diff options
-rw-r--r-- | lass/1systems/prism.nix | 25 | ||||
-rw-r--r-- | lass/2configs/binary-cache/client.nix | 9 | ||||
-rw-r--r-- | lass/2configs/binary-cache/server.nix | 30 | ||||
-rw-r--r-- | lass/2configs/default.nix | 7 |
4 files changed, 41 insertions, 30 deletions
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix index 34c1ef69b..8dfc11f60 100644 --- a/lass/1systems/prism.nix +++ b/lass/1systems/prism.nix @@ -20,6 +20,7 @@ in { ../2configs/radio.nix ../2configs/buildbot-standalone.nix ../2configs/repo-sync.nix + ../2configs/binary-cache/server.nix { imports = [ ../2configs/git.nix @@ -211,30 +212,6 @@ in { '') ]; } - { - services.nix-serve = { - enable = true; - secretKeyFile = config.krebs.secret.files.nix-serve-key.path; - }; - systemd.services.nix-serve = { - requires = ["secret.service"]; - after = ["secret.service"]; - }; - krebs.secret.files.nix-serve-key = { - path = "/run/secret/nix-serve.key"; - owner.name = "nix-serve"; - source-path = toString <secrets> + "/nix-serve.key"; - }; - krebs.nginx = { - enable = true; - servers.nix-serve = { - server-names = [ "cache.prism.r" ]; - locations = lib.singleton (lib.nameValuePair "/" '' - proxy_pass http://localhost:${toString config.services.nix-serve.port}; - ''); - }; - }; - } ]; krebs.build.host = config.krebs.hosts.prism; diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix new file mode 100644 index 000000000..108ff7a1e --- /dev/null +++ b/lass/2configs/binary-cache/client.nix @@ -0,0 +1,9 @@ +{ config, ... }: + +{ + nix = { + binaryCaches = ["http://cache.prism.r"]; + binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="]; + }; +} + diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix new file mode 100644 index 000000000..22ec04307 --- /dev/null +++ b/lass/2configs/binary-cache/server.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, ...}: + +{ + # generate private key with: + # nix-store --generate-binary-cache-key my-secret-key my-public-key + services.nix-serve = { + enable = true; + secretKeyFile = config.krebs.secret.files.nix-serve-key.path; + }; + + systemd.services.nix-serve = { + requires = ["secret.service"]; + after = ["secret.service"]; + }; + krebs.secret.files.nix-serve-key = { + path = "/run/secret/nix-serve.key"; + owner.name = "nix-serve"; + source-path = toString <secrets> + "/nix-serve.key"; + }; + krebs.nginx = { + enable = true; + servers.nix-serve = { + server-names = [ "cache.prism.r" ]; + locations = lib.singleton (lib.nameValuePair "/" '' + proxy_pass http://localhost:${toString config.services.nix-serve.port}; + ''); + }; + }; +} + diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index 95c6cf3e2..b6eb33546 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -8,6 +8,7 @@ with config.krebs.lib; ../2configs/mc.nix ../2configs/retiolum.nix ../2configs/nixpkgs.nix + ../2configs/binary-cache/client.nix ./backups.nix { users.extraUsers = @@ -41,12 +42,6 @@ with config.krebs.lib; }; }; } - { - nix = { - binaryCaches = ["http://cache.prism.r"]; - binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="]; - }; - } ]; networking.hostName = config.krebs.build.host.name; |