phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 05:36:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add NixOS binary cache

Browse source
This commit is contained in:
Paul-Henri Froidmont 2022-09-15 03:40:09 +02:00
parent 8017763bfb
commit 308f0da79f
Signed by: phfroidmont
GPG key ID: BE948AFD7E7873BE
4 changed files with 47 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
dns.tf
View file

@ -56,6 +56,14 @@ resource "hetznerdns_record" "storage1_a" {
ttl = 600 ttl = 600
} }
resource "hetznerdns_record" "cache_a" {
zone_id = data.hetznerdns_zone.banditlair_zone.id
name = "cache"
value = local.storage1_ip
type = "A"
ttl = 600
}
resource "hetznerdns_record" "jellyfin_a" { resource "hetznerdns_record" "jellyfin_a" {
zone_id = data.hetznerdns_zone.banditlair_zone.id zone_id = data.hetznerdns_zone.banditlair_zone.id
name = "jellyfin" name = "jellyfin"

34
modules/binary-cache.nix Normal file
View file

@ -0,0 +1,34 @@
{ config, ... }:
{
sops.secrets = {
nixCacheKey = {
owner = config.services.borgbackup.jobs.data.user;
key = "nix/cache_secret_key";
};
};
services.nix-serve = {
enable = true;
port = 1500;
secretKeyFile = config.sops.secrets.nixCacheKey.path;
};
services.nginx = {
virtualHosts = {
"cache.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."/".extraConfig = ''
proxy_pass http://localhost:${toString config.services.nix-serve.port};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
};
};
}

1
profiles/storage.nix
View file

@ -14,6 +14,7 @@
../modules/custom-monit.nix ../modules/custom-monit.nix
../modules/jitsi.nix ../modules/jitsi.nix
../modules/gitlab-runner.nix ../modules/gitlab-runner.nix
../modules/binary-cache.nix
]; ];
sops.secrets = { sops.secrets = {

6
secrets.enc.yml
View file

@ -1,3 +1,5 @@
nix:
cache_secret_key: ENC[AES256_GCM,data:Q2mRU+EuTyqjYNvbuyGLqoDSqa/7EPlzNuCJU7QUBRSozf1D4dDzAPNU47xZ2rKcjz6Eg4OhAZLlGeFw9le8SzHOSJ65UYHoMMc6Rpvv/fPhgg2s2UMArrqyO3ultj1pVe3eIIRzBQcdoFqVDg==,iv:jhMTWEO6ahcZl+Dq6mA+mWIie8T0Dq1ZYe/HHYAD5ss=,tag:2GRmd2z96+TGI7MdvOBEdA==,type:str]
gitlab: gitlab:
runner_registration_config: ENC[AES256_GCM,data:BxkP4+moNV4eip9g2MoOFzZgWvYHELQ3qOJxMAGV9Ffdy5Fhl7mFNE85yv2I09hg2hwd68V3ThwiZ7eBoOi87bDRN82PeIyDqPtjbNA1ZcLJqE8=,iv:I/1wzcVSiz90cgRqMhGfN1wdB0EVQYVPyFn3RvSbTaw=,tag:8hMKQfmtPZf3nbs4LjnH3w==,type:str] runner_registration_config: ENC[AES256_GCM,data:BxkP4+moNV4eip9g2MoOFzZgWvYHELQ3qOJxMAGV9Ffdy5Fhl7mFNE85yv2I09hg2hwd68V3ThwiZ7eBoOi87bDRN82PeIyDqPtjbNA1ZcLJqE8=,iv:I/1wzcVSiz90cgRqMhGfN1wdB0EVQYVPyFn3RvSbTaw=,tag:8hMKQfmtPZf3nbs4LjnH3w==,type:str]
synapse: synapse:
@ -50,8 +52,8 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2022-07-27T03:05:41Z" lastmodified: "2022-09-14T22:46:49Z"
mac: ENC[AES256_GCM,data:vImmhxK93ubN/gTPtKkWrzPp+9ipU+WtggD0zODTZgNmzrtWOtEisUTA3sjMHKtuliK26Y73BjR8l44My8UpMsKCcAQAa+IHZHNZW7/VyKM7cRU71Eav+SGWMpCUHBTLZCfBIVMC0GyNcajGJypDUTh1ETpj7TV9NKysx1ocBhM=,iv:7JoI6/q46+iI1onRNnLfxZUEDZo4rMhzhnZVn6YbU+g=,tag:NOJGXv2Sx8kvJcRPoQslnw==,type:str] mac: ENC[AES256_GCM,data:KfG7/Hp3xxa3ykVkbPGWfzufc22TxvfGykNLxN8CX1BrEjdjZhKDYkTbdrANRxuMh1KlCQ1n9zOptPYT7lylEhEAQN4MpyQ0Mz2aQjZgNqhm2qO+YFlvbNsilK1fIbE3exLELfPTCBuJHYj6zMVgOZd1kXNcbL4VRN8uzct4ZzA=,iv:FvD2nvdsLxr5Yd+TKdP/wYHfr9Av5chPYxbwbltnpNI=,tag:hOlapLfrbW+hJlAHp5jX/w==,type:str]
pgp: pgp:
- created_at: "2021-11-29T00:57:34Z" - created_at: "2021-11-29T00:57:34Z"
enc: | enc: |