[NixOS] Set up cache server

2023-08-22 17:11:37 -06:00 · 2023-08-22 17:11:37 -06:00 · 83658a0721
commit 83658a0721
parent 0fd0490714
8 changed files with 32 additions and 2 deletions
--- a/nixos/cache-server.nix
+++ b/nixos/cache-server.nix
@ -0,0 +1,20 @@
+{ config, makeEnable, ... }:
+makeEnable config "modules.cache-server" false {
+  age.secrets."cache-priv-key.pem".file = ./secrets/cache-priv-key.pem.age;
+
+  services.nix-serve = {
+    enable = true;
+    secretKeyFile = config.age.secrets."cache-priv-key.pem".path;
+    port = 5050;
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    virtualHosts = {
+      "0.0.0.0" = {
+        locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
+      };
+    };
+  };
+}
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@ -4,6 +4,7 @@
    ./android.nix
    ./base.nix
    ./cache.nix
+    ./cache-server.nix
    ./code.nix
    ./desktop.nix
    ./environment.nix
--- a/nixos/keys.nix
+++ b/nixos/keys.nix
@ -1,4 +1,9 @@
 rec {
+  hostKeys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3UqIYs/NY0okKuiIO+dU2OM7A8vv3b6//GedagvLoX ryzen-shine.local"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINFbM1sL/vlDhrqPV1OMIGi4dKG0tMKhWSXx95ccbfyM biskcomp.local"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIoHW29TmS5FgK12N+bCXhGWASDdmzqSEA0QxbyGaJ+j nixquick.local"
+  ];
  kanivanKeys = [
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUSkj7587e+MAUNyU/KRpw9Vk++53Wv5nB+0V1QgiTO3rMQe6HJt0Tm2wi/o/T8GNjueT2D69YgkqOIF1FQwsj2EFLObcMzeBgs5gTSglqggA2I91BIc1vvgjCDpogOMAzAQGlTxRnqrEXhqG0jJtw8KIzLr9WrvWLdTT4rHtWS8RoOBgkQ8oxbggZ4vtbMBIwoIAYGRr70KBRNCsLTPLa8yEf+DDQxq1entzxSjHXHgyeBSVVpPCrBVmhjandk+lIFInjvAiAE1ZkJHSRccL73ORmgb1crwH7xlD9NwBPmypowMi8UIRMKfL2lNehT0AQIlEAikUBLMDzPIPhnwLZ imalison@ivanm-dfinity-razer.local"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHEsLV27EteTsuVl1gLAZRCklpMFBMhakKbQ2+MkN5rm JuiceSSH"
@ -20,5 +25,6 @@ rec {
  alexKeys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2SQkJenAX67Ze99SKOVpKDD1XvAZnxQ8RLP0dL/Ej2 alexm@MALISONSERVER"
  ];
-  allKeys = kanivanKeys ++ deanKeys ++ alexKeys;
+  agenixKeys = hostKeys ++ kanivanKeys;
+  allKeys = kanivanKeys ++ deanKeys ++ alexKeys ++ hostKeys;
 }
--- a/nixos/machines/ryzen-shine.nix
+++ b/nixos/machines/ryzen-shine.nix
@ -8,6 +8,7 @@
  features.full.enable = true;
  # Needed for now because monitors have different refresh rates
  modules.xmonad.picom.vSync.enable = false;
+  modules.cache-server.enable = true;

  boot.loader.systemd-boot.configurationLimit = 5;

--- a/nixos/secrets/cache-priv-key.pem.age
+++ b/nixos/secrets/cache-priv-key.pem.age
--- a/nixos/secrets/cache-pub-key.pem
+++ b/nixos/secrets/cache-pub-key.pem
@ -0,0 +1 @@
+1896Folsom.duckdns.org:U2FTjvP95qwAJo0oGpvmUChJCgi5zQoG1YisoI08Qoo=
--- a/nixos/secrets/gpg-keys.age
+++ b/nixos/secrets/gpg-keys.age
--- a/nixos/secrets/secrets.nix
+++ b/nixos/secrets/secrets.nix
@ -1,5 +1,6 @@
 let keys = (import ../keys.nix);
 in
 {
-  "gpg-keys.age".publicKeys = keys.kanivanKeys;
+  "gpg-keys.age".publicKeys = keys.agenixKeys;
+  "cache-priv-key.pem.age".publicKeys = keys.agenixKeys;
 }
				`@ -0,0 +1 @@`
				`1896Folsom.duckdns.org:U2FTjvP95qwAJo0oGpvmUChJCgi5zQoG1YisoI08Qoo=`