1
0
Fork 0

Services: initial work on hosting a Nix binary cache on Hevana

This commit is contained in:
Aires 2024-12-01 21:01:53 -05:00
parent 0f59b80851
commit 741f4c6ec1
6 changed files with 171 additions and 103 deletions

View file

@ -20,6 +20,7 @@ let
# List of subdomains to add to the TLS certificate
subdomains = with config.secrets.services; [
binary-cache.url
forgejo.url
gremlin-lab.url
jellyfin.url
@ -119,6 +120,12 @@ in
onCalendar = "daily";
user = config.users.users.aires.name;
};
binary-cache = {
enable = true;
home = "${services-root}/nixos-binary-cache";
secretKeyFile = "${services-root}/nixos-binary-cache/certs/cache-priv-key.pem";
url = config.secrets.services.binary-cache.url;
};
boinc = {
enable = false;
home = "${services-root}/boinc";

View file

@ -1,98 +1,102 @@
U2FsdGVkX18LODnfDsvFy4vrBY/7+8a5UJX2ydi5756jrV0GOHOP2oOzvept/krP
epRK6iqRN73Cbo3j10fxR4YDSP5QrVYCkZInEMfY+Js68PgrAFvCIF4lVSKMrowr
yxSo1tp/1Gm4PJXOtVVUw2gogUW46PwjkLEis6PBoKEHm/GWQ2fy8MtOKvYXjMx3
AgPHUNCq5W6I9G8wHeYQPaRzivYkzxKPFlbKkVekkvWR1riSPVp4cRwly+/QnfW7
dkJnu2R5EDHjvvGg7b0UsNLyE9b9Eceh2+OwTN3iQssG9uYuvbMa+vITF5o4G7I/
k1bcbnTK+r+QdSUDBpGtenN8ehmFTvVkBekL1Dp5COVSZCP/Js8gjAg81MgpRqud
7/XouEiQGUDpCQLqwsQwU0FSwXfcw0UI19Qj9V7aXeRSUEtFtcmfKIzmsHcfPYpF
NMvgAcljGYNydSNnrO83Xp7l5I4LdOc2+wxWRCCVx/PINhAmZ/5Xh12dCKbc25Iz
fLSN1lSkKXCrpS00gZImrHZQS6LmOI0dWLWT4qLnz7UbT+gmPTh05bbpWZxueL7b
tDVOOGzBwMmKjilwtIVKrg0EWEwIO7O7DK5n8xdJ+0GwZ3wez5WPizfQ6q16qgVl
bOlM/avKoYNRI1P+UpL8Kw4Lo1t97CB4KZCAqLQBcU1uEL/ZwkovgzZuDuzAeNmH
Fa3K9mIBWV3aaBvgVwoF5gbdi3T2KORZPQPnne1+DWcMyaSr5OUl+kjt28oR4y5g
dR3dt/NPBADXiKELRdfuId9pg3idi8qol1cEHvshoTIP/2oD2Gn4Hlu68xSYKqB2
K+ZhsB5bAeJPtP61fROkYVZXqYXjglfRmFAnsvxQoVW8uRNvQGRop4a+jL6oYO01
szeBUqHVH4dHi7l7dcfX+hkRrqvbchFqwA6r9KAa/0g2DKF+FDYi/pRRDQIoVy/k
yse3UxgwBJWRvhYEMEpxhaSh0Q+6EmmnttAjWRGSRZmxxgpJtCbkg1mleLkH7IrV
ypBqWhl+bsgu8r3HdpcpG4ug+8ed47W8/yiFUJ0UIvlRbMvadiRevYR4JE+Humgr
d+FRH44m9elMXBxl0wiwxq0csJO7zMTIbFacIMrWUPny/V3CCngrdnxCMUBUUD1j
89fRLj5oNyJNDL7hMtxmBuQTphrEcEk37FBwPAGwp0p9H2wvp2opm6RK2z4dcE4l
8Zui1OJNOFKdokCwBv9Gn6dtU//qNHAqAp3YGgeYHbGhVp2xl4jrZjO+uPd+fJWO
pqxCvULY+qu7ZzJNprAcOGijoTJ6L1DrvMyxdoTgbs1967RGFyrNEOw+5tanpxX8
ZrQqAR0VC22aUd+fRdp7w2rYEl/aZisK2zwzi1XO88mL2qThui7LPDu8xQc6b620
omDx/fQO9/DD8HFatxly02CMXgFMNoyPClaOocYLgz7UePmEI58hJQVX3dvhL+OE
dIRSxYUe1k75ze8Q5P63Qi3UwkeX3f0lEp3olKIOcwnvi2MVAzw+8g2LQ+O+g8RZ
1yq32llz9WHfPvHNM+wG/w1bW11ImPuw+dVd907gPq+6E+aSFqxMu6u7bj9ZlAPZ
xdMIDDCLs9mQoRctnrfhbunyH8JQVX/DEpsJi9IiBPmcV92k+/QnRCns7LKMkbcO
vkqS2K39rP8rL4pZs7vAAuBZvHd8EWpoHZnHrC9btGbRBvhcUTKLD+7hXxAs9Aa9
rS95EscstSLKR8y2PAc9q83OBVP5A+UOsTcoqJ7tHYIHUzQt0L+aeWsbTAUs8CkQ
U7yUsFsHLDqNSkfsuflzSscOH1n4x/sd9aVZL6jvBD20h1vZ8Khbief24G67mObs
u0bmfrdsNc/mA2beARGGy3B3Ybghi75GaxCaQTTyLiUPVRqxizbM7bkcZwGAdI6Z
qhz/+4UTIym7H2Onhz3glG1IJ4bwydsV1ZcoEDn7vo/nrOoopghvak876jE7KbnW
ba2KpDoWQHAAOp2rahzCI5bXYupcQaOOUe4T7cuisQpXRqQBkt8qa/Ztd44G0d7s
TSkepDxpBB6pQneb+tm8PacPBJA8G4XDhkzJa8yYxHFyw9eP1/i+v2xnNzJLgSqW
8HaG3OTJR43BNPpPaS93TAhbRnToLEqo8DS28CHEP4DkOalpWW0T7ZzuZNKiakiu
vE001ScL2EcsnZEvu4NaZr0UaVKPvzu930OMbiuZtGKuOmcx0EK9qVDhneG7ru2S
woGvu2x5sda0WNVz6Ftfh6gRT2Gao7zDgQIwmaZxgQZGfN14fzPPgYra4GlBkZOg
gluuLqqpjYNeXSdl3dSz20OGBgon0QdS5Jij194lsNeoeFnMStNlZFOljbgnPQye
4BxVI2R6GDvxB/IL3CoohvtaISbQtSRDKYvuVoOSDw+fRB2YZVQ7PbkHGKWkI2LG
MKxuepZSdYhO/woXiTPH+m4xGuj0YsJoqocbHQEv2oHwuZfEZWunvyutvWbDP4OR
JTnHfSblhEhN4AEgkw9QvsMWeIznTwG5RvvN7Ri8Di6OyvzSB2AzvfdZJcgGptcy
r0y3dQJoSPgyl558tlHt6qwf9vKA1mZlSj6/aTVf0Xr+9Y7rcYMvyD0nDeU/wb5S
5HnZyt3UoN7yGGueO2l78aNufms2s3vawY40nilpusigPk1/W08Ox5l1ETKwcnm1
Se9gmGeCbLWz8na9NhdfboYZ+uBu28DZqieQIfT3M5RZJ//fvSEcOBviHItH3vY/
NkbCzG+FpnjVYszOillc7m5dDBy80neSgh5oJy5XEomF61UA7DoTP1wcoXi2C111
6fh1IH4WoD/cMew5n5zosS3UCQ9Hl8akQbP1LfcF7pBeapyrng1BioVjIlafslH0
JMS7KQqOgih3GfWnpoLyfvYvXvrqffggpJi+WAdCKK7IKGqd4GitLj6i4juGi4BA
eZdJbR9FWQfUZrMFgIgECS8o0cGsA+EaToZELRKmQWECnImDsIK2nL2SurDydbjf
XV2tSAU9SIku2iKN7/s8ehg3m1rcQdzD+pTTYUUBG/c19mZo+AzVmGkaw43/qfYS
ID7bh125c1O/Uc3FJa+cCfYlYTt44jNkGpPxNzkiT6pKy2AjbYkI+0hs+jhSGWi+
7vGOtbnMUcqDgFrgHG62AMpRERKU5EXkz23L2wyAWbb6TG38ZX1h2TgB1gXBIRoq
evtHyLj8mki2npDFlBVZdK/NWZZhyVJdSHQ08cys10ykUNWHmlFFIl3JUtWPhAGO
JNyp3O3hXMujdY5JSiqE1Cjiv8g974OHI3Z0Z77wwVq5q3+pvB72crzwTkd9oM86
oTJHoN/PCuD2ec8jPoKEcK/1T4eMkYcuziWdPgfmsYrsns7BDrUmrczMHWLBqWyz
ZL1jQ4UEZOpIPcQQd4Ma063eNbhi1HjLEXGj54wUew/BVg2VvT2FpG2b0yrdWc68
8QonEhkrjntAuDZXj+YoXc+iFg9T0sjvuRgWYeH6rVjicTtm6x1ywUle6tUgmYIJ
0Q5rzS0y8j6lZBXrQ3vch30rJEidCk0DNbyaRmwRnF6KFT5n9jFVMwSGb1Qxg7L+
S7ruZvjIMdsfPAnawrHKS+3F1PvLbnbPnxFBColhk7KXAFWQneVai5w9kVkkDfVi
g7Qj0dHJ6uc7JFAOOHFVpVoNMZNhgQfM1Xo6mGCTLH5rdy1uINmzH3LOYlMDUPcP
02SNHx+1sZJ+TDJxM3Bh26lbaYGRatiCPSH1U208DzdRwJ1MwqsmIY01yTCvJwSc
qe4xGp/IJ3NpGmkGdbQSJ/eIw5iVfSfBpFFcDnwIdXIGt7q0ZwubNSHwJX3pe5NV
3CWrwmy6jzJIJzx4ewm7zS0/D1K5svTcGy00cEiSrBrxVLxbJgiwmDV9Y4ILeHJ9
tbuRRhBJIPoa9s9GSpThBSzlX/ro5kDSexdPFJJrDG0khtmCf+mKWD+7KxMi/qJR
RZg4S7fbyKJsK05v0pdCNBm8slxMl88S8XA5mOFE7ogK6y/ItvSucWwnNVcehFc4
cLU+NoNVauD8bNVgRRM79UHexoUqtyxfL1IEs3WkI5IxSbfbxq1GoLqDlCBJblo0
kmz9RXGHOAyrv7yprsYqrj5RlGORptsM28KYXrHTn/a2N6U0v8ScE+FDBh5+iji7
d50EbSNB+GIA9Fd4VDLghXRlWQ8SRiyfsRPmJ1A0+JM3y+NV4lgvQyq6zha/xhqo
F4kYdCZI+SvsyjHh8oBHusqAXaEiLBWlJ4jpYwZdccYRWMhxWB7EDBQnfARieRKG
SUuYBa+ogy+qfXua2q2GUH8KosSsMKFALHUdjrk5D6f4/nQs5t2wflqlhSPJDwl8
lY5nlUUSEZhZMJSJeGRPukHrmch1GPciR9JrgSQPoAhvQ56IoE1gu8DYKTzYtDya
Oo44L4j5AKLUTIVMGDnpvgRPR5MvbFY2+sH76QQ/ajFFlKVbzMCGuf5KlYLqq5kK
XvPr2A/Iu+lL0XoMrccFIHmiWmMgHWzpJUV2kbPIUScjpWrBs20fsniUEvPIcnoe
r//i7WGnAuwpmyk9YDjT25qD2cpcjlnenYHd0t0VFqnwfDtAN4rrpCf3yKQVpIDD
qQPa0b8A0iaLeCc+FzF8RoNG/zGDMkLe1JRHWooq8NtwDC9WJipYppb4RaZKZBIr
YBWFuazhAYpKHltBTzQAcgG94nf0X/tYc+70nnEBT7wRbrjyLs4O5iFzbBmkBD6E
Y/KRHFdI650OC0hRpoT9Ff1+FZKAtfANEt6dfMiISB39cqWlnAQB3Ijq5tPAu9FZ
fPt8434HvbpdK+8sKujn9Q9BdWC3Ja3c8NWvlaHvO1fn/UOAHhBBn5pxNfKH8QCa
soj8y8Ccv2e7EQ/xu27Ljj5WpBpIZ19w+1e0PF1nicqGY0v3mHTHI5zFVtBNAZhn
w4sSmZ0ssPUe9JRkj79rHtNsJKwb76q6BCljiGYpbzGfMbipuuxc5YaY3HAaUMea
gFY+ZR94Pgp2aj+OjfgOGTX50fn6RhoU1qTocmlGdJ1lChI3ACI1P2FBJr5fm2wi
BkVzuhb/J8ehumauHD1C5aTe3EhJFT8sCJNkO59bNKycHwzWf1hlvFiZf/qm1Gwn
uUqfY3d8D0Yg2Gx1OIlEbuAhqmCq3mk2JwSBlUhJkDUYRKif/oWg+jsuqnkp2lci
u3fzlL6VwxGvjmnZc9y7rc+lYTGzV4JM2s6qQ0CaCBFvQ6pwaTBfXF6xATlJHcPw
E65KeEWxFWmU1cnDDS1VMEv4Pt+VEygxJf4eRPi5gdiL+Vp1OnJMpOl/LFhCIoPv
xHu5h1XlQ3Izoy8xlzKnud30EvXALWeMCJyM51o49V72kaIWcgmLzLL5KyKayTM/
VG3AfnXZGMJoCDnnLA6hV/dUfoV3C19uWtle2AiU75JqW3SAY/FKqLJ0kqPpgSlT
jrnVwR4JqObqRJXA3cg6Epre3AGLxiSWLWSrxmwcV7Cq0hSKm0EdLveTVUXE3VLu
Kg1AIMpSDQ7FiIUuFYIcmfxTMs+ue8FrIj/XadpRYJHtTW8FjvTzxNJBkN2qjtmA
3BrE3INHkZNbDNHuszwDQhWnT+CN1HGx3UJdqqwXnJRzuiyXqw9lclCcuizLuGiu
2QlBAfysqmJ08L6A7TwRrFRVBmAQeq08EArnfrCYpb8w/GnoSg2epMVnHpB6eCJD
jewUIDr0ZUDr7RjIUKbObASGyU+7pxeNrmZR3j7FMwHcWQFVe8x5PEslGi6sErjp
Bl/zidALkEGzEQdySfJP88xHJXxrp+1hTZP4YhI4qBIc38A6kSjTTtbzo7QTxdCK
CsDTtIBYI6KTh2AXS/eGwXzhEtb0pTzoakOZi9YoQ698BLrnjXAx8EDlDkDdAe8I
zZGJb2UMp3WN9NANa8A/FEDIYGOKryrK0xSBuUC3ghb+DPgGFbsGt5/2nmh6cqV1
5y5jRGUvV5IiRrEzX69kMux/luCFWEq29B4wi5ifMMMl//+QPMZfqU2H2WavJwHy
5GOOrcF0x1yHV5lgLAv16R3okctoZ2eY7IPDWrpeg4+gwAcYBmfudGlG+Npn6Cxj
5FX8+CIj4bYhep5hoL3Z3X9j3g9w+MCunbPWLGw1FBExScVvNwcfU4kXFxAhjtjo
EPllkzriUjLq8Hon0qNGhokUpMUhPVaB/zcxjgQzS+yIIfAmkQawJCmxS0hrOykC
s8rvHKmiNEIjIJ71SLz4f+Wq7VdLD/cjZf8f+YK4kVI=
U2FsdGVkX18J+WAjHyMUnbIvBgCbeLWvJ5ac8UsUdqI5ay5XobXxYy2JAEtHcHs/
1fw/Be7hXUCIZJF5abJHFw3A50KWdQasWL2Gy7jswp2mkHSSOZLNzn+XzPXRGcrW
kDuZPjKGtNliBFlxkM2VhIF690UELF5uTVNaNHOBy3L8YdqRajwkX38AkizUixeW
WsdAy7iTLAVCwUzC54/aaZ3oZQWXUp1HLf96HzPfQlvPRwmp1qJbHeVfDcLEVVvE
8MBPeIlP21RlNu4/KpECAREiZgCSiTIWIFLt2N0+ZCakcuQVo7Ar6yF1QaCdvfRD
T0eGcMpzSHwR6kEJByqUaDdBuw3qewyen5vGM12uk2wqDikPGhuJwgBGibQ+YzFg
D2s6oPBU3lTx7PpytclFrgJphSnqZmDQAjgwoZSFgIsmruU96fZvA/NfdshJKlgL
3aoalsjvmaIAqi1SEjmAi7nkimXQmW0rzFl8fPlD00Bk/M+Vl/NtdKsvPJ1kTbRA
Vk2RW6HcTRynj8gEiJ04f/DJgJDF20Cse99uZh0P/fEmKecF0pDrM1pqWskx1rb7
nu3LXftplJceXZfsI56Jf61okbafhL4PHezerjh87JhcnhbjHI44lGJh7QYlwOmT
Gr1gJOn8kusg8P6UciOEA3lxjEz/3LmtXG+OOkuprtgJqSKSui3rvW+Zc1WPvLGj
SzbGEFMe3tCQR6GNGRtiDmRz8JBsb1Al8hAz+qLIe2HU+GhEvIO8pO8FFhSJzDIb
l7XrHlkkgzK9v4Srh8tDgWuc3AOqwIVccKSTOTFSl2GqdL8uyypWaXOwwo7boNJC
QTT0TZO1obCtiGY4oLZcajzJO6M+17gTkPBeFJ3guj8/+dFzbvehPy/i8hrT5FRH
koG2oKfdiOtwUgy07B8nB7cj8a97C7ijBPvCmDkcmfstT0BISU7JY0aAXsY9rrlW
mcjVCdE3+s501s0W0W/ymRYDqhEGghwrrbii2byVbdU9xPRlJunJmQL9xa1Tq2hk
FcKssrgF/oIpLeZatUqNovSSQHMts9Psx+ARoyAWb6sEfNTBS6IanFWRDfks8SYF
1Q4QlhxO0FHpO/POp1cNwdzJRm3AJWf/UVpJZX2Cc5R3EB9prubzz6KbCgxW4Bfw
eOYY2QEJRbhLxHCfPYbKpxsuQAOMBLud1xQmWrWP01sJ2D10xHi0PSay7qFmyDMD
b2uY2fFrfH3+JWuTlFDOoLk9giYK3zlBqpSW5eGfzX44mDZzRwyw/8GW//xvMBc1
I7Gq5mNRyUYW+uj+u8W7qQwUkhAi2ktBu4fyTDUFPoAbLWZC+nuDmtL4O/o5skI6
ENXKwnbHL42Lspeyg4CD+QaqXX+iLWYmOmwYkeZYpqjrDhUc2VpYolf75Vptr8gI
fTrtyhITlmtrWcCh4IiiucFqPwryjWLPeiYbxEntdRf/AwqnCBv0LkxeD74SXi1+
zSmm6n4vvfKWXuwCUYLqI4U0kCtRM9KVaD5mzTWfdOsyBbm2xh08AmvECpM8ivE5
DhD5VWVm8k/rz5uU3Jhe/vNxzvte4LkTvSwQo6oYaZkY39v9bHjfBkXwS7OELt6k
XRsx+LSICklhoM5cuRYFzDpTNgTDSJpvB3EGYLilC7mac7Wq7SBdxmR/p6bKfkYQ
F+csTHbFC/XSYtMUqiwN9tVeOsgTqAkfUFu3lL+sY/pK25HR+dHYOLRcC2HegA+2
oOE+10ZTfC5QpQLkhjtySMW4Am3ar3fLz4QA1tEP1vo66el65bjqOjP3MVPpfKcc
u7xzYtwTPH5m7qBjP/fFXykEYIoTrc1ZkVu3Ypj9njF4bDArL5VR5xTSHWaOzOkN
MCmDC4rh1NX5ldSE2bvp0DcK6WshA8FWHrpj+gF15V0briyeaWPJ+W59PUwpYhnP
XS1MuWYhwegQW5m9WmvTAwKUExtu2UQPOvuEiECgr+Ls+ewr1mY5k2aV2rH90PtS
uJXfwuAlYQiJYUClicYlmCcHCmFdyd1aKfuptgFGeIT5oUqQttoBxWGYOKSeQinM
2Zd/KJUiOhLlOHMsv/o2x8IxWmyxKk9Ni7wP4K56dwwSw9NS7t6hyXGW0Yg51sIH
0bPh/i04RLxe9TSFwmudtd4q6f1QcZ6f73qeBiHF1vpt+sSSqM7MYhN2Dnum34yX
psjyJYdcY4rXcU/Z4K5+MQC3hl2zncb/NTLbfCTTx2tJbOUrV3ab6FLhUvUiXsu5
8Ex50VPc2Sbrz5F/gslsGQl+iP6wR9OCXl38BBKSr452BeS7xMm2QiX+INcm41oh
A5TTlJSrU+xboi5cD8znUaY2wHRsgeLCyHdJXDbJuOVPBUVuC9G+6FW8J7zQ2A76
DEuz/cgBhUnMIkr3T5h3ivL6F7Crsd43B+ToKu23q2MjFXS98zzUowSn9EUFfP7c
/4T/f15WNBvveCWfLGVRPQqBQiWumSHhw7YkUN1UiE2UTyLwYapnbdxSM17tnYP3
IQHhYdxsKr+RIneNlhsb7vMiJv3o0HcDuRf8yFk52LJNdGx0ygleVpj0XwiwMe7F
uUcvHzIq1899I5nB+rTpSLzQHxM8EQEwMrcf4/rVFW/Fdky9R9AHHCRUemjZ3mdz
j0Gb0SP4GfQ2584lwoEq4+DUFqG3qZ745qSetReuzz1CN1zkR0Cjss0MatvCY8Nq
xVCEqsQJyAnetQ/QbaYryqWVZKXV9Hd7sJKUL1NTyJzDC0132gCbt5QVEdh+9q84
fR5sMOVBYB08GvNai8wvZ+HmoktAoLp7nbJCvfUfC7ZqHtigfLfT31tp/WCAGBVJ
NA2Q5QgMO0LPTii0+5y0yHei54+2hnC9tukvGfY3XU7jXOHcvZreIcDjFdT5ydUr
ZvtATYeJTj80iStm867R91ycbUG8tjqs6Ft5WS2OzSHK+O00t5oSUVw4kosr+iTO
ixBIKH0DvFWUP04yikmN5CHxiV1x2THdv7Jc7AHhKPU5qp65b8MJgTMQK3igF3ig
b5257hewI+XDj6z/UiXQc0UAEIY5ma3Rou5zUECx4sOKXnEesHrSdF8PSvv//SuL
YQCfsDvriYaV5LrOaVHbWVTeAWrC+Fe72bThTXpdwVX4yakuUiAKACXF+wZ87Uci
ybG+0EPeKje0HatDY+JecQe1CAPuYCbSDuZ9NE0Chb6CX/pjpNvYlB1FxHFrzuYr
pSaVwlFvzvS3BYrPj4WQAHmE7Lon2Ph4afDDKCg7WAczWNPeiW6Bl5wrTHrzgd+E
41mngjYatkCdEaa6vbpvOo4gRyFiPfAoUCtQs0qTE+5DDI8ZT1DEILsCd+mK5O6g
c4u8oC1UKZkl6iNkj5O8XYDs/qmONn/MB7jn+dFC8wL9tLE7eCPNXFWO1xxjmVHG
pfX6ZsI9j9qUD/gqQRn2j94lQWQG0oM1u42kunnq1WHEKRb30rNjZFOKy87IEQ6Y
iqLetqdcIeeaISfMJw7ymoyK0pOtNjzr1qxNzZsWqVdpX4G1xX6BZHI/oVfoUfbr
1IDU9k33aB0HsiJDuN4El0b0BnwVgSM71Q6uiynQZ/x9rE8Us8bClqRUWP5Qxwk/
8+lOdQKJ/I20RCvlDt+vmK6LGYa2FJ69TAh09TapfXaX7rOa7MVyEFOFoeYLBvki
5X22bx6H7bdKeDrH9qGmGVUU7mkboOKzWWkqq39zMfbcFns4bneF4rSmCCcwJyKW
Xjgj1F3qfUznJi3jhhy0/p5ZkWJga/WUih4a/FdA1EeuWp63B1f1IgOVhm0J2twe
FGScGeS/9pynaCAQ93OjyrqChQnad1TBJQHD4eAb0DvMVW2RTovFrXk+RtFqp2Hp
Hke5QGDvhitf5PNhDsV3fEY9btRBKCi8LI+6JvjfE2pQlmRoAolpoFbXHwwq6o0S
9MrLgUao2kRArftQvi5wVmNMiWQieedsP51y56wmYKrpmAG7mIQBxPC2auIxjbIt
iaBJb8oVVDv0OB/NTaeom+lH9Zt5vanWZRPD7i5aXBie2yfnObYwDejtN4wo+Yzm
qyQfBothGWyktsKVOZsgZA+PXr9u9Oo/MCZ2sCGqrkoO0AzMF/Po5/XWinnTom8x
BfZVEX59dhQR9rxotSnXbX3he7L0d58CzmRU6SJw1Kvo0Kp/O9dR/EBbb7XPMIyr
YtmA9tUshInZqMVpIW5L5ghhJS7kv/s9z6wmMebtkiJ1UOf5WEX8cxg3njiOqSYz
cXwAXhdXEQytQqVNoMcLS6mKL62PLYNPd0KlvbQpmbf5mQVdCC5Ma138Yrf4MwWb
vVFDw7zfy9g0bgu38DHUGM0qz5HOJ+y5KJgwAODsvj0TVYntavxOCcqxrUn5AQY+
LmKddQbB6MZhzUtU8/JeDsxGpVT1pvJgiQ9fpsMvC/H9e2wVu87btSWrWYmY3f7a
Q4ufmGlXTLCfd47Hzm/h6jT3QFCEzj1vcEvXojBMeaDbWmb7PmTG7eeCYj71lNpM
7aw9sVmsN1pwfqpz2qZO8Q+dkL3hsY2uueyuHqDIqlzf4aeQKcfgRo0PbnXd3U12
mpKMXXqTPIITy8MDF1KKM9U2KfdPGVC0VggkxFbuDdqc2Hbmi7/+NMwaNQVt4B6J
Umibxo5fsB8CAHXJJskXWlj1D0j11PvDsN2yjRhxhv97RP2Qywi+RUO4bRJR62ay
92MJZN2FD9X5vJdOCIWt9UVLzMIXTFFh8yz4DfclD85EONOi02anjjZ3tcvjNhyu
IYL/pC5Ki31DpwI61twp1GbVxR5mtGqhU8Pz3SsYNfnIS1E5PhnJlwnCAKHBKhZk
JNlv9ytgmjX1KWVhHrnQH412kyT+FoEXykujm3OWLbxBhi0efGsXhHU0mdq9yeVq
jZv7ERT8tJzW+whFL9NT2tOgl946Kq0WhoHgVnUAT4LOXXRIM7SE9I658cGgHglt
Q6PcYBAoEJHMtTM/JPVboftObPN+STSEmrsPyRhPY8T6Tx8xa1I6kFUhCTnBbM9n
EHVGPARgTz+4AN4esSFcwTkOKVV9qfeVXBrWY8gnYJp0LrP2hMgFhm/R5WyPA4jC
sEZmbbaRA80MGUmQP+1A8kgl4yzGV9p05+8jyfei9nGUUjx/ILCfHYvvqcNpG7/u
JdGjMvZAqwB+CVH0TK7EnyEcTqsfNens0sn9rbsVaPScAY5C9kVM8mviV0OzmzOy
39Na+TI+alZeEfxCyVh2nvQltJNlBuhyI2E3EHpuKxFOp0ysQ/m3gyKxALXJn/3R
esiwBWKXhkRRQNsIsq6UK1y4k2sURb0a3k+ifO3bua3sJGRb2q0ddXb/OFkkSjBP
Q2n/OCJn40CqVkvGwVX/v6MwiYZF54MDZeXp+N+mNnzK44CfKL02qWS/w0ln3xV1
DKAWbCHDOnlIiui/Wj0ykiAzbZvH83hRjE6LGBXJFQ8E6PLeJsaGJ4c25oTsEkuK
DgzqMfAVBcl73ct4oh13l2s1qsTB10ZP2u3RYRbomkC0LNp0aGU98hD/X2eHESJ2
5OZfDuGOJ6ETSM+GQsVrSkk9AKprcX0bKh4vJvzfYA+5QG7d2q1Lot5miNnrTsYh
RGXZtklz/y3MAR+iYc2NyS1kSKL3lKo7SzYgYs1oqeExQRLHa0kwFmdR6J7w38w6
t/si3itL4Um2JbAJaP6IRwocwSAr3UiIHXd36HoF+w0cYdgkVR4xT7YGfyLpVGSh
hHQ6Of5OfHmphcUKeOJbOyHWUz2hcxF+mngQ/impR6eNRG7gQtXqQiuubyxeka/y
WA43PQXSCcU617jxKGoYFNl+2cd2TubFIaizc8gQls9K3HBY7aT8khN/tJwBzBJl
lpr+M0D77UNou+6yaGQ8wYW4UkA7jbfI+N4FozqO5l+iMrCGfMD1Um11+gxx10IR
PPJldD62tXA5G3OpT0jM0ITZgUOu44ABG19KyZSt5wsyibk+KpqcR9r0VTJC3Lgy
m/YnWJsLqPkF0GxHnbumYNWWwkH863dhT9+UZB+t6LSTtz1Nmmi2ZFMHDM0IPytx
U3j/nSyGH4EDp6Nt8n9XKF8Xr5LfWFt04IpkNcbBixKO+DUy+OBst5ovFrRVveTq
Mkp/ddXdZSXSeUP0gOCHwuMe0Oxx1NPR+/cyGAAEB7tW11W1+Fr8jXs7Fhou/LTq
VbBaLLeP1QgnBwOFXCFEyD1mLkiPcUZDwzXO6GanMaBtVLKxP1Gszj5c2zt7xPIf
1XnhfKEFbXiuJYrSjQ6n6waAeQZ08Zmjbdfa80PeQyWnbBjyjcnih21ILa1l9Rg+
7Ij1YOHOC6Ub9VvtIaLgm36Obwq4sKaYYIkXvQD2whkuWI9bXbmY0HbfdAs4JGrM
KPEcbZGLa7I7LdjRJEnYuravbS4Vrfif/7w70MA88rIBLAwpQoX91tAEkzZ4rfIv
gclk+vQO0v/+2eqJxeAM/c5InAmLdBWzT3KNJz3Sweq5xJEFnjSkUkQYGpH0O8T5
mS1TT9i4kPF/pjLCY8bmsr92b+6mhrH9I2Vl+AIgz9Y+krL4Ac4BxF9wZ+Hqm7FT

View file

@ -0,0 +1,51 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.aux.system.services.binary-cache;
in
{
options = {
aux.system.services.binary-cache = {
enable = lib.mkEnableOption "Enable a binary cache hosting service.";
home = lib.mkOption {
default = "/var/lib/nix-binary-cache";
type = lib.types.str;
description = "Where to store the binary cache and its config files.";
};
secretKeyFile = lib.mkOption {
default = "/var/lib/nix-binary-cache/privkey.pem";
type = lib.types.str;
description = "Where to find the binary cache's private key.";
};
url = lib.mkOption {
default = "";
type = lib.types.str;
description = "The complete URL where the cache is hosted.";
example = "https://cache.example.com";
};
};
};
config = lib.mkIf cfg.enable {
services = {
nix-serve = {
enable = true;
secretKeyFile = cfg.secretKeyFile;
bindAddress = "127.0.0.1";
};
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = pkgs.util.getDomainFromURL cfg.url;
forceSSL = true;
locations."/" = {
proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
};
}

View file

@ -37,9 +37,15 @@ in
"flakes"
];
# Use Lix instead of Nix
substituters = [ "https://cache.lix.systems" ];
trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ];
# Set up secondary binary caches for Lix and Hevana
substituters = [
"https://cache.lix.systems"
config.secrets.services.binary-cache.url
];
trusted-public-keys = [
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
config.secrets.services.binary-cache.pubcert
];
# Only allow these users to use Nix
allowed-users = with config.users.users; [