1
0
Fork 0

Services: initial work on hosting a Nix binary cache on Hevana

This commit is contained in:
Aires 2024-12-01 21:01:53 -05:00
parent 0f59b80851
commit 741f4c6ec1
6 changed files with 171 additions and 103 deletions

View file

@ -20,6 +20,7 @@ let
# List of subdomains to add to the TLS certificate # List of subdomains to add to the TLS certificate
subdomains = with config.secrets.services; [ subdomains = with config.secrets.services; [
binary-cache.url
forgejo.url forgejo.url
gremlin-lab.url gremlin-lab.url
jellyfin.url jellyfin.url
@ -119,6 +120,12 @@ in
onCalendar = "daily"; onCalendar = "daily";
user = config.users.users.aires.name; user = config.users.users.aires.name;
}; };
binary-cache = {
enable = true;
home = "${services-root}/nixos-binary-cache";
secretKeyFile = "${services-root}/nixos-binary-cache/certs/cache-priv-key.pem";
url = config.secrets.services.binary-cache.url;
};
boinc = { boinc = {
enable = false; enable = false;
home = "${services-root}/boinc"; home = "${services-root}/boinc";

View file

@ -1,98 +1,102 @@
U2FsdGVkX18LODnfDsvFy4vrBY/7+8a5UJX2ydi5756jrV0GOHOP2oOzvept/krP U2FsdGVkX18J+WAjHyMUnbIvBgCbeLWvJ5ac8UsUdqI5ay5XobXxYy2JAEtHcHs/
epRK6iqRN73Cbo3j10fxR4YDSP5QrVYCkZInEMfY+Js68PgrAFvCIF4lVSKMrowr 1fw/Be7hXUCIZJF5abJHFw3A50KWdQasWL2Gy7jswp2mkHSSOZLNzn+XzPXRGcrW
yxSo1tp/1Gm4PJXOtVVUw2gogUW46PwjkLEis6PBoKEHm/GWQ2fy8MtOKvYXjMx3 kDuZPjKGtNliBFlxkM2VhIF690UELF5uTVNaNHOBy3L8YdqRajwkX38AkizUixeW
AgPHUNCq5W6I9G8wHeYQPaRzivYkzxKPFlbKkVekkvWR1riSPVp4cRwly+/QnfW7 WsdAy7iTLAVCwUzC54/aaZ3oZQWXUp1HLf96HzPfQlvPRwmp1qJbHeVfDcLEVVvE
dkJnu2R5EDHjvvGg7b0UsNLyE9b9Eceh2+OwTN3iQssG9uYuvbMa+vITF5o4G7I/ 8MBPeIlP21RlNu4/KpECAREiZgCSiTIWIFLt2N0+ZCakcuQVo7Ar6yF1QaCdvfRD
k1bcbnTK+r+QdSUDBpGtenN8ehmFTvVkBekL1Dp5COVSZCP/Js8gjAg81MgpRqud T0eGcMpzSHwR6kEJByqUaDdBuw3qewyen5vGM12uk2wqDikPGhuJwgBGibQ+YzFg
7/XouEiQGUDpCQLqwsQwU0FSwXfcw0UI19Qj9V7aXeRSUEtFtcmfKIzmsHcfPYpF D2s6oPBU3lTx7PpytclFrgJphSnqZmDQAjgwoZSFgIsmruU96fZvA/NfdshJKlgL
NMvgAcljGYNydSNnrO83Xp7l5I4LdOc2+wxWRCCVx/PINhAmZ/5Xh12dCKbc25Iz 3aoalsjvmaIAqi1SEjmAi7nkimXQmW0rzFl8fPlD00Bk/M+Vl/NtdKsvPJ1kTbRA
fLSN1lSkKXCrpS00gZImrHZQS6LmOI0dWLWT4qLnz7UbT+gmPTh05bbpWZxueL7b Vk2RW6HcTRynj8gEiJ04f/DJgJDF20Cse99uZh0P/fEmKecF0pDrM1pqWskx1rb7
tDVOOGzBwMmKjilwtIVKrg0EWEwIO7O7DK5n8xdJ+0GwZ3wez5WPizfQ6q16qgVl nu3LXftplJceXZfsI56Jf61okbafhL4PHezerjh87JhcnhbjHI44lGJh7QYlwOmT
bOlM/avKoYNRI1P+UpL8Kw4Lo1t97CB4KZCAqLQBcU1uEL/ZwkovgzZuDuzAeNmH Gr1gJOn8kusg8P6UciOEA3lxjEz/3LmtXG+OOkuprtgJqSKSui3rvW+Zc1WPvLGj
Fa3K9mIBWV3aaBvgVwoF5gbdi3T2KORZPQPnne1+DWcMyaSr5OUl+kjt28oR4y5g SzbGEFMe3tCQR6GNGRtiDmRz8JBsb1Al8hAz+qLIe2HU+GhEvIO8pO8FFhSJzDIb
dR3dt/NPBADXiKELRdfuId9pg3idi8qol1cEHvshoTIP/2oD2Gn4Hlu68xSYKqB2 l7XrHlkkgzK9v4Srh8tDgWuc3AOqwIVccKSTOTFSl2GqdL8uyypWaXOwwo7boNJC
K+ZhsB5bAeJPtP61fROkYVZXqYXjglfRmFAnsvxQoVW8uRNvQGRop4a+jL6oYO01 QTT0TZO1obCtiGY4oLZcajzJO6M+17gTkPBeFJ3guj8/+dFzbvehPy/i8hrT5FRH
szeBUqHVH4dHi7l7dcfX+hkRrqvbchFqwA6r9KAa/0g2DKF+FDYi/pRRDQIoVy/k koG2oKfdiOtwUgy07B8nB7cj8a97C7ijBPvCmDkcmfstT0BISU7JY0aAXsY9rrlW
yse3UxgwBJWRvhYEMEpxhaSh0Q+6EmmnttAjWRGSRZmxxgpJtCbkg1mleLkH7IrV mcjVCdE3+s501s0W0W/ymRYDqhEGghwrrbii2byVbdU9xPRlJunJmQL9xa1Tq2hk
ypBqWhl+bsgu8r3HdpcpG4ug+8ed47W8/yiFUJ0UIvlRbMvadiRevYR4JE+Humgr FcKssrgF/oIpLeZatUqNovSSQHMts9Psx+ARoyAWb6sEfNTBS6IanFWRDfks8SYF
d+FRH44m9elMXBxl0wiwxq0csJO7zMTIbFacIMrWUPny/V3CCngrdnxCMUBUUD1j 1Q4QlhxO0FHpO/POp1cNwdzJRm3AJWf/UVpJZX2Cc5R3EB9prubzz6KbCgxW4Bfw
89fRLj5oNyJNDL7hMtxmBuQTphrEcEk37FBwPAGwp0p9H2wvp2opm6RK2z4dcE4l eOYY2QEJRbhLxHCfPYbKpxsuQAOMBLud1xQmWrWP01sJ2D10xHi0PSay7qFmyDMD
8Zui1OJNOFKdokCwBv9Gn6dtU//qNHAqAp3YGgeYHbGhVp2xl4jrZjO+uPd+fJWO b2uY2fFrfH3+JWuTlFDOoLk9giYK3zlBqpSW5eGfzX44mDZzRwyw/8GW//xvMBc1
pqxCvULY+qu7ZzJNprAcOGijoTJ6L1DrvMyxdoTgbs1967RGFyrNEOw+5tanpxX8 I7Gq5mNRyUYW+uj+u8W7qQwUkhAi2ktBu4fyTDUFPoAbLWZC+nuDmtL4O/o5skI6
ZrQqAR0VC22aUd+fRdp7w2rYEl/aZisK2zwzi1XO88mL2qThui7LPDu8xQc6b620 ENXKwnbHL42Lspeyg4CD+QaqXX+iLWYmOmwYkeZYpqjrDhUc2VpYolf75Vptr8gI
omDx/fQO9/DD8HFatxly02CMXgFMNoyPClaOocYLgz7UePmEI58hJQVX3dvhL+OE fTrtyhITlmtrWcCh4IiiucFqPwryjWLPeiYbxEntdRf/AwqnCBv0LkxeD74SXi1+
dIRSxYUe1k75ze8Q5P63Qi3UwkeX3f0lEp3olKIOcwnvi2MVAzw+8g2LQ+O+g8RZ zSmm6n4vvfKWXuwCUYLqI4U0kCtRM9KVaD5mzTWfdOsyBbm2xh08AmvECpM8ivE5
1yq32llz9WHfPvHNM+wG/w1bW11ImPuw+dVd907gPq+6E+aSFqxMu6u7bj9ZlAPZ DhD5VWVm8k/rz5uU3Jhe/vNxzvte4LkTvSwQo6oYaZkY39v9bHjfBkXwS7OELt6k
xdMIDDCLs9mQoRctnrfhbunyH8JQVX/DEpsJi9IiBPmcV92k+/QnRCns7LKMkbcO XRsx+LSICklhoM5cuRYFzDpTNgTDSJpvB3EGYLilC7mac7Wq7SBdxmR/p6bKfkYQ
vkqS2K39rP8rL4pZs7vAAuBZvHd8EWpoHZnHrC9btGbRBvhcUTKLD+7hXxAs9Aa9 F+csTHbFC/XSYtMUqiwN9tVeOsgTqAkfUFu3lL+sY/pK25HR+dHYOLRcC2HegA+2
rS95EscstSLKR8y2PAc9q83OBVP5A+UOsTcoqJ7tHYIHUzQt0L+aeWsbTAUs8CkQ oOE+10ZTfC5QpQLkhjtySMW4Am3ar3fLz4QA1tEP1vo66el65bjqOjP3MVPpfKcc
U7yUsFsHLDqNSkfsuflzSscOH1n4x/sd9aVZL6jvBD20h1vZ8Khbief24G67mObs u7xzYtwTPH5m7qBjP/fFXykEYIoTrc1ZkVu3Ypj9njF4bDArL5VR5xTSHWaOzOkN
u0bmfrdsNc/mA2beARGGy3B3Ybghi75GaxCaQTTyLiUPVRqxizbM7bkcZwGAdI6Z MCmDC4rh1NX5ldSE2bvp0DcK6WshA8FWHrpj+gF15V0briyeaWPJ+W59PUwpYhnP
qhz/+4UTIym7H2Onhz3glG1IJ4bwydsV1ZcoEDn7vo/nrOoopghvak876jE7KbnW XS1MuWYhwegQW5m9WmvTAwKUExtu2UQPOvuEiECgr+Ls+ewr1mY5k2aV2rH90PtS
ba2KpDoWQHAAOp2rahzCI5bXYupcQaOOUe4T7cuisQpXRqQBkt8qa/Ztd44G0d7s uJXfwuAlYQiJYUClicYlmCcHCmFdyd1aKfuptgFGeIT5oUqQttoBxWGYOKSeQinM
TSkepDxpBB6pQneb+tm8PacPBJA8G4XDhkzJa8yYxHFyw9eP1/i+v2xnNzJLgSqW 2Zd/KJUiOhLlOHMsv/o2x8IxWmyxKk9Ni7wP4K56dwwSw9NS7t6hyXGW0Yg51sIH
8HaG3OTJR43BNPpPaS93TAhbRnToLEqo8DS28CHEP4DkOalpWW0T7ZzuZNKiakiu 0bPh/i04RLxe9TSFwmudtd4q6f1QcZ6f73qeBiHF1vpt+sSSqM7MYhN2Dnum34yX
vE001ScL2EcsnZEvu4NaZr0UaVKPvzu930OMbiuZtGKuOmcx0EK9qVDhneG7ru2S psjyJYdcY4rXcU/Z4K5+MQC3hl2zncb/NTLbfCTTx2tJbOUrV3ab6FLhUvUiXsu5
woGvu2x5sda0WNVz6Ftfh6gRT2Gao7zDgQIwmaZxgQZGfN14fzPPgYra4GlBkZOg 8Ex50VPc2Sbrz5F/gslsGQl+iP6wR9OCXl38BBKSr452BeS7xMm2QiX+INcm41oh
gluuLqqpjYNeXSdl3dSz20OGBgon0QdS5Jij194lsNeoeFnMStNlZFOljbgnPQye A5TTlJSrU+xboi5cD8znUaY2wHRsgeLCyHdJXDbJuOVPBUVuC9G+6FW8J7zQ2A76
4BxVI2R6GDvxB/IL3CoohvtaISbQtSRDKYvuVoOSDw+fRB2YZVQ7PbkHGKWkI2LG DEuz/cgBhUnMIkr3T5h3ivL6F7Crsd43B+ToKu23q2MjFXS98zzUowSn9EUFfP7c
MKxuepZSdYhO/woXiTPH+m4xGuj0YsJoqocbHQEv2oHwuZfEZWunvyutvWbDP4OR /4T/f15WNBvveCWfLGVRPQqBQiWumSHhw7YkUN1UiE2UTyLwYapnbdxSM17tnYP3
JTnHfSblhEhN4AEgkw9QvsMWeIznTwG5RvvN7Ri8Di6OyvzSB2AzvfdZJcgGptcy IQHhYdxsKr+RIneNlhsb7vMiJv3o0HcDuRf8yFk52LJNdGx0ygleVpj0XwiwMe7F
r0y3dQJoSPgyl558tlHt6qwf9vKA1mZlSj6/aTVf0Xr+9Y7rcYMvyD0nDeU/wb5S uUcvHzIq1899I5nB+rTpSLzQHxM8EQEwMrcf4/rVFW/Fdky9R9AHHCRUemjZ3mdz
5HnZyt3UoN7yGGueO2l78aNufms2s3vawY40nilpusigPk1/W08Ox5l1ETKwcnm1 j0Gb0SP4GfQ2584lwoEq4+DUFqG3qZ745qSetReuzz1CN1zkR0Cjss0MatvCY8Nq
Se9gmGeCbLWz8na9NhdfboYZ+uBu28DZqieQIfT3M5RZJ//fvSEcOBviHItH3vY/ xVCEqsQJyAnetQ/QbaYryqWVZKXV9Hd7sJKUL1NTyJzDC0132gCbt5QVEdh+9q84
NkbCzG+FpnjVYszOillc7m5dDBy80neSgh5oJy5XEomF61UA7DoTP1wcoXi2C111 fR5sMOVBYB08GvNai8wvZ+HmoktAoLp7nbJCvfUfC7ZqHtigfLfT31tp/WCAGBVJ
6fh1IH4WoD/cMew5n5zosS3UCQ9Hl8akQbP1LfcF7pBeapyrng1BioVjIlafslH0 NA2Q5QgMO0LPTii0+5y0yHei54+2hnC9tukvGfY3XU7jXOHcvZreIcDjFdT5ydUr
JMS7KQqOgih3GfWnpoLyfvYvXvrqffggpJi+WAdCKK7IKGqd4GitLj6i4juGi4BA ZvtATYeJTj80iStm867R91ycbUG8tjqs6Ft5WS2OzSHK+O00t5oSUVw4kosr+iTO
eZdJbR9FWQfUZrMFgIgECS8o0cGsA+EaToZELRKmQWECnImDsIK2nL2SurDydbjf ixBIKH0DvFWUP04yikmN5CHxiV1x2THdv7Jc7AHhKPU5qp65b8MJgTMQK3igF3ig
XV2tSAU9SIku2iKN7/s8ehg3m1rcQdzD+pTTYUUBG/c19mZo+AzVmGkaw43/qfYS b5257hewI+XDj6z/UiXQc0UAEIY5ma3Rou5zUECx4sOKXnEesHrSdF8PSvv//SuL
ID7bh125c1O/Uc3FJa+cCfYlYTt44jNkGpPxNzkiT6pKy2AjbYkI+0hs+jhSGWi+ YQCfsDvriYaV5LrOaVHbWVTeAWrC+Fe72bThTXpdwVX4yakuUiAKACXF+wZ87Uci
7vGOtbnMUcqDgFrgHG62AMpRERKU5EXkz23L2wyAWbb6TG38ZX1h2TgB1gXBIRoq ybG+0EPeKje0HatDY+JecQe1CAPuYCbSDuZ9NE0Chb6CX/pjpNvYlB1FxHFrzuYr
evtHyLj8mki2npDFlBVZdK/NWZZhyVJdSHQ08cys10ykUNWHmlFFIl3JUtWPhAGO pSaVwlFvzvS3BYrPj4WQAHmE7Lon2Ph4afDDKCg7WAczWNPeiW6Bl5wrTHrzgd+E
JNyp3O3hXMujdY5JSiqE1Cjiv8g974OHI3Z0Z77wwVq5q3+pvB72crzwTkd9oM86 41mngjYatkCdEaa6vbpvOo4gRyFiPfAoUCtQs0qTE+5DDI8ZT1DEILsCd+mK5O6g
oTJHoN/PCuD2ec8jPoKEcK/1T4eMkYcuziWdPgfmsYrsns7BDrUmrczMHWLBqWyz c4u8oC1UKZkl6iNkj5O8XYDs/qmONn/MB7jn+dFC8wL9tLE7eCPNXFWO1xxjmVHG
ZL1jQ4UEZOpIPcQQd4Ma063eNbhi1HjLEXGj54wUew/BVg2VvT2FpG2b0yrdWc68 pfX6ZsI9j9qUD/gqQRn2j94lQWQG0oM1u42kunnq1WHEKRb30rNjZFOKy87IEQ6Y
8QonEhkrjntAuDZXj+YoXc+iFg9T0sjvuRgWYeH6rVjicTtm6x1ywUle6tUgmYIJ iqLetqdcIeeaISfMJw7ymoyK0pOtNjzr1qxNzZsWqVdpX4G1xX6BZHI/oVfoUfbr
0Q5rzS0y8j6lZBXrQ3vch30rJEidCk0DNbyaRmwRnF6KFT5n9jFVMwSGb1Qxg7L+ 1IDU9k33aB0HsiJDuN4El0b0BnwVgSM71Q6uiynQZ/x9rE8Us8bClqRUWP5Qxwk/
S7ruZvjIMdsfPAnawrHKS+3F1PvLbnbPnxFBColhk7KXAFWQneVai5w9kVkkDfVi 8+lOdQKJ/I20RCvlDt+vmK6LGYa2FJ69TAh09TapfXaX7rOa7MVyEFOFoeYLBvki
g7Qj0dHJ6uc7JFAOOHFVpVoNMZNhgQfM1Xo6mGCTLH5rdy1uINmzH3LOYlMDUPcP 5X22bx6H7bdKeDrH9qGmGVUU7mkboOKzWWkqq39zMfbcFns4bneF4rSmCCcwJyKW
02SNHx+1sZJ+TDJxM3Bh26lbaYGRatiCPSH1U208DzdRwJ1MwqsmIY01yTCvJwSc Xjgj1F3qfUznJi3jhhy0/p5ZkWJga/WUih4a/FdA1EeuWp63B1f1IgOVhm0J2twe
qe4xGp/IJ3NpGmkGdbQSJ/eIw5iVfSfBpFFcDnwIdXIGt7q0ZwubNSHwJX3pe5NV FGScGeS/9pynaCAQ93OjyrqChQnad1TBJQHD4eAb0DvMVW2RTovFrXk+RtFqp2Hp
3CWrwmy6jzJIJzx4ewm7zS0/D1K5svTcGy00cEiSrBrxVLxbJgiwmDV9Y4ILeHJ9 Hke5QGDvhitf5PNhDsV3fEY9btRBKCi8LI+6JvjfE2pQlmRoAolpoFbXHwwq6o0S
tbuRRhBJIPoa9s9GSpThBSzlX/ro5kDSexdPFJJrDG0khtmCf+mKWD+7KxMi/qJR 9MrLgUao2kRArftQvi5wVmNMiWQieedsP51y56wmYKrpmAG7mIQBxPC2auIxjbIt
RZg4S7fbyKJsK05v0pdCNBm8slxMl88S8XA5mOFE7ogK6y/ItvSucWwnNVcehFc4 iaBJb8oVVDv0OB/NTaeom+lH9Zt5vanWZRPD7i5aXBie2yfnObYwDejtN4wo+Yzm
cLU+NoNVauD8bNVgRRM79UHexoUqtyxfL1IEs3WkI5IxSbfbxq1GoLqDlCBJblo0 qyQfBothGWyktsKVOZsgZA+PXr9u9Oo/MCZ2sCGqrkoO0AzMF/Po5/XWinnTom8x
kmz9RXGHOAyrv7yprsYqrj5RlGORptsM28KYXrHTn/a2N6U0v8ScE+FDBh5+iji7 BfZVEX59dhQR9rxotSnXbX3he7L0d58CzmRU6SJw1Kvo0Kp/O9dR/EBbb7XPMIyr
d50EbSNB+GIA9Fd4VDLghXRlWQ8SRiyfsRPmJ1A0+JM3y+NV4lgvQyq6zha/xhqo YtmA9tUshInZqMVpIW5L5ghhJS7kv/s9z6wmMebtkiJ1UOf5WEX8cxg3njiOqSYz
F4kYdCZI+SvsyjHh8oBHusqAXaEiLBWlJ4jpYwZdccYRWMhxWB7EDBQnfARieRKG cXwAXhdXEQytQqVNoMcLS6mKL62PLYNPd0KlvbQpmbf5mQVdCC5Ma138Yrf4MwWb
SUuYBa+ogy+qfXua2q2GUH8KosSsMKFALHUdjrk5D6f4/nQs5t2wflqlhSPJDwl8 vVFDw7zfy9g0bgu38DHUGM0qz5HOJ+y5KJgwAODsvj0TVYntavxOCcqxrUn5AQY+
lY5nlUUSEZhZMJSJeGRPukHrmch1GPciR9JrgSQPoAhvQ56IoE1gu8DYKTzYtDya LmKddQbB6MZhzUtU8/JeDsxGpVT1pvJgiQ9fpsMvC/H9e2wVu87btSWrWYmY3f7a
Oo44L4j5AKLUTIVMGDnpvgRPR5MvbFY2+sH76QQ/ajFFlKVbzMCGuf5KlYLqq5kK Q4ufmGlXTLCfd47Hzm/h6jT3QFCEzj1vcEvXojBMeaDbWmb7PmTG7eeCYj71lNpM
XvPr2A/Iu+lL0XoMrccFIHmiWmMgHWzpJUV2kbPIUScjpWrBs20fsniUEvPIcnoe 7aw9sVmsN1pwfqpz2qZO8Q+dkL3hsY2uueyuHqDIqlzf4aeQKcfgRo0PbnXd3U12
r//i7WGnAuwpmyk9YDjT25qD2cpcjlnenYHd0t0VFqnwfDtAN4rrpCf3yKQVpIDD mpKMXXqTPIITy8MDF1KKM9U2KfdPGVC0VggkxFbuDdqc2Hbmi7/+NMwaNQVt4B6J
qQPa0b8A0iaLeCc+FzF8RoNG/zGDMkLe1JRHWooq8NtwDC9WJipYppb4RaZKZBIr Umibxo5fsB8CAHXJJskXWlj1D0j11PvDsN2yjRhxhv97RP2Qywi+RUO4bRJR62ay
YBWFuazhAYpKHltBTzQAcgG94nf0X/tYc+70nnEBT7wRbrjyLs4O5iFzbBmkBD6E 92MJZN2FD9X5vJdOCIWt9UVLzMIXTFFh8yz4DfclD85EONOi02anjjZ3tcvjNhyu
Y/KRHFdI650OC0hRpoT9Ff1+FZKAtfANEt6dfMiISB39cqWlnAQB3Ijq5tPAu9FZ IYL/pC5Ki31DpwI61twp1GbVxR5mtGqhU8Pz3SsYNfnIS1E5PhnJlwnCAKHBKhZk
fPt8434HvbpdK+8sKujn9Q9BdWC3Ja3c8NWvlaHvO1fn/UOAHhBBn5pxNfKH8QCa JNlv9ytgmjX1KWVhHrnQH412kyT+FoEXykujm3OWLbxBhi0efGsXhHU0mdq9yeVq
soj8y8Ccv2e7EQ/xu27Ljj5WpBpIZ19w+1e0PF1nicqGY0v3mHTHI5zFVtBNAZhn jZv7ERT8tJzW+whFL9NT2tOgl946Kq0WhoHgVnUAT4LOXXRIM7SE9I658cGgHglt
w4sSmZ0ssPUe9JRkj79rHtNsJKwb76q6BCljiGYpbzGfMbipuuxc5YaY3HAaUMea Q6PcYBAoEJHMtTM/JPVboftObPN+STSEmrsPyRhPY8T6Tx8xa1I6kFUhCTnBbM9n
gFY+ZR94Pgp2aj+OjfgOGTX50fn6RhoU1qTocmlGdJ1lChI3ACI1P2FBJr5fm2wi EHVGPARgTz+4AN4esSFcwTkOKVV9qfeVXBrWY8gnYJp0LrP2hMgFhm/R5WyPA4jC
BkVzuhb/J8ehumauHD1C5aTe3EhJFT8sCJNkO59bNKycHwzWf1hlvFiZf/qm1Gwn sEZmbbaRA80MGUmQP+1A8kgl4yzGV9p05+8jyfei9nGUUjx/ILCfHYvvqcNpG7/u
uUqfY3d8D0Yg2Gx1OIlEbuAhqmCq3mk2JwSBlUhJkDUYRKif/oWg+jsuqnkp2lci JdGjMvZAqwB+CVH0TK7EnyEcTqsfNens0sn9rbsVaPScAY5C9kVM8mviV0OzmzOy
u3fzlL6VwxGvjmnZc9y7rc+lYTGzV4JM2s6qQ0CaCBFvQ6pwaTBfXF6xATlJHcPw 39Na+TI+alZeEfxCyVh2nvQltJNlBuhyI2E3EHpuKxFOp0ysQ/m3gyKxALXJn/3R
E65KeEWxFWmU1cnDDS1VMEv4Pt+VEygxJf4eRPi5gdiL+Vp1OnJMpOl/LFhCIoPv esiwBWKXhkRRQNsIsq6UK1y4k2sURb0a3k+ifO3bua3sJGRb2q0ddXb/OFkkSjBP
xHu5h1XlQ3Izoy8xlzKnud30EvXALWeMCJyM51o49V72kaIWcgmLzLL5KyKayTM/ Q2n/OCJn40CqVkvGwVX/v6MwiYZF54MDZeXp+N+mNnzK44CfKL02qWS/w0ln3xV1
VG3AfnXZGMJoCDnnLA6hV/dUfoV3C19uWtle2AiU75JqW3SAY/FKqLJ0kqPpgSlT DKAWbCHDOnlIiui/Wj0ykiAzbZvH83hRjE6LGBXJFQ8E6PLeJsaGJ4c25oTsEkuK
jrnVwR4JqObqRJXA3cg6Epre3AGLxiSWLWSrxmwcV7Cq0hSKm0EdLveTVUXE3VLu DgzqMfAVBcl73ct4oh13l2s1qsTB10ZP2u3RYRbomkC0LNp0aGU98hD/X2eHESJ2
Kg1AIMpSDQ7FiIUuFYIcmfxTMs+ue8FrIj/XadpRYJHtTW8FjvTzxNJBkN2qjtmA 5OZfDuGOJ6ETSM+GQsVrSkk9AKprcX0bKh4vJvzfYA+5QG7d2q1Lot5miNnrTsYh
3BrE3INHkZNbDNHuszwDQhWnT+CN1HGx3UJdqqwXnJRzuiyXqw9lclCcuizLuGiu RGXZtklz/y3MAR+iYc2NyS1kSKL3lKo7SzYgYs1oqeExQRLHa0kwFmdR6J7w38w6
2QlBAfysqmJ08L6A7TwRrFRVBmAQeq08EArnfrCYpb8w/GnoSg2epMVnHpB6eCJD t/si3itL4Um2JbAJaP6IRwocwSAr3UiIHXd36HoF+w0cYdgkVR4xT7YGfyLpVGSh
jewUIDr0ZUDr7RjIUKbObASGyU+7pxeNrmZR3j7FMwHcWQFVe8x5PEslGi6sErjp hHQ6Of5OfHmphcUKeOJbOyHWUz2hcxF+mngQ/impR6eNRG7gQtXqQiuubyxeka/y
Bl/zidALkEGzEQdySfJP88xHJXxrp+1hTZP4YhI4qBIc38A6kSjTTtbzo7QTxdCK WA43PQXSCcU617jxKGoYFNl+2cd2TubFIaizc8gQls9K3HBY7aT8khN/tJwBzBJl
CsDTtIBYI6KTh2AXS/eGwXzhEtb0pTzoakOZi9YoQ698BLrnjXAx8EDlDkDdAe8I lpr+M0D77UNou+6yaGQ8wYW4UkA7jbfI+N4FozqO5l+iMrCGfMD1Um11+gxx10IR
zZGJb2UMp3WN9NANa8A/FEDIYGOKryrK0xSBuUC3ghb+DPgGFbsGt5/2nmh6cqV1 PPJldD62tXA5G3OpT0jM0ITZgUOu44ABG19KyZSt5wsyibk+KpqcR9r0VTJC3Lgy
5y5jRGUvV5IiRrEzX69kMux/luCFWEq29B4wi5ifMMMl//+QPMZfqU2H2WavJwHy m/YnWJsLqPkF0GxHnbumYNWWwkH863dhT9+UZB+t6LSTtz1Nmmi2ZFMHDM0IPytx
5GOOrcF0x1yHV5lgLAv16R3okctoZ2eY7IPDWrpeg4+gwAcYBmfudGlG+Npn6Cxj U3j/nSyGH4EDp6Nt8n9XKF8Xr5LfWFt04IpkNcbBixKO+DUy+OBst5ovFrRVveTq
5FX8+CIj4bYhep5hoL3Z3X9j3g9w+MCunbPWLGw1FBExScVvNwcfU4kXFxAhjtjo Mkp/ddXdZSXSeUP0gOCHwuMe0Oxx1NPR+/cyGAAEB7tW11W1+Fr8jXs7Fhou/LTq
EPllkzriUjLq8Hon0qNGhokUpMUhPVaB/zcxjgQzS+yIIfAmkQawJCmxS0hrOykC VbBaLLeP1QgnBwOFXCFEyD1mLkiPcUZDwzXO6GanMaBtVLKxP1Gszj5c2zt7xPIf
s8rvHKmiNEIjIJ71SLz4f+Wq7VdLD/cjZf8f+YK4kVI= 1XnhfKEFbXiuJYrSjQ6n6waAeQZ08Zmjbdfa80PeQyWnbBjyjcnih21ILa1l9Rg+
7Ij1YOHOC6Ub9VvtIaLgm36Obwq4sKaYYIkXvQD2whkuWI9bXbmY0HbfdAs4JGrM
KPEcbZGLa7I7LdjRJEnYuravbS4Vrfif/7w70MA88rIBLAwpQoX91tAEkzZ4rfIv
gclk+vQO0v/+2eqJxeAM/c5InAmLdBWzT3KNJz3Sweq5xJEFnjSkUkQYGpH0O8T5
mS1TT9i4kPF/pjLCY8bmsr92b+6mhrH9I2Vl+AIgz9Y+krL4Ac4BxF9wZ+Hqm7FT

View file

@ -0,0 +1,51 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.aux.system.services.binary-cache;
in
{
options = {
aux.system.services.binary-cache = {
enable = lib.mkEnableOption "Enable a binary cache hosting service.";
home = lib.mkOption {
default = "/var/lib/nix-binary-cache";
type = lib.types.str;
description = "Where to store the binary cache and its config files.";
};
secretKeyFile = lib.mkOption {
default = "/var/lib/nix-binary-cache/privkey.pem";
type = lib.types.str;
description = "Where to find the binary cache's private key.";
};
url = lib.mkOption {
default = "";
type = lib.types.str;
description = "The complete URL where the cache is hosted.";
example = "https://cache.example.com";
};
};
};
config = lib.mkIf cfg.enable {
services = {
nix-serve = {
enable = true;
secretKeyFile = cfg.secretKeyFile;
bindAddress = "127.0.0.1";
};
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = pkgs.util.getDomainFromURL cfg.url;
forceSSL = true;
locations."/" = {
proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
};
}

View file

@ -37,9 +37,15 @@ in
"flakes" "flakes"
]; ];
# Use Lix instead of Nix # Set up secondary binary caches for Lix and Hevana
substituters = [ "https://cache.lix.systems" ]; substituters = [
trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ]; "https://cache.lix.systems"
config.secrets.services.binary-cache.url
];
trusted-public-keys = [
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
config.secrets.services.binary-cache.pubcert
];
# Only allow these users to use Nix # Only allow these users to use Nix
allowed-users = with config.users.users; [ allowed-users = with config.users.users; [