +ÈÚú¡T+ñ—êtµ(פÉF ÆS/R±+¢¼Š¯‘âLÃÝcÁ‰·‹1 â ÕwÝøº.iFd#TJ±clbâH€5(öï6)®y¯" Ãà¼Î¿ž±~˺7!Õñ?(Qb “]x(åÛ°Å1ÿðÃZsaôïûþåTÁ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index a0fdf7c..31c9051 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -19,6 +19,10 @@ with roles; "hashed-robots-email-pw.age".publicKeys = email-server; "robots-email-pw.age".publicKeys = gitea; + # nix binary cache + # public key: s0.koi-bebop.ts.net:OjbzD86YjyJZpCp9RWaQKANaflcpKhtzBMNP8I2aPUU= + "binary-cache-private-key.age".publicKeys = binary-cache; + # vpn "iodine.age".publicKeys = iodine; "pia-login.age".publicKeys = pia;