summary refs log tree commit diff
diff options
context:
space:
mode:
authorRory& <root@rory.gay>2025-12-04 14:22:40 +0100
committerRory& <root@rory.gay>2025-12-04 14:22:40 +0100
commite0ce5dc8f77ae03335289cf391bd7108e6df9242 (patch)
treed3b162378335d89387a5979f7e6dc88451c2714f
parentAdd Rory-desktop as substituter (diff)
downloadRory-Open-Architecture-e0ce5dc8f77ae03335289cf391bd7108e6df9242.tar.xz
desktop bincache, but real
Diffstat
-rwxr-xr-xflake.nix4


-rw-r--r--host/Rory-desktop/configuration.nix1


-rw-r--r--host/Rory-desktop/services/nginx.nix1


-rwxr-xr-xhost/Rory-desktop/services/nginx/nix-bincache.nix12


-rw-r--r--host/Rory-desktop/services/nix-bincache.nix11


5 files changed, 27 insertions, 2 deletions
diff --git a/flake.nix b/flake.nix

index 22484db..dec5b12 100755
--- a/flake.nix
+++ b/flake.nix
@@ -4,14 +4,14 @@
   nixConfig = {
     extra-substituters = [
       # private
-      "http://nix-bincache.Rory-desktop.local"
+      "http://nix-bincache.rory-desktop.local"
       # public
       "https://attic.computer.surgery/grapevine"
       "https://hyprland.cachix.org"
       "https://nix-bincache.rory.gay"
     ];
     extra-trusted-public-keys = [
-      "nix-bincache.Rory-desktop.local:+UAnOn1lmC/8a/DnbaOmI05Dd9YRQ3s6WuPrwpFudqM="
+      "nix-bincache.rory-desktop.local:LDcVGNQoaprWeggWcRE1N0jjEqdjOR1D0kOI3fZne24="
       "grapevine:nYiZ0Qz9nT7Y7kNC/2NdoS3+J9gwTyWxOvlwZnFgceA="
       "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
       "nix-bincache.rory.gay:663PIW8xxgIImxLcsokODWI2PHFWXvzJEfjX6TaIjxQ="
diff --git a/host/Rory-desktop/configuration.nix b/host/Rory-desktop/configuration.nix

index 5e42695..bf37eab 100644
--- a/host/Rory-desktop/configuration.nix
+++ b/host/Rory-desktop/configuration.nix
@@ -22,6 +22,7 @@ args@{
 
     ./services/nginx.nix
     ./services/postgres.nix
+    ./services/nix-bincache.nix
 
     # hardware-specific imports
     ./optional/hardware-specific/amd.nix
diff --git a/host/Rory-desktop/services/nginx.nix b/host/Rory-desktop/services/nginx.nix

index 8cec099..3a9c53d 100644
--- a/host/Rory-desktop/services/nginx.nix
+++ b/host/Rory-desktop/services/nginx.nix
@@ -29,6 +29,7 @@
       '';
       additionalModules = with pkgs.nginxModules; [ moreheaders ];
       virtualHosts = {
+        "nix-bincache.rory-desktop.local" = import ./nginx/nix-bincache.nix { inherit config; };
         "discord.localhost" = import ./nginx/discord.localhost.nix { inherit pkgs; };
         "hse.localhost" = import ./nginx/hse.localhost.nix { inherit pkgs; };
         "matrix.opensuse.localhost" = import ./nginx/matrix.opensuse.localhost.nix { inherit pkgs; };
diff --git a/host/Rory-desktop/services/nginx/nix-bincache.nix b/host/Rory-desktop/services/nginx/nix-bincache.nix
new file mode 100755

index 0000000..29ffc4d
--- /dev/null
+++ b/host/Rory-desktop/services/nginx/nix-bincache.nix
@@ -0,0 +1,12 @@
+{ config }:
+{
+  locations."/" = {
+    proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
+    extraConfig = ''
+      allow 10.0.0.0/8;
+      allow 192.168.0.0/16;
+      allow 127.0.0.0/8;
+      deny all;
+    '';
+  };
+}
diff --git a/host/Rory-desktop/services/nix-bincache.nix b/host/Rory-desktop/services/nix-bincache.nix
new file mode 100644

index 0000000..811ca63
--- /dev/null
+++ b/host/Rory-desktop/services/nix-bincache.nix
@@ -0,0 +1,11 @@
+{ pkgs, ... }:
+
+{
+  services.nix-serve = {
+    enable = true;
+    package = pkgs.nix-serve-ng;
+    port = 3642;
+    bindAddress = "127.0.0.1";
+    secretKeyFile = "/data/secrets/nix-bincache-priv-key.pem";
+  };
+}

 

generated by cgit-magenta 1.5.1 (git 2.53.0) at 2026-05-07 18:47:43 +0000