dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Use harmonia instead of attic for binary cache
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 47s
Details

Browse Source
This commit is contained in:
Jack O'Sullivan
2024-07-20 16:46:10 +01:00
parent 1ea172e690
commit 46166cf419
7 changed files with 102 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
nixos/boxes/colony/vms/shill/containers/object.nix
View File

@@ -31,6 +31,13 @@ in
{
config = mkMerge [
{
fileSystems = {
"/var/lib/harmonia" = {
device = "/mnt/atticd/harmonia";
options = [ "bind" ];
};
};
my = {
deploy.enable = false;
server.enable = true;
@@ -48,6 +55,7 @@ in
group = config.my.user.config.group;
};
"object/atticd.env" = {};
"nix-cache.key" = {};
"object/hedgedoc.env" = {};
"object/wastebin.env" = {};
};
@@ -68,14 +76,26 @@ in
};
};
users = with lib.my.c.ids; let inherit (config.services.atticd) user group; in {
users."${user}" = {
isSystemUser = true;
uid = uids.atticd;
group = group;
};
groups."${user}".gid = gids.atticd;
};
users = with lib.my.c.ids; mkMerge [
(let inherit (config.services.atticd) user group; in {
users."${user}" = {
isSystemUser = true;
uid = uids.atticd;
group = group;
};
groups."${user}".gid = gids.atticd;
})
{
users = {
harmonia = {
shell = pkgs.bashInteractive;
openssh.authorizedKeys.keyFiles = [
lib.my.c.sshKeyFiles.harmonia
];
};
};
}
];
systemd = {
network.networks."80-container-host0" = networkdAssignment "host0" assignments.internal;
@@ -93,7 +113,9 @@ in
MINIO_BROWSER_REDIRECT_URL = "https://minio.nul.ie";
};
};
sharry = awaitPostgres;
atticd = mkMerge [
awaitPostgres
{
@@ -104,6 +126,15 @@ in
};
}
];
harmonia = {
environment.NIX_REMOTE = "/var/lib/harmonia";
preStart = ''
${config.nix.package}/bin/nix store ping
'';
serviceConfig = {
StateDirectory = "harmonia";
};
};
};
};
@@ -203,6 +234,14 @@ in
};
};
harmonia = {
enable = true;
signKeyPath = config.age.secrets."nix-cache.key".path;
settings = {
priority = 30;
};
};
hedgedoc = {
enable = true;
environmentFile = config.age.secrets."object/hedgedoc.env".path;