Add NixOS binary cache

2025-12-25 05:36:59 +01:00 · 2022-09-15 03:40:09 +02:00 · 2022-09-15 03:40:09 +02:00 · 308f0da79f
commit 308f0da79f
parent 8017763bfb
4 changed files with 47 additions and 2 deletions
--- a/dns.tf
+++ b/dns.tf
@ -56,6 +56,14 @@ resource "hetznerdns_record" "storage1_a" {
  ttl     = 600
 }

+resource "hetznerdns_record" "cache_a" {
+  zone_id = data.hetznerdns_zone.banditlair_zone.id
+  name    = "cache"
+  value   = local.storage1_ip
+  type    = "A"
+  ttl     = 600
+}
+
 resource "hetznerdns_record" "jellyfin_a" {
  zone_id = data.hetznerdns_zone.banditlair_zone.id
  name    = "jellyfin"
--- a/modules/binary-cache.nix
+++ b/modules/binary-cache.nix
@ -0,0 +1,34 @@
+{ config, ... }:
+{
+
+  sops.secrets = {
+    nixCacheKey = {
+      owner = config.services.borgbackup.jobs.data.user;
+      key = "nix/cache_secret_key";
+    };
+  };
+
+
+  services.nix-serve = {
+    enable = true;
+    port = 1500;
+    secretKeyFile = config.sops.secrets.nixCacheKey.path;
+  };
+
+  services.nginx = {
+    virtualHosts = {
+      "cache.${config.networking.domain}" = {
+
+        enableACME = true;
+        forceSSL = true;
+
+        locations."/".extraConfig = ''
+          proxy_pass http://localhost:${toString config.services.nix-serve.port};
+          proxy_set_header Host $host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        '';
+      };
+    };
+  };
+}
--- a/profiles/storage.nix
+++ b/profiles/storage.nix
@ -14,6 +14,7 @@
    ../modules/custom-monit.nix
    ../modules/jitsi.nix
    ../modules/gitlab-runner.nix
+    ../modules/binary-cache.nix
  ];

  sops.secrets = {
--- a/secrets.enc.yml
+++ b/secrets.enc.yml
@ -1,3 +1,5 @@
+nix:
+    cache_secret_key: ENC[AES256_GCM,data:Q2mRU+EuTyqjYNvbuyGLqoDSqa/7EPlzNuCJU7QUBRSozf1D4dDzAPNU47xZ2rKcjz6Eg4OhAZLlGeFw9le8SzHOSJ65UYHoMMc6Rpvv/fPhgg2s2UMArrqyO3ultj1pVe3eIIRzBQcdoFqVDg==,iv:jhMTWEO6ahcZl+Dq6mA+mWIie8T0Dq1ZYe/HHYAD5ss=,tag:2GRmd2z96+TGI7MdvOBEdA==,type:str]
 gitlab:
    runner_registration_config: ENC[AES256_GCM,data:BxkP4+moNV4eip9g2MoOFzZgWvYHELQ3qOJxMAGV9Ffdy5Fhl7mFNE85yv2I09hg2hwd68V3ThwiZ7eBoOi87bDRN82PeIyDqPtjbNA1ZcLJqE8=,iv:I/1wzcVSiz90cgRqMhGfN1wdB0EVQYVPyFn3RvSbTaw=,tag:8hMKQfmtPZf3nbs4LjnH3w==,type:str]
 synapse:
@ -50,8 +52,8 @@ sops:
    azure_kv: []
    hc_vault: []
    age: []
-    lastmodified: "2022-07-27T03:05:41Z"
-    mac: ENC[AES256_GCM,data:vImmhxK93ubN/gTPtKkWrzPp+9ipU+WtggD0zODTZgNmzrtWOtEisUTA3sjMHKtuliK26Y73BjR8l44My8UpMsKCcAQAa+IHZHNZW7/VyKM7cRU71Eav+SGWMpCUHBTLZCfBIVMC0GyNcajGJypDUTh1ETpj7TV9NKysx1ocBhM=,iv:7JoI6/q46+iI1onRNnLfxZUEDZo4rMhzhnZVn6YbU+g=,tag:NOJGXv2Sx8kvJcRPoQslnw==,type:str]
+    lastmodified: "2022-09-14T22:46:49Z"
+    mac: ENC[AES256_GCM,data:KfG7/Hp3xxa3ykVkbPGWfzufc22TxvfGykNLxN8CX1BrEjdjZhKDYkTbdrANRxuMh1KlCQ1n9zOptPYT7lylEhEAQN4MpyQ0Mz2aQjZgNqhm2qO+YFlvbNsilK1fIbE3exLELfPTCBuJHYj6zMVgOZd1kXNcbL4VRN8uzct4ZzA=,iv:FvD2nvdsLxr5Yd+TKdP/wYHfr9Av5chPYxbwbltnpNI=,tag:hOlapLfrbW+hJlAHp5jX/w==,type:str]
    pgp:
        - created_at: "2021-11-29T00:57:34Z"
          enc: |