From 741f4c6ec1ee26d6866637fc33c63199f9d72531 Mon Sep 17 00:00:00 2001 From: Andre Date: Sun, 1 Dec 2024 21:01:53 -0500 Subject: [PATCH] Services: initial work on hosting a Nix binary cache on Hevana --- hosts/Hevana/default.nix | 7 ++ modules/secrets/default.nix | 200 +++++++++++++++--------------- modules/services/binary-cache.nix | 51 ++++++++ modules/system/nix.nix | 12 +- modules/ui/desktops/common.nix | 2 +- modules/users/gremlin/default.nix | 2 +- 6 files changed, 171 insertions(+), 103 deletions(-) create mode 100644 modules/services/binary-cache.nix diff --git a/hosts/Hevana/default.nix b/hosts/Hevana/default.nix index f9dd80e..0e7ef1b 100644 --- a/hosts/Hevana/default.nix +++ b/hosts/Hevana/default.nix @@ -20,6 +20,7 @@ let # List of subdomains to add to the TLS certificate subdomains = with config.secrets.services; [ + binary-cache.url forgejo.url gremlin-lab.url jellyfin.url @@ -119,6 +120,12 @@ in onCalendar = "daily"; user = config.users.users.aires.name; }; + binary-cache = { + enable = true; + home = "${services-root}/nixos-binary-cache"; + secretKeyFile = "${services-root}/nixos-binary-cache/certs/cache-priv-key.pem"; + url = config.secrets.services.binary-cache.url; + }; boinc = { enable = false; home = "${services-root}/boinc"; diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix index 4d6c3b6..367fecb 100644 --- a/modules/secrets/default.nix +++ b/modules/secrets/default.nix @@ -1,98 +1,102 @@ -U2FsdGVkX18LODnfDsvFy4vrBY/7+8a5UJX2ydi5756jrV0GOHOP2oOzvept/krP -epRK6iqRN73Cbo3j10fxR4YDSP5QrVYCkZInEMfY+Js68PgrAFvCIF4lVSKMrowr -yxSo1tp/1Gm4PJXOtVVUw2gogUW46PwjkLEis6PBoKEHm/GWQ2fy8MtOKvYXjMx3 -AgPHUNCq5W6I9G8wHeYQPaRzivYkzxKPFlbKkVekkvWR1riSPVp4cRwly+/QnfW7 -dkJnu2R5EDHjvvGg7b0UsNLyE9b9Eceh2+OwTN3iQssG9uYuvbMa+vITF5o4G7I/ -k1bcbnTK+r+QdSUDBpGtenN8ehmFTvVkBekL1Dp5COVSZCP/Js8gjAg81MgpRqud -7/XouEiQGUDpCQLqwsQwU0FSwXfcw0UI19Qj9V7aXeRSUEtFtcmfKIzmsHcfPYpF -NMvgAcljGYNydSNnrO83Xp7l5I4LdOc2+wxWRCCVx/PINhAmZ/5Xh12dCKbc25Iz -fLSN1lSkKXCrpS00gZImrHZQS6LmOI0dWLWT4qLnz7UbT+gmPTh05bbpWZxueL7b -tDVOOGzBwMmKjilwtIVKrg0EWEwIO7O7DK5n8xdJ+0GwZ3wez5WPizfQ6q16qgVl -bOlM/avKoYNRI1P+UpL8Kw4Lo1t97CB4KZCAqLQBcU1uEL/ZwkovgzZuDuzAeNmH -Fa3K9mIBWV3aaBvgVwoF5gbdi3T2KORZPQPnne1+DWcMyaSr5OUl+kjt28oR4y5g -dR3dt/NPBADXiKELRdfuId9pg3idi8qol1cEHvshoTIP/2oD2Gn4Hlu68xSYKqB2 -K+ZhsB5bAeJPtP61fROkYVZXqYXjglfRmFAnsvxQoVW8uRNvQGRop4a+jL6oYO01 -szeBUqHVH4dHi7l7dcfX+hkRrqvbchFqwA6r9KAa/0g2DKF+FDYi/pRRDQIoVy/k -yse3UxgwBJWRvhYEMEpxhaSh0Q+6EmmnttAjWRGSRZmxxgpJtCbkg1mleLkH7IrV -ypBqWhl+bsgu8r3HdpcpG4ug+8ed47W8/yiFUJ0UIvlRbMvadiRevYR4JE+Humgr -d+FRH44m9elMXBxl0wiwxq0csJO7zMTIbFacIMrWUPny/V3CCngrdnxCMUBUUD1j -89fRLj5oNyJNDL7hMtxmBuQTphrEcEk37FBwPAGwp0p9H2wvp2opm6RK2z4dcE4l -8Zui1OJNOFKdokCwBv9Gn6dtU//qNHAqAp3YGgeYHbGhVp2xl4jrZjO+uPd+fJWO -pqxCvULY+qu7ZzJNprAcOGijoTJ6L1DrvMyxdoTgbs1967RGFyrNEOw+5tanpxX8 -ZrQqAR0VC22aUd+fRdp7w2rYEl/aZisK2zwzi1XO88mL2qThui7LPDu8xQc6b620 -omDx/fQO9/DD8HFatxly02CMXgFMNoyPClaOocYLgz7UePmEI58hJQVX3dvhL+OE -dIRSxYUe1k75ze8Q5P63Qi3UwkeX3f0lEp3olKIOcwnvi2MVAzw+8g2LQ+O+g8RZ -1yq32llz9WHfPvHNM+wG/w1bW11ImPuw+dVd907gPq+6E+aSFqxMu6u7bj9ZlAPZ -xdMIDDCLs9mQoRctnrfhbunyH8JQVX/DEpsJi9IiBPmcV92k+/QnRCns7LKMkbcO -vkqS2K39rP8rL4pZs7vAAuBZvHd8EWpoHZnHrC9btGbRBvhcUTKLD+7hXxAs9Aa9 -rS95EscstSLKR8y2PAc9q83OBVP5A+UOsTcoqJ7tHYIHUzQt0L+aeWsbTAUs8CkQ -U7yUsFsHLDqNSkfsuflzSscOH1n4x/sd9aVZL6jvBD20h1vZ8Khbief24G67mObs -u0bmfrdsNc/mA2beARGGy3B3Ybghi75GaxCaQTTyLiUPVRqxizbM7bkcZwGAdI6Z -qhz/+4UTIym7H2Onhz3glG1IJ4bwydsV1ZcoEDn7vo/nrOoopghvak876jE7KbnW -ba2KpDoWQHAAOp2rahzCI5bXYupcQaOOUe4T7cuisQpXRqQBkt8qa/Ztd44G0d7s -TSkepDxpBB6pQneb+tm8PacPBJA8G4XDhkzJa8yYxHFyw9eP1/i+v2xnNzJLgSqW -8HaG3OTJR43BNPpPaS93TAhbRnToLEqo8DS28CHEP4DkOalpWW0T7ZzuZNKiakiu -vE001ScL2EcsnZEvu4NaZr0UaVKPvzu930OMbiuZtGKuOmcx0EK9qVDhneG7ru2S -woGvu2x5sda0WNVz6Ftfh6gRT2Gao7zDgQIwmaZxgQZGfN14fzPPgYra4GlBkZOg -gluuLqqpjYNeXSdl3dSz20OGBgon0QdS5Jij194lsNeoeFnMStNlZFOljbgnPQye -4BxVI2R6GDvxB/IL3CoohvtaISbQtSRDKYvuVoOSDw+fRB2YZVQ7PbkHGKWkI2LG -MKxuepZSdYhO/woXiTPH+m4xGuj0YsJoqocbHQEv2oHwuZfEZWunvyutvWbDP4OR -JTnHfSblhEhN4AEgkw9QvsMWeIznTwG5RvvN7Ri8Di6OyvzSB2AzvfdZJcgGptcy -r0y3dQJoSPgyl558tlHt6qwf9vKA1mZlSj6/aTVf0Xr+9Y7rcYMvyD0nDeU/wb5S -5HnZyt3UoN7yGGueO2l78aNufms2s3vawY40nilpusigPk1/W08Ox5l1ETKwcnm1 -Se9gmGeCbLWz8na9NhdfboYZ+uBu28DZqieQIfT3M5RZJ//fvSEcOBviHItH3vY/ -NkbCzG+FpnjVYszOillc7m5dDBy80neSgh5oJy5XEomF61UA7DoTP1wcoXi2C111 -6fh1IH4WoD/cMew5n5zosS3UCQ9Hl8akQbP1LfcF7pBeapyrng1BioVjIlafslH0 -JMS7KQqOgih3GfWnpoLyfvYvXvrqffggpJi+WAdCKK7IKGqd4GitLj6i4juGi4BA -eZdJbR9FWQfUZrMFgIgECS8o0cGsA+EaToZELRKmQWECnImDsIK2nL2SurDydbjf -XV2tSAU9SIku2iKN7/s8ehg3m1rcQdzD+pTTYUUBG/c19mZo+AzVmGkaw43/qfYS -ID7bh125c1O/Uc3FJa+cCfYlYTt44jNkGpPxNzkiT6pKy2AjbYkI+0hs+jhSGWi+ -7vGOtbnMUcqDgFrgHG62AMpRERKU5EXkz23L2wyAWbb6TG38ZX1h2TgB1gXBIRoq -evtHyLj8mki2npDFlBVZdK/NWZZhyVJdSHQ08cys10ykUNWHmlFFIl3JUtWPhAGO -JNyp3O3hXMujdY5JSiqE1Cjiv8g974OHI3Z0Z77wwVq5q3+pvB72crzwTkd9oM86 -oTJHoN/PCuD2ec8jPoKEcK/1T4eMkYcuziWdPgfmsYrsns7BDrUmrczMHWLBqWyz -ZL1jQ4UEZOpIPcQQd4Ma063eNbhi1HjLEXGj54wUew/BVg2VvT2FpG2b0yrdWc68 -8QonEhkrjntAuDZXj+YoXc+iFg9T0sjvuRgWYeH6rVjicTtm6x1ywUle6tUgmYIJ -0Q5rzS0y8j6lZBXrQ3vch30rJEidCk0DNbyaRmwRnF6KFT5n9jFVMwSGb1Qxg7L+ -S7ruZvjIMdsfPAnawrHKS+3F1PvLbnbPnxFBColhk7KXAFWQneVai5w9kVkkDfVi -g7Qj0dHJ6uc7JFAOOHFVpVoNMZNhgQfM1Xo6mGCTLH5rdy1uINmzH3LOYlMDUPcP -02SNHx+1sZJ+TDJxM3Bh26lbaYGRatiCPSH1U208DzdRwJ1MwqsmIY01yTCvJwSc -qe4xGp/IJ3NpGmkGdbQSJ/eIw5iVfSfBpFFcDnwIdXIGt7q0ZwubNSHwJX3pe5NV -3CWrwmy6jzJIJzx4ewm7zS0/D1K5svTcGy00cEiSrBrxVLxbJgiwmDV9Y4ILeHJ9 -tbuRRhBJIPoa9s9GSpThBSzlX/ro5kDSexdPFJJrDG0khtmCf+mKWD+7KxMi/qJR -RZg4S7fbyKJsK05v0pdCNBm8slxMl88S8XA5mOFE7ogK6y/ItvSucWwnNVcehFc4 -cLU+NoNVauD8bNVgRRM79UHexoUqtyxfL1IEs3WkI5IxSbfbxq1GoLqDlCBJblo0 -kmz9RXGHOAyrv7yprsYqrj5RlGORptsM28KYXrHTn/a2N6U0v8ScE+FDBh5+iji7 -d50EbSNB+GIA9Fd4VDLghXRlWQ8SRiyfsRPmJ1A0+JM3y+NV4lgvQyq6zha/xhqo -F4kYdCZI+SvsyjHh8oBHusqAXaEiLBWlJ4jpYwZdccYRWMhxWB7EDBQnfARieRKG -SUuYBa+ogy+qfXua2q2GUH8KosSsMKFALHUdjrk5D6f4/nQs5t2wflqlhSPJDwl8 -lY5nlUUSEZhZMJSJeGRPukHrmch1GPciR9JrgSQPoAhvQ56IoE1gu8DYKTzYtDya -Oo44L4j5AKLUTIVMGDnpvgRPR5MvbFY2+sH76QQ/ajFFlKVbzMCGuf5KlYLqq5kK -XvPr2A/Iu+lL0XoMrccFIHmiWmMgHWzpJUV2kbPIUScjpWrBs20fsniUEvPIcnoe -r//i7WGnAuwpmyk9YDjT25qD2cpcjlnenYHd0t0VFqnwfDtAN4rrpCf3yKQVpIDD -qQPa0b8A0iaLeCc+FzF8RoNG/zGDMkLe1JRHWooq8NtwDC9WJipYppb4RaZKZBIr -YBWFuazhAYpKHltBTzQAcgG94nf0X/tYc+70nnEBT7wRbrjyLs4O5iFzbBmkBD6E -Y/KRHFdI650OC0hRpoT9Ff1+FZKAtfANEt6dfMiISB39cqWlnAQB3Ijq5tPAu9FZ -fPt8434HvbpdK+8sKujn9Q9BdWC3Ja3c8NWvlaHvO1fn/UOAHhBBn5pxNfKH8QCa -soj8y8Ccv2e7EQ/xu27Ljj5WpBpIZ19w+1e0PF1nicqGY0v3mHTHI5zFVtBNAZhn -w4sSmZ0ssPUe9JRkj79rHtNsJKwb76q6BCljiGYpbzGfMbipuuxc5YaY3HAaUMea -gFY+ZR94Pgp2aj+OjfgOGTX50fn6RhoU1qTocmlGdJ1lChI3ACI1P2FBJr5fm2wi -BkVzuhb/J8ehumauHD1C5aTe3EhJFT8sCJNkO59bNKycHwzWf1hlvFiZf/qm1Gwn -uUqfY3d8D0Yg2Gx1OIlEbuAhqmCq3mk2JwSBlUhJkDUYRKif/oWg+jsuqnkp2lci -u3fzlL6VwxGvjmnZc9y7rc+lYTGzV4JM2s6qQ0CaCBFvQ6pwaTBfXF6xATlJHcPw -E65KeEWxFWmU1cnDDS1VMEv4Pt+VEygxJf4eRPi5gdiL+Vp1OnJMpOl/LFhCIoPv -xHu5h1XlQ3Izoy8xlzKnud30EvXALWeMCJyM51o49V72kaIWcgmLzLL5KyKayTM/ -VG3AfnXZGMJoCDnnLA6hV/dUfoV3C19uWtle2AiU75JqW3SAY/FKqLJ0kqPpgSlT -jrnVwR4JqObqRJXA3cg6Epre3AGLxiSWLWSrxmwcV7Cq0hSKm0EdLveTVUXE3VLu -Kg1AIMpSDQ7FiIUuFYIcmfxTMs+ue8FrIj/XadpRYJHtTW8FjvTzxNJBkN2qjtmA -3BrE3INHkZNbDNHuszwDQhWnT+CN1HGx3UJdqqwXnJRzuiyXqw9lclCcuizLuGiu -2QlBAfysqmJ08L6A7TwRrFRVBmAQeq08EArnfrCYpb8w/GnoSg2epMVnHpB6eCJD -jewUIDr0ZUDr7RjIUKbObASGyU+7pxeNrmZR3j7FMwHcWQFVe8x5PEslGi6sErjp -Bl/zidALkEGzEQdySfJP88xHJXxrp+1hTZP4YhI4qBIc38A6kSjTTtbzo7QTxdCK -CsDTtIBYI6KTh2AXS/eGwXzhEtb0pTzoakOZi9YoQ698BLrnjXAx8EDlDkDdAe8I -zZGJb2UMp3WN9NANa8A/FEDIYGOKryrK0xSBuUC3ghb+DPgGFbsGt5/2nmh6cqV1 -5y5jRGUvV5IiRrEzX69kMux/luCFWEq29B4wi5ifMMMl//+QPMZfqU2H2WavJwHy -5GOOrcF0x1yHV5lgLAv16R3okctoZ2eY7IPDWrpeg4+gwAcYBmfudGlG+Npn6Cxj -5FX8+CIj4bYhep5hoL3Z3X9j3g9w+MCunbPWLGw1FBExScVvNwcfU4kXFxAhjtjo -EPllkzriUjLq8Hon0qNGhokUpMUhPVaB/zcxjgQzS+yIIfAmkQawJCmxS0hrOykC -s8rvHKmiNEIjIJ71SLz4f+Wq7VdLD/cjZf8f+YK4kVI= +U2FsdGVkX18J+WAjHyMUnbIvBgCbeLWvJ5ac8UsUdqI5ay5XobXxYy2JAEtHcHs/ +1fw/Be7hXUCIZJF5abJHFw3A50KWdQasWL2Gy7jswp2mkHSSOZLNzn+XzPXRGcrW +kDuZPjKGtNliBFlxkM2VhIF690UELF5uTVNaNHOBy3L8YdqRajwkX38AkizUixeW +WsdAy7iTLAVCwUzC54/aaZ3oZQWXUp1HLf96HzPfQlvPRwmp1qJbHeVfDcLEVVvE +8MBPeIlP21RlNu4/KpECAREiZgCSiTIWIFLt2N0+ZCakcuQVo7Ar6yF1QaCdvfRD +T0eGcMpzSHwR6kEJByqUaDdBuw3qewyen5vGM12uk2wqDikPGhuJwgBGibQ+YzFg +D2s6oPBU3lTx7PpytclFrgJphSnqZmDQAjgwoZSFgIsmruU96fZvA/NfdshJKlgL +3aoalsjvmaIAqi1SEjmAi7nkimXQmW0rzFl8fPlD00Bk/M+Vl/NtdKsvPJ1kTbRA +Vk2RW6HcTRynj8gEiJ04f/DJgJDF20Cse99uZh0P/fEmKecF0pDrM1pqWskx1rb7 +nu3LXftplJceXZfsI56Jf61okbafhL4PHezerjh87JhcnhbjHI44lGJh7QYlwOmT +Gr1gJOn8kusg8P6UciOEA3lxjEz/3LmtXG+OOkuprtgJqSKSui3rvW+Zc1WPvLGj +SzbGEFMe3tCQR6GNGRtiDmRz8JBsb1Al8hAz+qLIe2HU+GhEvIO8pO8FFhSJzDIb +l7XrHlkkgzK9v4Srh8tDgWuc3AOqwIVccKSTOTFSl2GqdL8uyypWaXOwwo7boNJC +QTT0TZO1obCtiGY4oLZcajzJO6M+17gTkPBeFJ3guj8/+dFzbvehPy/i8hrT5FRH +koG2oKfdiOtwUgy07B8nB7cj8a97C7ijBPvCmDkcmfstT0BISU7JY0aAXsY9rrlW +mcjVCdE3+s501s0W0W/ymRYDqhEGghwrrbii2byVbdU9xPRlJunJmQL9xa1Tq2hk +FcKssrgF/oIpLeZatUqNovSSQHMts9Psx+ARoyAWb6sEfNTBS6IanFWRDfks8SYF +1Q4QlhxO0FHpO/POp1cNwdzJRm3AJWf/UVpJZX2Cc5R3EB9prubzz6KbCgxW4Bfw +eOYY2QEJRbhLxHCfPYbKpxsuQAOMBLud1xQmWrWP01sJ2D10xHi0PSay7qFmyDMD +b2uY2fFrfH3+JWuTlFDOoLk9giYK3zlBqpSW5eGfzX44mDZzRwyw/8GW//xvMBc1 +I7Gq5mNRyUYW+uj+u8W7qQwUkhAi2ktBu4fyTDUFPoAbLWZC+nuDmtL4O/o5skI6 +ENXKwnbHL42Lspeyg4CD+QaqXX+iLWYmOmwYkeZYpqjrDhUc2VpYolf75Vptr8gI +fTrtyhITlmtrWcCh4IiiucFqPwryjWLPeiYbxEntdRf/AwqnCBv0LkxeD74SXi1+ +zSmm6n4vvfKWXuwCUYLqI4U0kCtRM9KVaD5mzTWfdOsyBbm2xh08AmvECpM8ivE5 +DhD5VWVm8k/rz5uU3Jhe/vNxzvte4LkTvSwQo6oYaZkY39v9bHjfBkXwS7OELt6k +XRsx+LSICklhoM5cuRYFzDpTNgTDSJpvB3EGYLilC7mac7Wq7SBdxmR/p6bKfkYQ +F+csTHbFC/XSYtMUqiwN9tVeOsgTqAkfUFu3lL+sY/pK25HR+dHYOLRcC2HegA+2 +oOE+10ZTfC5QpQLkhjtySMW4Am3ar3fLz4QA1tEP1vo66el65bjqOjP3MVPpfKcc +u7xzYtwTPH5m7qBjP/fFXykEYIoTrc1ZkVu3Ypj9njF4bDArL5VR5xTSHWaOzOkN +MCmDC4rh1NX5ldSE2bvp0DcK6WshA8FWHrpj+gF15V0briyeaWPJ+W59PUwpYhnP +XS1MuWYhwegQW5m9WmvTAwKUExtu2UQPOvuEiECgr+Ls+ewr1mY5k2aV2rH90PtS +uJXfwuAlYQiJYUClicYlmCcHCmFdyd1aKfuptgFGeIT5oUqQttoBxWGYOKSeQinM +2Zd/KJUiOhLlOHMsv/o2x8IxWmyxKk9Ni7wP4K56dwwSw9NS7t6hyXGW0Yg51sIH +0bPh/i04RLxe9TSFwmudtd4q6f1QcZ6f73qeBiHF1vpt+sSSqM7MYhN2Dnum34yX +psjyJYdcY4rXcU/Z4K5+MQC3hl2zncb/NTLbfCTTx2tJbOUrV3ab6FLhUvUiXsu5 +8Ex50VPc2Sbrz5F/gslsGQl+iP6wR9OCXl38BBKSr452BeS7xMm2QiX+INcm41oh +A5TTlJSrU+xboi5cD8znUaY2wHRsgeLCyHdJXDbJuOVPBUVuC9G+6FW8J7zQ2A76 +DEuz/cgBhUnMIkr3T5h3ivL6F7Crsd43B+ToKu23q2MjFXS98zzUowSn9EUFfP7c +/4T/f15WNBvveCWfLGVRPQqBQiWumSHhw7YkUN1UiE2UTyLwYapnbdxSM17tnYP3 +IQHhYdxsKr+RIneNlhsb7vMiJv3o0HcDuRf8yFk52LJNdGx0ygleVpj0XwiwMe7F +uUcvHzIq1899I5nB+rTpSLzQHxM8EQEwMrcf4/rVFW/Fdky9R9AHHCRUemjZ3mdz +j0Gb0SP4GfQ2584lwoEq4+DUFqG3qZ745qSetReuzz1CN1zkR0Cjss0MatvCY8Nq +xVCEqsQJyAnetQ/QbaYryqWVZKXV9Hd7sJKUL1NTyJzDC0132gCbt5QVEdh+9q84 +fR5sMOVBYB08GvNai8wvZ+HmoktAoLp7nbJCvfUfC7ZqHtigfLfT31tp/WCAGBVJ +NA2Q5QgMO0LPTii0+5y0yHei54+2hnC9tukvGfY3XU7jXOHcvZreIcDjFdT5ydUr +ZvtATYeJTj80iStm867R91ycbUG8tjqs6Ft5WS2OzSHK+O00t5oSUVw4kosr+iTO +ixBIKH0DvFWUP04yikmN5CHxiV1x2THdv7Jc7AHhKPU5qp65b8MJgTMQK3igF3ig +b5257hewI+XDj6z/UiXQc0UAEIY5ma3Rou5zUECx4sOKXnEesHrSdF8PSvv//SuL +YQCfsDvriYaV5LrOaVHbWVTeAWrC+Fe72bThTXpdwVX4yakuUiAKACXF+wZ87Uci +ybG+0EPeKje0HatDY+JecQe1CAPuYCbSDuZ9NE0Chb6CX/pjpNvYlB1FxHFrzuYr +pSaVwlFvzvS3BYrPj4WQAHmE7Lon2Ph4afDDKCg7WAczWNPeiW6Bl5wrTHrzgd+E +41mngjYatkCdEaa6vbpvOo4gRyFiPfAoUCtQs0qTE+5DDI8ZT1DEILsCd+mK5O6g +c4u8oC1UKZkl6iNkj5O8XYDs/qmONn/MB7jn+dFC8wL9tLE7eCPNXFWO1xxjmVHG +pfX6ZsI9j9qUD/gqQRn2j94lQWQG0oM1u42kunnq1WHEKRb30rNjZFOKy87IEQ6Y +iqLetqdcIeeaISfMJw7ymoyK0pOtNjzr1qxNzZsWqVdpX4G1xX6BZHI/oVfoUfbr +1IDU9k33aB0HsiJDuN4El0b0BnwVgSM71Q6uiynQZ/x9rE8Us8bClqRUWP5Qxwk/ +8+lOdQKJ/I20RCvlDt+vmK6LGYa2FJ69TAh09TapfXaX7rOa7MVyEFOFoeYLBvki +5X22bx6H7bdKeDrH9qGmGVUU7mkboOKzWWkqq39zMfbcFns4bneF4rSmCCcwJyKW +Xjgj1F3qfUznJi3jhhy0/p5ZkWJga/WUih4a/FdA1EeuWp63B1f1IgOVhm0J2twe +FGScGeS/9pynaCAQ93OjyrqChQnad1TBJQHD4eAb0DvMVW2RTovFrXk+RtFqp2Hp +Hke5QGDvhitf5PNhDsV3fEY9btRBKCi8LI+6JvjfE2pQlmRoAolpoFbXHwwq6o0S +9MrLgUao2kRArftQvi5wVmNMiWQieedsP51y56wmYKrpmAG7mIQBxPC2auIxjbIt +iaBJb8oVVDv0OB/NTaeom+lH9Zt5vanWZRPD7i5aXBie2yfnObYwDejtN4wo+Yzm +qyQfBothGWyktsKVOZsgZA+PXr9u9Oo/MCZ2sCGqrkoO0AzMF/Po5/XWinnTom8x +BfZVEX59dhQR9rxotSnXbX3he7L0d58CzmRU6SJw1Kvo0Kp/O9dR/EBbb7XPMIyr +YtmA9tUshInZqMVpIW5L5ghhJS7kv/s9z6wmMebtkiJ1UOf5WEX8cxg3njiOqSYz +cXwAXhdXEQytQqVNoMcLS6mKL62PLYNPd0KlvbQpmbf5mQVdCC5Ma138Yrf4MwWb +vVFDw7zfy9g0bgu38DHUGM0qz5HOJ+y5KJgwAODsvj0TVYntavxOCcqxrUn5AQY+ +LmKddQbB6MZhzUtU8/JeDsxGpVT1pvJgiQ9fpsMvC/H9e2wVu87btSWrWYmY3f7a +Q4ufmGlXTLCfd47Hzm/h6jT3QFCEzj1vcEvXojBMeaDbWmb7PmTG7eeCYj71lNpM +7aw9sVmsN1pwfqpz2qZO8Q+dkL3hsY2uueyuHqDIqlzf4aeQKcfgRo0PbnXd3U12 +mpKMXXqTPIITy8MDF1KKM9U2KfdPGVC0VggkxFbuDdqc2Hbmi7/+NMwaNQVt4B6J +Umibxo5fsB8CAHXJJskXWlj1D0j11PvDsN2yjRhxhv97RP2Qywi+RUO4bRJR62ay +92MJZN2FD9X5vJdOCIWt9UVLzMIXTFFh8yz4DfclD85EONOi02anjjZ3tcvjNhyu +IYL/pC5Ki31DpwI61twp1GbVxR5mtGqhU8Pz3SsYNfnIS1E5PhnJlwnCAKHBKhZk +JNlv9ytgmjX1KWVhHrnQH412kyT+FoEXykujm3OWLbxBhi0efGsXhHU0mdq9yeVq +jZv7ERT8tJzW+whFL9NT2tOgl946Kq0WhoHgVnUAT4LOXXRIM7SE9I658cGgHglt +Q6PcYBAoEJHMtTM/JPVboftObPN+STSEmrsPyRhPY8T6Tx8xa1I6kFUhCTnBbM9n +EHVGPARgTz+4AN4esSFcwTkOKVV9qfeVXBrWY8gnYJp0LrP2hMgFhm/R5WyPA4jC +sEZmbbaRA80MGUmQP+1A8kgl4yzGV9p05+8jyfei9nGUUjx/ILCfHYvvqcNpG7/u +JdGjMvZAqwB+CVH0TK7EnyEcTqsfNens0sn9rbsVaPScAY5C9kVM8mviV0OzmzOy +39Na+TI+alZeEfxCyVh2nvQltJNlBuhyI2E3EHpuKxFOp0ysQ/m3gyKxALXJn/3R +esiwBWKXhkRRQNsIsq6UK1y4k2sURb0a3k+ifO3bua3sJGRb2q0ddXb/OFkkSjBP +Q2n/OCJn40CqVkvGwVX/v6MwiYZF54MDZeXp+N+mNnzK44CfKL02qWS/w0ln3xV1 +DKAWbCHDOnlIiui/Wj0ykiAzbZvH83hRjE6LGBXJFQ8E6PLeJsaGJ4c25oTsEkuK +DgzqMfAVBcl73ct4oh13l2s1qsTB10ZP2u3RYRbomkC0LNp0aGU98hD/X2eHESJ2 +5OZfDuGOJ6ETSM+GQsVrSkk9AKprcX0bKh4vJvzfYA+5QG7d2q1Lot5miNnrTsYh +RGXZtklz/y3MAR+iYc2NyS1kSKL3lKo7SzYgYs1oqeExQRLHa0kwFmdR6J7w38w6 +t/si3itL4Um2JbAJaP6IRwocwSAr3UiIHXd36HoF+w0cYdgkVR4xT7YGfyLpVGSh +hHQ6Of5OfHmphcUKeOJbOyHWUz2hcxF+mngQ/impR6eNRG7gQtXqQiuubyxeka/y +WA43PQXSCcU617jxKGoYFNl+2cd2TubFIaizc8gQls9K3HBY7aT8khN/tJwBzBJl +lpr+M0D77UNou+6yaGQ8wYW4UkA7jbfI+N4FozqO5l+iMrCGfMD1Um11+gxx10IR +PPJldD62tXA5G3OpT0jM0ITZgUOu44ABG19KyZSt5wsyibk+KpqcR9r0VTJC3Lgy +m/YnWJsLqPkF0GxHnbumYNWWwkH863dhT9+UZB+t6LSTtz1Nmmi2ZFMHDM0IPytx +U3j/nSyGH4EDp6Nt8n9XKF8Xr5LfWFt04IpkNcbBixKO+DUy+OBst5ovFrRVveTq +Mkp/ddXdZSXSeUP0gOCHwuMe0Oxx1NPR+/cyGAAEB7tW11W1+Fr8jXs7Fhou/LTq +VbBaLLeP1QgnBwOFXCFEyD1mLkiPcUZDwzXO6GanMaBtVLKxP1Gszj5c2zt7xPIf +1XnhfKEFbXiuJYrSjQ6n6waAeQZ08Zmjbdfa80PeQyWnbBjyjcnih21ILa1l9Rg+ +7Ij1YOHOC6Ub9VvtIaLgm36Obwq4sKaYYIkXvQD2whkuWI9bXbmY0HbfdAs4JGrM +KPEcbZGLa7I7LdjRJEnYuravbS4Vrfif/7w70MA88rIBLAwpQoX91tAEkzZ4rfIv +gclk+vQO0v/+2eqJxeAM/c5InAmLdBWzT3KNJz3Sweq5xJEFnjSkUkQYGpH0O8T5 +mS1TT9i4kPF/pjLCY8bmsr92b+6mhrH9I2Vl+AIgz9Y+krL4Ac4BxF9wZ+Hqm7FT diff --git a/modules/services/binary-cache.nix b/modules/services/binary-cache.nix new file mode 100644 index 0000000..44a24c3 --- /dev/null +++ b/modules/services/binary-cache.nix @@ -0,0 +1,51 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + cfg = config.aux.system.services.binary-cache; +in +{ + options = { + aux.system.services.binary-cache = { + enable = lib.mkEnableOption "Enable a binary cache hosting service."; + home = lib.mkOption { + default = "/var/lib/nix-binary-cache"; + type = lib.types.str; + description = "Where to store the binary cache and its config files."; + }; + secretKeyFile = lib.mkOption { + default = "/var/lib/nix-binary-cache/privkey.pem"; + type = lib.types.str; + description = "Where to find the binary cache's private key."; + }; + url = lib.mkOption { + default = ""; + type = lib.types.str; + description = "The complete URL where the cache is hosted."; + example = "https://cache.example.com"; + }; + }; + }; + + config = lib.mkIf cfg.enable { + services = { + nix-serve = { + enable = true; + secretKeyFile = cfg.secretKeyFile; + bindAddress = "127.0.0.1"; + }; + + nginx.virtualHosts."${cfg.url}" = { + useACMEHost = pkgs.util.getDomainFromURL cfg.url; + forceSSL = true; + locations."/" = { + proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; + }; + }; + }; + }; +} diff --git a/modules/system/nix.nix b/modules/system/nix.nix index b3ab9f0..6629640 100644 --- a/modules/system/nix.nix +++ b/modules/system/nix.nix @@ -37,9 +37,15 @@ in "flakes" ]; - # Use Lix instead of Nix - substituters = [ "https://cache.lix.systems" ]; - trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ]; + # Set up secondary binary caches for Lix and Hevana + substituters = [ + "https://cache.lix.systems" + config.secrets.services.binary-cache.url + ]; + trusted-public-keys = [ + "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + config.secrets.services.binary-cache.pubcert + ]; # Only allow these users to use Nix allowed-users = with config.users.users; [ diff --git a/modules/ui/desktops/common.nix b/modules/ui/desktops/common.nix index 23f5154..8219257 100644 --- a/modules/ui/desktops/common.nix +++ b/modules/ui/desktops/common.nix @@ -102,7 +102,7 @@ in # Tell Electron apps that they can use Wayland NIXOS_OZONE_WL = "1"; # Install full GStreamer capabilities. - # References: + # References: # https://wiki.nixos.org/wiki/GStreamer # https://github.com/NixOS/nixpkgs/issues/195936 GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" ( diff --git a/modules/users/gremlin/default.nix b/modules/users/gremlin/default.nix index 579204c..d48359d 100644 --- a/modules/users/gremlin/default.nix +++ b/modules/users/gremlin/default.nix @@ -18,7 +18,7 @@ in config = lib.mkMerge [ (lib.mkIf cfg.enable { - # Add Gremlin account + # Add Gremlin account users.users.gremlin = { isNormalUser = true; description = "Gremlin";