dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Use harmonia instead of attic for binary cache
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 2h1m7s
Details

Browse Source
This commit is contained in:
Jack O'Sullivan
2024-07-20 16:46:10 +01:00
parent 1ea172e690
commit 69216c6b4c
11 changed files with 113 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/boxes/colony/vms/shill/containers/middleman/default.nix
View File

@@ -239,6 +239,8 @@ in
];
recommendedTlsSettings = true;
recommendedBrotliSettings = true;
recommendedZstdSettings = true;
clientMaxBodySize = "0";
serverTokens = true;
resolver = {

11
nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
View File

@@ -407,10 +407,13 @@ in
ignore_invalid_headers off;
'';
nixCacheableRegex = ''^\/(\S+\.narinfo|nar\/\S+\.nar\.\S+)$'';
nixCacheableRegex = ''^\/(\S+\.narinfo|nar\/\S+\.nar.*|serve\/.+)$'';
nixCacheHeaders = ''
add_header Cache-Control $nix_cache_control;
add_header Expires $nix_expires;
brotli on;
brotli_types application/x-nix-archive;
'';
in
{
@@ -452,9 +455,11 @@ in
"nix-cache.${pubDomain}" = {
locations = {
"/".proxyPass = "http://${host}:8069";
"/" = {
proxyPass = "http://${host}:5000";
};
"~ ${nixCacheableRegex}" = {
proxyPass = "http://${host}:8069";
proxyPass = "http://${host}:5000";
extraConfig = nixCacheHeaders;
};
};

58
nixos/boxes/colony/vms/shill/containers/object.nix
View File

@@ -31,6 +31,13 @@ in
{
config = mkMerge [
{
fileSystems = {
"/var/lib/harmonia" = {
device = "/mnt/atticd/harmonia";
options = [ "bind" ];
};
};
my = {
deploy.enable = false;
server.enable = true;
@@ -48,6 +55,7 @@ in
group = config.my.user.config.group;
};
"object/atticd.env" = {};
"nix-cache.key" = {};
"object/hedgedoc.env" = {};
"object/wastebin.env" = {};
};
@@ -58,6 +66,7 @@ in
9000 9001
config.services.sharry.config.bind.port
8069
5000
config.services.hedgedoc.settings.port
8088
];
@@ -68,14 +77,26 @@ in
};
};
users = with lib.my.c.ids; let inherit (config.services.atticd) user group; in {
users."${user}" = {
isSystemUser = true;
uid = uids.atticd;
group = group;
};
groups."${user}".gid = gids.atticd;
};
users = with lib.my.c.ids; mkMerge [
(let inherit (config.services.atticd) user group; in {
users."${user}" = {
isSystemUser = true;
uid = uids.atticd;
group = group;
};
groups."${user}".gid = gids.atticd;
})
{
users = {
harmonia = {
shell = pkgs.bashInteractive;
openssh.authorizedKeys.keyFiles = [
lib.my.c.sshKeyFiles.harmonia
];
};
};
}
];
systemd = {
network.networks."80-container-host0" = networkdAssignment "host0" assignments.internal;
@@ -93,7 +114,9 @@ in
MINIO_BROWSER_REDIRECT_URL = "https://minio.nul.ie";
};
};
sharry = awaitPostgres;
atticd = mkMerge [
awaitPostgres
{
@@ -104,6 +127,15 @@ in
};
}
];
harmonia = {
environment.NIX_REMOTE = "/var/lib/harmonia";
preStart = ''
${config.nix.package}/bin/nix store ping
'';
serviceConfig = {
StateDirectory = "harmonia";
};
};
};
};
@@ -183,7 +215,7 @@ in
};
atticd = {
enable = true;
enable = false;
credentialsFile = config.age.secrets."object/atticd.env".path;
settings = {
listen = "[::]:8069";
@@ -203,6 +235,14 @@ in
};
};
harmonia = {
enable = true;
signKeyPath = config.age.secrets."nix-cache.key".path;
settings = {
priority = 30;
};
};
hedgedoc = {
enable = true;
environmentFile = config.age.secrets."object/hedgedoc.env".path;