1
0
Fork 0

Hevana: add authentication to binary cache

This commit is contained in:
Aires 2024-12-02 16:26:29 +00:00
parent 3057997004
commit 837f9ade96
5 changed files with 150 additions and 119 deletions

View file

@ -268,11 +268,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1733066523, "lastModified": 1733139194,
"narHash": "sha256-aQorWITXZu7b095UwnpUvcGt9dNJie/GO9r4hZfe2sU=", "narHash": "sha256-PVQW9ovo0CJbhuhCsrhFJGGdD1euwUornspKpBIgdok=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "fe01780d356d70fd119a19277bff71d3e78dad00", "rev": "c6c90887f84c02ce9ebf33b95ca79ef45007bf88",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -316,11 +316,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1732837521, "lastModified": 1733015953,
"narHash": "sha256-jNRNr49UiuIwaarqijgdTR2qLPifxsVhlJrKzQ8XUIE=", "narHash": "sha256-t4BBVpwG9B4hLgc6GUBuj3cjU7lP/PJfpTHuSqE+crk=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "970e93b9f82e2a0f3675757eb0bfc73297cc6370", "rev": "ac35b104800bff9028425fec3b6e8a41de2bbfff",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -120,12 +120,14 @@ in
onCalendar = "daily"; onCalendar = "daily";
user = config.users.users.aires.name; user = config.users.users.aires.name;
}; };
# FIXME: Find a way to require user authentication before enabling the cache again
binary-cache = { binary-cache = {
enable = false; enable = true;
home = "${services-root}/nixos-binary-cache";
secretKeyFile = "${services-root}/nixos-binary-cache/certs/cache-priv-key.pem"; secretKeyFile = "${services-root}/nixos-binary-cache/certs/cache-priv-key.pem";
url = config.secrets.services.binary-cache.url; url = config.secrets.services.binary-cache.url;
auth = {
user = config.secrets.services.binary-cache.auth.username;
password = config.secrets.services.binary-cache.auth.password;
};
}; };
boinc = { boinc = {
enable = false; enable = false;

View file

@ -1,105 +1,108 @@
U2FsdGVkX1/cSpFu+Shxo2hjjU+rjYuOce2GRe2r+T8IFOg2Hf66ahIHqDK4SvCC U2FsdGVkX19USw6XheqcSEjdoumO7SJGW+Qm4tMjtredkCsIRTRp7OBxFKyOcieE
n+XzBQX4KFo2s+hpYu+8ik6EisJxEqNRiheQyQRgNitfQQ4hmHJxNrXP3APxSz8t s9feEZ3DwJlMxXKOsgtd0bvcPPDFFUyOzSgFAEFP+IDFE54C0P521WxW7fDTZj25
jsMMYjINs9wgsAe/YukNTeV0GDjjEn76D3ykFbQr0LJIDm2Nh+WYDJjHAdTZanMq BKTz2ZO9W6t5HpiyF9R9FbK2fTNs2gI7arCw2LHnJzb2BnzUsDkSDH4oplKchtmA
9DqWXh/wFM2PskIfSfrgizumLHgDlxSyRpTHoIXghHd9E1O49mQeXZdE+gdnfhnw ETBBI1PzVAJklVesXvWOysUjDRIFuF3KbeoC3Lu9YTtKDrRFgwAOy+zX8IGs8RTu
pinEf3GkvCmXJd6MbFUTL/hzWKjk69OghN4siPUg2fqm8uTfapGu9lxh3e0iljEY 0D19+y3Wl5qfKYNum20W0r6QHM41tM3MrzQzd6qoliNMdEZ3YkTDzYymdOjsLK1t
lCtkYKoe5Oj857RZDqHB5CB53PI16B9Mdw0GSlqVuU1oR0Z1nPCCteJsz9FOylxQ N7JLd/JmSIU6/pXIV4ZOQWCk1Rpl+Wv/3zqieFhB2d2MEQ/R8JbuTN+Is5bar44u
JVp8uhfXUWu/NeVpArv5TB0zIpeNzuIscGFcmFzgFAFOkmIvovo386kOyf5wMHEn I87Kp3Xtmtt88bZoDKhduL5Q9O2koHoP1v2UsY0KXweg08WMwVeaoI27IJpTd7/D
9FaFtEV0u82DN6VFcptgoJ1SQECl2cHC9mYnRVcr9Ab7jZVssm7Kqg3XGfJBME5Q /FbHYJy26dqZKEQpvFnl/rG9MEbLLh9na0SamX4OCNsBMNAgUQ9AvDzJQ+5UaVmA
pe3dD2I2/+4jFGSHuU0+FWhPyeCpZ5aLmFTVkh/LfH7EiV8540hl22K7K4zy7m0a ctlk5hXRNBitkQr5g5/hUir9bmjTlYlxb4DyvIOYUjaOkYc+5mAaphfrN25S/MiC
X9LyC5GIiWU/rkHDDouANRRhvaMUGIPg4fWOEcx2qwt4EwU7rZreom4Hjp0VIRgR OWLUo5x4+FpEbfNuzOf5dye+ucZyclJXTzNDR59ALnGCRARnx5Gh3ArRVgpE911k
PboE04k35kR/m/fFo8sp271mbUm2Mrl2r4JW1vT9gLmCpma4tZC9RsUNPTr13uzb b+DzWrGCzcrwQUclEoJYEJt0GQqdSiTj1141NU+zGPZb5a435KeTJsMrfz07+O8S
481jvphquAL6jYgPhH48sSLJ6WnHxMDBcwckey1LtoDxcIS1LTRx24BWfe6b2kT7 2acu2QluIe12KPIKijUKcYQ1ZihVxrwuCQvFQ7sfzbB1aCZ7h2uHJGyDIpT/OBPw
gFH0x14JTMQB1DAn0FjcBVx8rXlqlb3Jpxh3Wdhg8ic4F3v6sonuCmaW9eCNGrkm GTqiUXblRs4zAsNumXHIloj62L1l0CqBvO8XLCays8HhWPpNAxOZLcgUgoHSFxzt
tqciHoFz8f4uzssRWDydz3zvLF5dfiAR8MWshDucS4H4Urbuw3br5utxH/21guG2 hpHRSvHhNRyXAP5WEYHP8fL3G801XwEcZK8PkDUAv9RD3p/Kigw/kxfcd1OjQXJO
vWoPVzbpqc4qwxOjCe9XniYkWrNScFUiESePsCZrGBIzHmQjcNXFsooRDzge64tn 7XcWh8lyv9InpQ8SpixmaF2UZ20cyoc7otYApmSQnbAhFTHe3665UGFFQB/HUgF8
hKa1FRfD3FfDXAL6/GPHuyWs/jidpVWElAVlY0bLpvXwEFF6oUtP26qQhnnfV1pl F8Vv7uEyjmI+BcaTNdzOjz7p6SVtzlbfjg7/rYmLF/naleYxMnbNRHgFD/Z7U2+c
l3vvBZDy7WP0nV2Qwc+gOAzIX9A1rEn85HPIR8yeWRETsE9kyVETwdcv9pVVXB98 uK5BZC9q3W1d5XtJe1z6XXklnx0BU/qk+50T+A84xIjhKDist8rbzP8OVQuTdb+K
k7E9Kso+sPigJXWGXO2pkJJ63VhnOihBFrW6JSkqSQ55po6hCldtJOKFrFcpIqR6 UI0I1nE9Eyvthx13oscFxQlRGKArbsRyWscFThzXwEvO7qNGRpuOZhlHFYcw63uF
eR1y+nuAsYssh0vgzaOAasAu5zS3T3BYKDfQ4v2aqdd9T7JHGHEcVH0nUDd3UEtf GwxqPxNpOScReTEIemtZyaamfxzJhxoJjm85bRDEKAadS+fGFnGLs+Jd3bFeK6q/
TleUHzH2YqDRuX8iPc0bMxbbm0he6AyGvReUiFEOfXIbxVenjv84nWtWuW55/iM8 D7f7dMRYTM9qNM55DPDk0DQoXvW2qCOWVQelObc3FrQ1XrRGZO12XQhIgoAP+fNo
9DOC5mASYJkMiw2E82CSN2/lcm2ZeJiUoKi5AvMWK9qJ1Gkn1AXgiqJG9LAlUlxQ fmXc/gfSeVU2HPtV32sxv2bGzaFqNEjAC0mTgJz3Pm1FkOrXVbNcGKahlBCRs1r0
e0HOmkCDatGDEtuRvhBf6YEmPJW+7Yxccat3XFdqItp5UukfipRJJ0oZJwPLEmWX hQQAELHz3sZ551/XCfZ0sHXDLYO1CqE1cjbFklGuLYXMiQvkC2gFHQFdergOie4m
zdMT08cMn+/76ExqIcre8Pc4G9i8eWfG2JF5bOTZe7obQgar3gE9Yb6ZfPUkiKJk r5jyzFupo+SxKop7N/zTtues/1em/F6KTN5GXkSS+Gmo2oCcHWcb/qxeu4FQqPOk
Iy46yv9qJq6zjBbFjOIqH00llwn3l2ArqcmKJvg/jyLuK1/6kWXUpOQytkihE9Py f9L3NvzOuMptSSfTNMsQl50+o8UdU5GOE9DmourEJUjW7+TZkhW6CkufizVNi7B2
/2X2KM2n7lBHE7nuwGh4sy3sXT7byiu8OD003UpGytHsUaJDiZZIOyb3yOSHo34i OFdCsZ4jWd/37ncoPzRu+F6Ub8ymnu+dPiyjmk9PyW8m/+98KY4auimgwBGvqLCe
8JaZBpFZfnZnBct+qdoLGwbZhrNY+NVSSyTaLKucfC8lpc1FLoyY6XBHJr6n+c43 OD59TC6XE+cKgtNEhiwbdrmzH1qEhmvHY/jh2EiijCjw5lSb7eKFT5nOt9CdyGhN
rqFF6SqW4mXw7HWU22zF4RgIa6129ZyF5AzM8XJnvC8scg1jXc/Ywo18gT7eVnZf KItEWDMub/1OxuwArVPZg+pner0SCdtpKU7g86s591i0vJwMHqkAMYr/zqVHLogq
X3sYhFt+BIIKDjsAUtePnhD469kT84sx+nlxwwyXhYoJXPyMy8r9bVqrmIAVUXDT 3y8/Ov+4Xgn/UGf9p6XplunT8W0nZkWdND9HerRra00JOrMt9vw5v9/aTxKI1ps0
wE21vUrUnogoqhgjKSZAHbtZNOAxKIlrdm+JKq/sUiYacN6XuZDn9b9YpIDxCIPQ USAmCo887lPQ9Yh9D+2e8Mc0c5Fsvu6RJ1aX+ZCSkvZ1QTdHJcukaH0Y2a4Qbzna
IFi+eHwyGYkkgzeuKb50rhA5OPMiOHk2xhvS9ptyYWv33e+KQEMFFv3XiURz3TWg Mztw9AjbohUjSb9ZseK5bBXazoSBqUuc9/pnbkPzsW9uDBgfu7YWWpLtU5XISWXH
75N55Lw2vrsv4RkesTGnkqD6B/D73Y18GiycCpQUjxqYrVIDZiGvdLUV+tJGOij2 aovsyoJmRDqfIC4n7GuQsQ+5XwGOLPtH/NPjrebKQTBl/ppqdYPq/q0JxsCeEw6P
6Nrj3II1HDWR/pN5/FtOPRUyluITmWWQODGiucqZvMzWGRoUC+wEXdGmLLVQAeS0 RJHV6ymaeoZTsjjIw85YD1h4idDeMbCfOXkZuCTwbUX5TI7/BQ+4dLiPSGpwatsg
j2tQFpXJMVdaRBH0BcVbifx18tD0BW1pTPGvXVgP+IgKf6Q9x76SAkI8T3o8TorY ou+kg62eJ/lIhW/lwPfykvQ0g+lm2AxzHdyZHFCLQaMd2VxhU0jZw7WoPgoWnKwL
U+jqxGfUPpS888fwDLnQLBC9r8O+RKMBDGYsf/2l2crN9QXPF4tCy4LKs/BjksFE TlW7XUjCg1TFxoB5qD1zG5VkJZaeFfHwP6D3tr/aDf8sBUxvjD3BWWQiG9i6gkFK
BunBa68vc5eAiNhlLZWKfMa76ybeQWjJC1+DyRjCyGgR8R+oACiGbfI9HdV+EikL lMfDAewphCXYcTw0wqRl6QdWn1tMXyHweDppvvBGxFNIVtX6O+eHnVqfrKRo1w6K
99u5vvlHYWyH9EltqkfeKfVq5/XzkQltUG3kS2N9S1QWYBJN+Q8DeH9UjcMO1JB+ vL18KTZ4kSzIwQpdcIMFUKpeYVh2UUbh0d276pHbuQM3xqsubMBeiLXiKF2yN8HJ
krcpF3/9gPN6G+Id9H5FlkmmQ7qqLzlRxphnw0l6gB3NPFUil6bUbhDA4lEkkxKl cGEr7uq0BZaemQD/5xfJ+tI2ArEQ8ti7rLxBNkZg9GoMq/l55CCTgj9jwDo5V0p7
1lLjfyf+s6y7TQ+rZRptv2x4IuYVchWX0X8fXxrHoBGJt3yBNalBnG3SIfuvQNaC C49ezV6pgfDclIdlFsJocSuqrLJTFiofkzJRyG0/nVbZzO5lOXWN0sYAjN06unsm
oEy+3U80Ow4ecpTBVOZstjHimlE7qN4kX0+YL3hmDeDI30wIgDOnSISZADMXNGer hpxtcmhuUhk0QNcr0fNQYdwfhj+GzJZ0LtvOWt2u7D8xoDiWnQzWWWd2zqN+gLNI
Nngt54H2cy8/0ipN05+H1M+5viD/X6BeXDCN+bQ2NtanhExlpUSfCCMqG6BBJD5F ryFnNBeoiNxMpz8xJDZybZp/sG7wgugAsaYwBCbx0Dk20sKeU08vbDE9I5V6wRa6
p38kux8XXuNwgPccTLedqf9sutjDGtRjyrKOoa6H25pnPKwKCNPcPzfD3+nmfMaf bhmeT7+yb7YmATGwohbTRWygfc9+b7LIIsU7oBTOxkBRdNyzwkhTA7vGQuBYYxBY
Zu4P2CM5MYZQmH/k+ToC0DYR9kgiQeWqmW+Mdz8f2R8XMyFuvOFHPwkF3CFsoACQ uHDxY+ao36cWiWSidEwLEAoNWl3zUx+EaT8uuuMT3c/524dMsHJAhUXEvk3ayUGQ
Dwj+93rjOQiQVJ+ZgoDIOIxrdKzp5XC2ZqaYQnwHvrPihZFkM2PtjZLGGQBarD/r KDnEVat7rTQ5wSSfO0YhoHmQ8NdIrM3YBlwepT1Rav1zg4jnVS6YHZY2py05aRKm
gV/WgjpAWRPIWgr284/uCbAyYw2uWPKFOzktSaY+/gPoPB3o2Ram9b3T/icoearO B8Z0MBu/+LwC6Vrv2n1YroWVCmtJjtKbwUYYv60Qi5SVtsCKMn4DYMEJUCC/EnNn
hv3GmDPntSe9DcSoKjh9b8ZTrmNhr/fKjK4nd7UD64jwA6ySy3nLl/CNBPZQULiO NeJ6CZ4VeDbzE+oWF4hw0s6MvLmcki+9MNB/CjqZEtUWtDS3I3axn84J4vwRZ2mk
lFQOWKGIcvySLH1vZ9afgoGOh5fAApgMsbVnaF1bEtBxJ6xXV7mkfr1YK8GASUUI iHGVDSTZsrIIf61+i6fJjT9E7xhGHCKrAf6qoHYgew6ABuI6rGjpHnSZdXbDY4Vv
ILJta7zyJNQc5XSpwScEcnfjJR5cqOXWUO4IyJfsVMhE5CZW3nbZkOnczNREf2Pj sUrNdLPuTvWpM7p1Xub48LNRPo5cAa3H4zF5C/brI7i00MGMwoZGbTIpj4FerWNy
CSqqEtoJeajuHyPy8V5EKf3GgOG3cJvPFG1Xm/CwtXT4QhH33U+8nOiqgv8V5BeX R21vtOaeYrSeKKLZxzvhsaiSfb5xHIRzNurP/tTZcwyjNLX5GBoo+d5zqCwKObRE
H2hNg/9xeYvu/WZg65R/z5sf7LtSC5HHKqUw9SQN12/SiwzmWBafcrgiRwnH13uq dhL3K69f+GWS7EXh30HbMiGd6snUhALUjPQAuLFwX3gsnTuGzOijsiRB4HUf65ZW
o/N1BHcP7ie0ySOdWL1+C0p/vBwKu179kKHtCoc78XxXujioE+blGhN3n+gOSTYH zX/QFywqBYl1WS6gyeV2Ab9sKFvbXNC4R7zrLpKp8MsZj8tjK4zeSvTUaKjvcc3G
a3TeCLiTUcB9arwc0rK6MaABvIyws0+aDwNxYQozsu0U3yayx5Dz3dp9G0UvpRVc 6vYzzhFs8QAIyw7o5MUKh4IdskH5231dgIhjRX0K+G0QOB6QLLdBwMx5Bn3ymW+M
04WQx3tfePBtM/wz3UHU++Paj565Gj8WRW7ISAmUzTZqZQ85Vg9j+3YotsHdennj SLf8hQpf0knNQL3oFE3eNCLazsEK104dZzq+J50bCGGCIX5qSYJ+l5L442OjBW7v
Nbbf/FIqnzvAUuSKUNgqJfwelPtBB4BExBUt2KQY0Lg1BeVHgeoX1QGUy3Gou3Cn vpQkEv6z/LToyFNoWfpS/WLy6nEw9Vud7Qk45AtaN5Gs1dO6L738M9as6sMDwAE3
guGlkapNZw/WMwaso06yzbsep+VjF603gQv0Freh59CRWss0gqMlCcZPMcxW6mU2 RzU5UOLNjp+OkGJ3BvCOv8S73gojEWr+K9If/aEjDRodXNi8plqcXEPizaX35u82
PbqV4r8TwBxBLTLu7pTY9YUyfL44mDdyvpv/3KHEGYL5KL76u7bNIeBDM8P1P4tZ tIAbeM9sVPB3PTW9bUct4TWkbtdaaZc/+PFI0acz3+h9tn4pcnOVLq8iqeUP5SJd
+HnlSIZZYXDhWR9giJiJrqNnAIouargdvU6PLVIi4hGoVq+RdRtQ8kWbTQFTarej NfsMzVGU7PcU1ujJKax225kwdHKJgxFzMC7eL3pWFDYqLHIeXV3BWCjvLD/zsQDK
4JcoKzlPVsahW+O8AEU1ZKhhV8RSNm7wBvIAdHRTxxJexTzG5+3U+IBAKOPRtMsq Iq0jpE4b0ORmQlBQB83EJ5YK0p4hq/ULD97iYRPk9vv1FgJMRCFAFgK0YnQSX1LI
TNQf9PQYIHKc2jrcYevgRRlMXSoxxvoWEObh1Vumi/Ack9E+VqXbNeGPQ5ZZGX6N 1XiWgYUZhJiThNCnUKb+s2cbgFE9S0rxlRIcJvwv0L4MBl7YYCWDTycDH1VRWoaH
9MpTMEZhKy9cPTdUa7Yk6MdzC55jydCqRYvtJTTUwZmIdI17TchnT8hBKHQCZS7G zt8SzJ3N/QSjbRKuqFhkiA5vMkqsjRnmRx+nDLi/VTnqc5RdERXUuCsyUVkTj/fc
7UsfJwJsK3rKPVo9ASdtiubZc3NfQ8pcyu3UTJnRgx6UnH9ByUwSaTXU1d8l87mU 4CihdB9avZyWYvjgMUYhsOrTfovEw8inR39vTGiC9tGaBJewCWz/Kifi1tYrRiHI
dKEEAX5FZmRn2hE/8ziPuSS1zByL0/gfMyupT2Nlk3XKO68DKc+VEtJmZexli47l XZDvJgNPoTSDtiVuD+vNNVT/+0VFzxRZI4Ww1o3ooFigwrDPYbU8pexKgGe/xVfo
2BdrktreYib/N6MO2Dd4J+OdyusFZ0vxPGe2fGGJnGptMEhe7Kcf+P6PtN+htEMd cT1Rh6EixsJVyyXcNgSISmRuWytPRrlBSVS/Yg/jjjQpwxT0Pwdg5i0syRVHnq4z
nM6/v37tHTLY2mU0hAlLhTq0TGJc+Vuirqpbrd0NJSF8N+s7/g0hvaFlG2APa8DD moxU2B02HGSZdKivMHzW0StFT1JhmXkZcL7Zm0NCSaznNoGB5z2z5j9d5EbYmtNv
8Ti0ij58dyuGErbkexHzILztoNh1vX1Uw2NMLF0gaU33FOb8Vef9yPylIDFFa0I9 HljqwlTwFXlYU1Vpc5isQJQ29l3t9vGXNs2Rp4rvbhUG7BpzCXuLnPSe++qy4re/
6vW/Zd+G9s0Rgvl0RhjM/YPLr/KT7UuvgWUVgKaVsaiMItU4FLvGTIeX1dggEtoa 7ioPQAbAGZA+C6eLZlFVCD2rs9kldi5Af/KL9f8yBM6541IkP9e4LIC/Y4h/ePjH
2Ci91rdD0NEhFpaT5jYk1uEZe/K7OxpSoawqT9IhQ/IbaYqljYqSSbVFjSf5OV2N 0XO9A2Md41lP/QcJ1cI4WyMH9svUCSkgG8NY5Ayp5SNo426n4YmmF2fLpgiYmMdR
cLC1ac7rQHnwY2BsOaYo7NR5XvMEFpThotdq10X+S63AVZg8GNZkBaasfjXlL4j8 2hT/FhkC4HcOlSmx7yM/drEO4QJt9MtwPXp8Q27+xGwBEzFbUuWHpXPHHm7ECXm+
mFpiK/IkTdjqY3nVuPHCXqxoZOHNr92MKwjCo5ER4cp8m8Wq5SS7yYCaWwbcN+3S hQSB8EmGtPPebIrNUsFiJSYcvDLmIlpq0p8ug2YL4DhAij43jTIzfzj2/GLYLHzA
b7SK4Iz1yaDyX9Bv+Alub32Ep4eu+Ldmp4zDuUOM3dAuactqRIRA1WFwAeoGRdht /uQYN0IVbcnHFJ1w9HdfRTphuw40PLBUHRtP3Y2aOCMtCDMiz3r4vlfDPCsqQwtt
6vhz9GZBYS7bmOwxaI4wnkzUevyVKIDsFzYetgPgi2ZPo0gNrapbfvRDhIP5m22Z S6mN/eTCH5fDf+75NK1NrvwfcfASpR+a5n34xeaUAJ15MPTpdOLADfj19J8wEsPp
IynjN0IYu6V8y7dYOX301v5NlTJ1XCIpRHdoDzQuE97pcVZUwr/h0WRrhSZ/bo/t sQqjuxw9UjDiZ0WQFdD6feoYWxhGgoDaD+AhsEt7vuMjlZTxupcPsJNzh92YKpUT
Kn0l+g6Qv7t37ffvHgEyGNc+koA+ouNzO7B3dyehenZKeA88M+PbAw1px84no/qm ihTu7KQI7dBsLEYH9Zu6gMvATuBej6txrv6b96kTWO9ukqwgxtfSjirkNl9uX36z
p3EYho72sWA1SXpU6EPVVmXzI6QIiKmkzifHarf2X82fGnjzWLdOpQUFjAM8izp/ kW3Q2XKC7uX/MECy3syUw0ltUYZgKSF49g+aX3OUPkoWAPhDpRTHJaC17VQATH1Z
cbpe+Ar51iYXlhAVR5GxKHHPX7StIwqJSwkOjxLzlRjTMzSVtRh9ORC+zBZHzrCl 0TFsIL0zuKHAOn3zAITFtOXfJ8l2ACkj8ZSuChHJCUCh0lZ5LcdWLhXhZJI4+/+v
2L1IjN6Zws+eJpHwqwNuD4v25XJ0jAEjKlTnZ7isc/lAsD0/tOeR2AhH+VxBq5X2 JxtXk5X47dvldupOOoWiC7dZEGNjkJ1s8GBXXS+MKGPIyNw4Pt2Ww0CzDUccu3u6
t0ztO/F+RLKN9p3voR80Zj2ijiv1kVczRFBn9rdWAdxUUUpPYFWTH/tKsHlwW5Ut wkXsue3OWvxCamsJiJQF1YXui8AT6nMfJRgZbCsTXTCwsy20l/76nnWFKjx8trxL
eIXNZtnQfMwxZNS6Z39xDj0uw4xfN+j9TMkHQOygNB5xyAh7/nfTolSKogHqvvtI C0rNorRZoBDvudjdu3rB9TarXASMyafdztvIXWeD/8b+4jsO7xiyULuiCnx0kKhd
9QmVx3YBMwivQXhOgH5QrXhihu4Nunq4MpHMZdt9sz/rEDdBFl/2NnndiJMY/94q peNvwAyliKJjQfn/jZdZ/OWMy5UJuSGYGlEwufAA1ZrMp0VQmxUzP3iuZxw7SXTB
xTCvDwC1iY6HpI03lUUfD8C6ZSyij01iEGZDJNquvMGL0uYRVM1R987KYkeGNyoQ nuESN/kCrzElyk9UPi7RMX61FJuSLPx1OxK3VLU/gKuBs/d3jrud1BUCx5fPHPkG
+jgpYaJ/jTiZQDKA+otcVDTwj5LQnbYYv4uj6L52Fn2amHtN2cKOjKRNtCGSFuJU 8E+Y+sUakkjvcfDM98sjBUROocSBP2XD072hEm826RStAmv7/XXytbTL0AsP/GRx
oC7MZBQ4Dn68q6Tz/h9BhTSKKN10GriXKeMdEVcBrct4k1b03aaA3A3lo7bgGsFP DiNrIyjIxkdhEEo6L7+ogCQ9OlZ24bHIiEc3wmyFffos7WO23FrrSkemfR4CAvQR
qSl5gqW6YDYJ8tiwckAOHEXbf3x5xTTxYtdhB6tcKpRSsnQOApEgNGVH6a+m7T+B ntY4HerBiAhkz7YJZm4NTLEpWIAbCFyKeBhX9YOB/5sn2In6h8A6+vtr3qtZqle4
tL/teR1UUgQvBRDVXV92lUzjzQVFSezQn8DL7W26N5PD3tsLlGWV4qFPOQxUrUpj jkDVOhkU77VtmKWdQq1+RDHPNdbYNL5PB+W7Nn8/rXwSSS4G9i5jUzunwG2WXdzb
W7hg7/VQm6dpMxzlx3UUJASSaBmujJkA8pcd7E8rRlmH65ftKpcEEYBCxXssNPUn Jhro7GsAPlbvo/2/gtsCBzp5ReRYSbs4SiVBC7+Xf4A/26fhuF4unax0t89Y2yVv
0RjOrr62UDh1nk/MB/5iOJV4bPnTHPRNeIvRq39GAH4JO1p25jTI0Sg8vBPfTjHG OQ6/F5nfDLUZXiytjaFUbePCazbggi0xhgDmMVAEj48Yc03pipQb+dIoqsrzCLHJ
UfvforsakHGyVeUZQTPkWx5GV1J6KDyzZXie8hmRSNtf/THauXeQf+jHhiN0uXQD d0f8VmhZ/Tv8DXHRjFM7EUKgApVf5cijyOQUwuUDZekuuMDi59pxiDrHu2r6p8X5
C3UkrKykgBSZDQNwpzWWTmmnz3a+O/xfOuQs+3Kw7AI8u7lGXT71OKWgjOcvTaT7 JFV5GohvIp5vJvAKbVFWGR4jbNyF7CukCNAsw8wiLZBbAF+3aZc4X4k02dEtAX2f
TjMDfHQobr/SAZ8sYa4dO57RFdTcDTX9tfYR9Rft6c9GtYmC1KVGy3+1tI39JFNA ttrIzVVzHyD8i7j5ZvY32Li5isbbzY4IvaI3ElKH6l+vfkOeMpied48fcneVLEWZ
ZSIOn6Yb8edH8oYmuAoLJ1hJ/m8WXWDEv6gidWULO4Yl8kIicxcM+e57SLm9/G7J ze2VuixunnPU3O3GojtO3hJaSZRfUfRRBF6G3dIuyrpyrqHAFQvbtjhoYXiCcmv8
flUgjA3m15VJXrMQpR01FZ7zZW7W8Q2yzvmYc009hdTq0a9591Hmumi88CMrnZpg g3McZ6KZL3w/k6dpsBrB9pG61/8dkpRRyld8ZKjGQSUM+X7WN4AEP4IKVThN7RXy
7ix3aIbAocET8KXMmQBb8DZyV1aSVUJ14SXBoLTLCq2OEb8n9K68wE4gLujWvDBD DdTklccJ+6jA8/5sCEulyo+hYQG+wRRv5Utxm8fBFgAvec9xGVEEBvZTQWcK1fKj
Fi+nruogqRxnZnzjhCYjaGzdV9ac8EJ9zZ8pwr6YitS7+jN6K+S8EbdfvdVtNJ5d 4aopQlNZiTEaXQl/08N+tvI4fMtnq6eqR99v2ydPyb8Ko/e9wAxU5skietmBw/3Q
yALI+/TzClJXV2A3TLfekgjE9wkrBtaTBNAHed3n005mKYpVdBzjjMQ8Yr/wfFXX aSkVJdRo4IM1kWuXwrK+3NteZTed/o7VQFuuib8yZNl2gyaIU0afzk7JxPCcdlhe
419eJsvY9G/v5jxqGHbaYImL+5ECPq2yRsXoCyAgtM+C6lw7PvPT/K+tUAxzc+A4 06rYnLMmeXiScagLiGjA60QmZN7WbDT9AdsxTbHNiMdogegb2mvxMCZIlM7SnK7M
Qmv7/Yvwz4cECee4cjQVt43O7+p7NQN1Xy1cpqCAIxiz7QMf5UKxVJlq5GgV11z4 J4WzTcGAaMeGDvH48iZqyMPYiiCeLR6ODsCBvCzDULOid7ZQrOIs2hXpHeYb8gWt
4QGBeg47uEtolS96mIaiJ2IIzqR+5i+M9F0R2Szu20ExjFh9pKyZqU+d4jX5LBzp 6aoIK8JtxJOGSk2qQO2sfpHTQ94uM/enfXglkAAJDPs1a9p5POXurqhw+aemlolY
MHpL6G16CC8O5wAJxZE0HUWJ38IZR611r7QnVZ5B6E/TTA0CdsNv0nIaNoigcKZf wlh20+U8pyVTqiPJB/CkJSTIZsWLZTCvSusRRIO5FpmEhl0G+nhQhu2jmne+3zd0
t4mtpKguVNdcYDVPCieo9fUVlg0swShP66+K2dPBdrONZxvrR7OpSf9cSEdvnijb IIva89zfh01dlYgTEBmngZBiF2Jp0SerUvU6x9RBofNdl7sA8je6ahrTp910JSKz
2XkLHMoh9mByOrqRFxZhLy3sWV5BqIc+wxoVXb4bF5ve9+E+7d0w0wMO8bsdixE/ lHeZGOoet4wzXnmq9OJG69ROA/L6KnAXiGR8xLk0wVcLokZndHBcF4C3A7RJwSnS
rMcH2TrMbnfF+LXXf+NHWQxzPvto6EUQjc0vmXQ9Z9La4Q8Mc1Q40YyAWIoQ7Kvl sm5ffi1JVLgiqC5ER8J6Ja0+o88w9aSLGN7rXRQa64ZKjVSiL2Em5BLpo3PY59NA
jSzoggxwkp2Rlh59slijz22oTht2meHseA0dQC8+sUbxo1gnEIIUH8sbUaAr+CO9 63j5/GH6EsbowGU4Tzskj6jqGO4t7TzwyBUNzxkBQ+xK4J7yFhLsRfKFEzMKj4cG
ObSVnXz9OQrQ5XtNwXmblaaZD8Qn+AyyuEDzbdlDv1WMrGIxkokLeDDmdFWtmiyU n/fMcXshAy5Fc4Ab1Csp95YyS48KRF+cfSv+CMTEeaPf+TOtYm8UbAdzuC8sikJ9
A3FtpE4XOoQPgMv/UsIpUtdu9N1ImTXXWGFfFYvp+1u8wFp/rYxZpsLx8fpTctWj thSd+aRKYQo4VhMPYkPIbmOLGtWEIsICqML3qF7TdYybIUEFaextrwTcmj0MGBuF
OX8ge0Ivy2sfVgLVRCg2nd4HBrBdBU//lPHwEeZtKVgcUmvRGMEDqTDAc2brtG/u TjVKi7GfcJglrL0/ErvCvkJy9TXL1SR2aFoYb13XQy6XMS3Es7Qzs7MoKEp2k9HY
XKIaixhUto2Gqo83CT4EJg== a056c//TPaXEE8iWcLDrQvBMzYxbwT6gaTSUcgTLyrJdBPv8fytZoy9P8kQ2T1TS
PTE83yXe+47oPItWvOPwh49JYBMovGudfQoieX8R6ZpGT99xseMeIM6W0tBAijeW
0fKocgrxTdvAeers/0SMBo1Sec5I7YlY8TCdokUKgthiCu5XM7skFeZ8sEClbwH8
QIOv0aGXGLLkbC5f3WU+RA==

View file

@ -12,11 +12,6 @@ in
options = { options = {
aux.system.services.binary-cache = { aux.system.services.binary-cache = {
enable = lib.mkEnableOption "Enable a binary cache hosting service."; enable = lib.mkEnableOption "Enable a binary cache hosting service.";
home = lib.mkOption {
default = "/var/lib/nix-binary-cache";
type = lib.types.str;
description = "Where to store the binary cache and its config files.";
};
secretKeyFile = lib.mkOption { secretKeyFile = lib.mkOption {
default = "/var/lib/nix-binary-cache/privkey.pem"; default = "/var/lib/nix-binary-cache/privkey.pem";
type = lib.types.str; type = lib.types.str;
@ -28,6 +23,20 @@ in
description = "The complete URL where the cache is hosted."; description = "The complete URL where the cache is hosted.";
example = "https://cache.example.com"; example = "https://cache.example.com";
}; };
auth = {
password = lib.mkOption {
default = "";
type = lib.types.str;
description = "The password to use for basic authentication for the cache.";
example = "MySuperSecurePassword123";
};
user = lib.mkOption {
default = "cache-user";
type = lib.types.str;
description = "The username to use for basic auth.";
};
};
}; };
}; };
@ -42,10 +51,15 @@ in
nginx.virtualHosts."${cfg.url}" = { nginx.virtualHosts."${cfg.url}" = {
useACMEHost = pkgs.util.getDomainFromURL cfg.url; useACMEHost = pkgs.util.getDomainFromURL cfg.url;
forceSSL = true; forceSSL = true;
basicAuth = {
"${cfg.auth.user}" = cfg.auth.password;
};
locations."/" = { locations."/" = {
proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
}; };
}; };
}; };
systemd.services.nginx.wants = [ config.systemd.services.nix-serve.name ];
}; };
} }

View file

@ -30,6 +30,11 @@ in
{ {
nixpkgs.config.allowUnfree = cfg.allowUnfree; nixpkgs.config.allowUnfree = cfg.allowUnfree;
nix = { nix = {
extraOptions = ''
# Ensure we can still build when secondary caches are unavailable
fallback = true
'';
settings = { settings = {
# Enable Flakes # Enable Flakes
experimental-features = [ experimental-features = [
@ -47,6 +52,13 @@ in
config.secrets.services.binary-cache.pubcert config.secrets.services.binary-cache.pubcert
]; ];
# Authentication for Hevana's binary cache
netrc-file =
with config.secrets.services.binary-cache;
pkgs.writeText "netrc" ''
machine ${url} login ${auth.username} password ${auth.password}
'';
# Only allow these users to use Nix # Only allow these users to use Nix
allowed-users = with config.users.users; [ allowed-users = with config.users.users; [
root.name root.name