diff options
| author | sinanmohd <sinan@sinanmohd.com> | 2025-02-18 09:57:52 +0530 |
|---|---|---|
| committer | sinanmohd <sinan@sinanmohd.com> | 2025-02-18 09:57:52 +0530 |
| commit | 51e3f7ed9f76e0ad6b22bf3bcc7a97815cd80003 (patch) | |
| tree | a0f090e4dba9cbac4286f7d87b71daceb1517cf7 | |
| parent | 661e146bebd7af2c255c85cb01e110cff459f5bc (diff) | |
kay/nix-cache: init
| -rw-r--r-- | os/common/modules/nix.nix | 9 | ||||
| -rw-r--r-- | os/kay/configuration.nix | 1 | ||||
| -rw-r--r-- | os/kay/modules/dns/sinanmohd.com.zone | 3 | ||||
| -rw-r--r-- | os/kay/modules/nix-cache.nix | 12 | ||||
| -rw-r--r-- | os/kay/modules/www.nix | 32 | ||||
| -rw-r--r-- | os/kay/secrets.yaml | 5 |
6 files changed, 59 insertions, 3 deletions
diff --git a/os/common/modules/nix.nix b/os/common/modules/nix.nix index e7ab62b..f850e24 100644 --- a/os/common/modules/nix.nix +++ b/os/common/modules/nix.nix @@ -3,5 +3,14 @@ auto-optimise-store = true; use-xdg-base-directories = true; experimental-features = [ "flakes" "nix-command" ]; + + substituters = [ + "https://nixbin.sinanmohd.com" + "https://nix-community.cachix.org" + ]; + trusted-public-keys = [ + "nixbin.sinanmohd.com:dXV3KDPVrm+cGJ2M1ZmTeQJqFGaEapqiVoWHgYDh03k=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; }; } diff --git a/os/kay/configuration.nix b/os/kay/configuration.nix index 368fa88..f918324 100644 --- a/os/kay/configuration.nix +++ b/os/kay/configuration.nix @@ -16,6 +16,7 @@ ./modules/home-assistant.nix ./modules/postgresql.nix ./modules/github-runner.nix + ./modules/nix-cache.nix ]; boot.consoleLogLevel = 3; diff --git a/os/kay/modules/dns/sinanmohd.com.zone b/os/kay/modules/dns/sinanmohd.com.zone index f3caf8f..31627fc 100644 --- a/os/kay/modules/dns/sinanmohd.com.zone +++ b/os/kay/modules/dns/sinanmohd.com.zone @@ -2,7 +2,7 @@ $ORIGIN sinanmohd.com. $TTL 2d @ IN SOA ns1 hostmaster ( - 2024091105 ; serial + 2025021808 ; serial 2h ; refresh 5m ; retry 1d ; expire @@ -41,6 +41,7 @@ git IN CNAME @ bin IN CNAME @ static IN CNAME @ home IN CNAME @ +nixbin IN CNAME @ lia IN A 65.0.3.127 diff --git a/os/kay/modules/nix-cache.nix b/os/kay/modules/nix-cache.nix new file mode 100644 index 0000000..9c81b56 --- /dev/null +++ b/os/kay/modules/nix-cache.nix @@ -0,0 +1,12 @@ +{ config, ... }: +let + keyname = "misc/nixbin.${config.global.userdata.domain}"; +in +{ + sops.secrets.${keyname} = { }; + + services.nix-serve = { + enable = true; + secretKeyFile = config.sops.secrets.${keyname}.path; + }; +} diff --git a/os/kay/modules/www.nix b/os/kay/modules/www.nix index e8def58..5246d65 100644 --- a/os/kay/modules/www.nix +++ b/os/kay/modules/www.nix @@ -114,6 +114,38 @@ in ] }"''; }; + + "nixbin.${domain}" = defaultOpts // { + extraConfig = "proxy_buffering off;"; + locations = { + "= /" = { + extraConfig = "add_header Content-Type text/html;"; + return = ''200 + '<!DOCTYPE html> + <html lang="en"> + <head> + <meta charset="UTF-8"> + <title>Nix Cache</title> + </head> + <body> + <center> + <h1 style="font-size: 8em"> + ❄️ Nix Cache + </h1> + <p style="font-weight: bold"> + Public Key: nixbin.sinanmohd.com:dXV3KDPVrm+cGJ2M1ZmTeQJqFGaEapqiVoWHgYDh03k= + </p> + </center> + </body> + </html>' + ''; + }; + + "/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${ + toString config.services.nix-serve.port + }"; + }; + }; }; }; } diff --git a/os/kay/secrets.yaml b/os/kay/secrets.yaml index 037f55c..98d6bb8 100644 --- a/os/kay/secrets.yaml +++ b/os/kay/secrets.yaml @@ -17,6 +17,7 @@ mail.sinanmohd.com: misc: wireguard: ENC[AES256_GCM,data:kbUtxJv3xSmikJWgtu87TSo5N8tUb2BiH3dH3oOV36waYyXI3bp2aBeAl1k=,iv:yB4UIyMDNRS+JmSnt9XuBhNRTLz+k0FqkK4ofjosRto=,tag:BDSD9SfQuQppKT4+6Cu65w==,type:str] nocodb-runner-registration-token: ENC[AES256_GCM,data:y0uIMS8Vi0nvicfKPtb1dY97Q0R6DrXNzogz5LM=,iv:OTcJO3CM2fj8xziOfrcOGrcKvQuFEhOc3fp7vYh2c/0=,tag:JjWHPwPE+IiTPVo9HJ3O5A==,type:str] + nixbin.sinanmohd.com: ENC[AES256_GCM,data:WQDzDzOozWa73Bitex6BpE7D7KdVcgIKD1Yx92RbCoNzSa8+b33YtY92Vetu7OlH1Zw4tneKBH/hAjz4ytK1SHoFfKj9wvfdzR5L+8gRKYEwxnvcHyc5gekmAaeQr2bWyUS9PBYRRWTRLiL/5A==,iv:3hlqF2CvpnXS5oDpbW9RIERbDHPLMrgQ+TJ+q9EyrZM=,tag:U4E3b2oBqjMFXEONbz8eKw==,type:str] sops: kms: [] gcp_kms: [] @@ -41,8 +42,8 @@ sops: OXgwSml4bkc1dnloNUFsRGFFcXFHc2cK26l2eiKbZUkogmAXoha6HTUs3YFKixYz bTkpKKyOAIIin3YM975wwvkCuWNG4tbnHBHQFh5JGK2OEyLDXuV7Pg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-05T04:53:03Z" - mac: ENC[AES256_GCM,data:zHi+3DU4hFJKCTXGY4TkFStXC5nDJvnxE3U4xTGqaqsL/Czk/HZ2s/Soxfj/08Bd/QEgIvYnxKnKb/ItYxTzWNZIABlA38Ob0UzWz7Ft+ea8BXOlkQo4pWkNxB4Kps93rb59KwQkSKy0m0aGnXGyNm//XtbX+EkZvACpvcW0kMA=,iv:17tFG8/WYTV5yuSTTQQYQACtT6SEA977ObPBUT4zcPE=,tag:0ju/poWwjzrppzaGiiwHZA==,type:str] + lastmodified: "2025-02-18T02:13:01Z" + mac: ENC[AES256_GCM,data:YqIMf4B3l/dXmm9d5CMID48TPlq+uUz/g5/4rIWW+TDug/V3DDLSk5YBIBr8DJNcgRKEm7yR4/1Wj2qp9obeVq/McqU7FNfUx4ciA3a/gcSplKwhas3xtkV1AGR2by5AP7CPCABGU9kTROwBRVS+4aX67D1qbGxXMoiM9d+/6yM=,iv:M7rM7Q4tyrhwgMVue1MXIQfwp2956EwoszItxdEDjpM=,tag:D4TktCjnZcAqaIqZjzrc5g==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.3 |