From 51e3f7ed9f76e0ad6b22bf3bcc7a97815cd80003 Mon Sep 17 00:00:00 2001
From: sinanmohd <sinan@sinanmohd.com>
Date: Tue, 18 Feb 2025 09:57:52 +0530
Subject: kay/nix-cache: init

---
 os/common/modules/nix.nix             |  9 +++++++++
 os/kay/configuration.nix              |  1 +
 os/kay/modules/dns/sinanmohd.com.zone |  3 ++-
 os/kay/modules/nix-cache.nix          | 12 ++++++++++++
 os/kay/modules/www.nix                | 32 ++++++++++++++++++++++++++++++++
 os/kay/secrets.yaml                   |  5 +++--
 6 files changed, 59 insertions(+), 3 deletions(-)
 create mode 100644 os/kay/modules/nix-cache.nix

(limited to 'os')

diff --git a/os/common/modules/nix.nix b/os/common/modules/nix.nix
index e7ab62b..f850e24 100644
--- a/os/common/modules/nix.nix
+++ b/os/common/modules/nix.nix
@@ -3,5 +3,14 @@
     auto-optimise-store = true;
     use-xdg-base-directories = true;
     experimental-features = [ "flakes" "nix-command" ];
+
+    substituters = [
+      "https://nixbin.sinanmohd.com"
+      "https://nix-community.cachix.org"
+    ];
+    trusted-public-keys = [
+      "nixbin.sinanmohd.com:dXV3KDPVrm+cGJ2M1ZmTeQJqFGaEapqiVoWHgYDh03k="
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+    ];
   };
 }
diff --git a/os/kay/configuration.nix b/os/kay/configuration.nix
index 368fa88..f918324 100644
--- a/os/kay/configuration.nix
+++ b/os/kay/configuration.nix
@@ -16,6 +16,7 @@
     ./modules/home-assistant.nix
     ./modules/postgresql.nix
     ./modules/github-runner.nix
+    ./modules/nix-cache.nix
   ];
 
   boot.consoleLogLevel = 3;
diff --git a/os/kay/modules/dns/sinanmohd.com.zone b/os/kay/modules/dns/sinanmohd.com.zone
index f3caf8f..31627fc 100644
--- a/os/kay/modules/dns/sinanmohd.com.zone
+++ b/os/kay/modules/dns/sinanmohd.com.zone
@@ -2,7 +2,7 @@ $ORIGIN sinanmohd.com.
 $TTL 2d
 
 @	IN	SOA	ns1	hostmaster (
-			2024091105 ; serial
+			2025021808 ; serial
 			2h         ; refresh
 			5m         ; retry
 			1d         ; expire
@@ -41,6 +41,7 @@ git	IN	CNAME	@
 bin	IN	CNAME	@
 static	IN	CNAME	@
 home	IN	CNAME	@
+nixbin	IN	CNAME	@
 
 lia	IN	A	65.0.3.127
 
diff --git a/os/kay/modules/nix-cache.nix b/os/kay/modules/nix-cache.nix
new file mode 100644
index 0000000..9c81b56
--- /dev/null
+++ b/os/kay/modules/nix-cache.nix
@@ -0,0 +1,12 @@
+{ config, ... }:
+let
+  keyname = "misc/nixbin.${config.global.userdata.domain}";
+in
+{
+  sops.secrets.${keyname} = { };
+
+  services.nix-serve = {
+    enable = true;
+    secretKeyFile = config.sops.secrets.${keyname}.path;
+  };
+}
diff --git a/os/kay/modules/www.nix b/os/kay/modules/www.nix
index e8def58..5246d65 100644
--- a/os/kay/modules/www.nix
+++ b/os/kay/modules/www.nix
@@ -114,6 +114,38 @@ in
           ]
         }"'';
       };
+
+      "nixbin.${domain}" = defaultOpts // {
+        extraConfig = "proxy_buffering off;";
+        locations = {
+          "= /" = {
+            extraConfig = "add_header Content-Type text/html;";
+            return = ''200
+              '<!DOCTYPE html>
+              <html lang="en">
+                <head>
+                  <meta charset="UTF-8">
+                  <title>Nix Cache</title>
+                </head>
+                <body>
+                  <center>
+                    <h1 style="font-size: 8em">
+                      ❄️ Nix Cache
+                    </h1>
+                    <p style="font-weight: bold">
+                      Public Key: nixbin.sinanmohd.com:dXV3KDPVrm+cGJ2M1ZmTeQJqFGaEapqiVoWHgYDh03k=
+                    </p>
+                  </center>
+                </body>
+              </html>'
+            '';
+          };
+
+          "/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${
+              toString config.services.nix-serve.port
+          }";
+        };
+      };
     };
   };
 }
diff --git a/os/kay/secrets.yaml b/os/kay/secrets.yaml
index 037f55c..98d6bb8 100644
--- a/os/kay/secrets.yaml
+++ b/os/kay/secrets.yaml
@@ -17,6 +17,7 @@ mail.sinanmohd.com:
 misc:
     wireguard: ENC[AES256_GCM,data:kbUtxJv3xSmikJWgtu87TSo5N8tUb2BiH3dH3oOV36waYyXI3bp2aBeAl1k=,iv:yB4UIyMDNRS+JmSnt9XuBhNRTLz+k0FqkK4ofjosRto=,tag:BDSD9SfQuQppKT4+6Cu65w==,type:str]
     nocodb-runner-registration-token: ENC[AES256_GCM,data:y0uIMS8Vi0nvicfKPtb1dY97Q0R6DrXNzogz5LM=,iv:OTcJO3CM2fj8xziOfrcOGrcKvQuFEhOc3fp7vYh2c/0=,tag:JjWHPwPE+IiTPVo9HJ3O5A==,type:str]
+    nixbin.sinanmohd.com: ENC[AES256_GCM,data:WQDzDzOozWa73Bitex6BpE7D7KdVcgIKD1Yx92RbCoNzSa8+b33YtY92Vetu7OlH1Zw4tneKBH/hAjz4ytK1SHoFfKj9wvfdzR5L+8gRKYEwxnvcHyc5gekmAaeQr2bWyUS9PBYRRWTRLiL/5A==,iv:3hlqF2CvpnXS5oDpbW9RIERbDHPLMrgQ+TJ+q9EyrZM=,tag:U4E3b2oBqjMFXEONbz8eKw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -41,8 +42,8 @@ sops:
             OXgwSml4bkc1dnloNUFsRGFFcXFHc2cK26l2eiKbZUkogmAXoha6HTUs3YFKixYz
             bTkpKKyOAIIin3YM975wwvkCuWNG4tbnHBHQFh5JGK2OEyLDXuV7Pg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-02-05T04:53:03Z"
-    mac: ENC[AES256_GCM,data:zHi+3DU4hFJKCTXGY4TkFStXC5nDJvnxE3U4xTGqaqsL/Czk/HZ2s/Soxfj/08Bd/QEgIvYnxKnKb/ItYxTzWNZIABlA38Ob0UzWz7Ft+ea8BXOlkQo4pWkNxB4Kps93rb59KwQkSKy0m0aGnXGyNm//XtbX+EkZvACpvcW0kMA=,iv:17tFG8/WYTV5yuSTTQQYQACtT6SEA977ObPBUT4zcPE=,tag:0ju/poWwjzrppzaGiiwHZA==,type:str]
+    lastmodified: "2025-02-18T02:13:01Z"
+    mac: ENC[AES256_GCM,data:YqIMf4B3l/dXmm9d5CMID48TPlq+uUz/g5/4rIWW+TDug/V3DDLSk5YBIBr8DJNcgRKEm7yR4/1Wj2qp9obeVq/McqU7FNfUx4ciA3a/gcSplKwhas3xtkV1AGR2by5AP7CPCABGU9kTROwBRVS+4aX67D1qbGxXMoiM9d+/6yM=,iv:M7rM7Q4tyrhwgMVue1MXIQfwp2956EwoszItxdEDjpM=,tag:D4TktCjnZcAqaIqZjzrc5g==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.3
-- 
cgit v1.2.3