a new cache. a new oppurtunity

2025-02-22 15:15:50 -06:00 · 2025-02-12 09:48:05 -06:00 · 2025-02-12 09:48:05 -06:00 · b4e9fb7018
commit b4e9fb7018
parent 10280b0495
5 changed files with 47 additions and 12 deletions
--- a/hosts/algiz/README.md
+++ b/hosts/algiz/README.md
@ -45,3 +45,19 @@ atticd-atticadm make-token --sub daylin --push "*" --pull "*" --validity '1y' --

 If I handled secrets via `sops` or `agenix` I think this could be stored directly in the repo.
 I also had to modify the firewall so that docker would forward along the requests by caddy to `host.docker.internal` correctly.
+
+## Setting up Harmonia
+
+Generated a signing key with the following command:
+
+```sh
+nix-store --generate-binary-cache-key nix-cache.dayl.in-1 ./secret ./public
+```
+
+public key:
+
+```txt
+nix-cache.dayl.in-1:lj22Sov7m1snupBz/43O1fxyEfy/S7cxBpweD7iREcs=
+```
+
+Then enabled the service using the nixos module and used sops to store the private key.
--- a/hosts/algiz/secrets.nix
+++ b/hosts/algiz/secrets.nix
@ -7,6 +7,7 @@
    # by default is accessible only by root:root which should work with above service
    secrets.restic-algiz = { };
    secrets.atticd-env = { };
+    secrets.harmonia-key = {};
  };

 }
--- a/hosts/algiz/secrets.yaml
+++ b/hosts/algiz/secrets.yaml
--- a/hosts/algiz/services.nix
+++ b/hosts/algiz/services.nix
@ -6,6 +6,7 @@
 }:
 let
  atticPort = "5656";
+  harmoniaPort = "5657";
  static = pkgs.runCommandLocal "static-files" { } ''
    mkdir $out
    cp ${./caddy/index.html} $out/index.html
@ -70,19 +71,33 @@ in
    };
  };

+  services.harmonia = enabled // {
+    signKeyPaths = [ config.sops.secrets.harmonia-key.path ];
+    settings = {
+      bind = "[::]:${harmoniaPort}";
+    };
+  };
+
  services.caddy = enabled // {
    extraConfig = builtins.readFile ./caddy/Caddyfile;
-    virtualHosts."attic.dayl.in".extraConfig = ''
-      redir /oizys /

-      handle / {
-        root * ${static}
-        file_server
-      }
+    virtualHosts = {
+      "attic.dayl.in".extraConfig = ''
+        redir /oizys /

-      handle /* {
-        reverse_proxy http://localhost:${atticPort}
-      }
-    '';
+        handle / {
+          root * ${static}
+          file_server
+        }
+
+        handle /* {
+          reverse_proxy http://localhost:${atticPort}
+        }
+      '';
+
+      "nix-cache.dayl.in".extraConfig = ''
+        reverse_proxy http://localhost:${harmoniaPort}
+      '';
+    };
  };
 }
--- a/modules/essentials.nix
+++ b/modules/essentials.nix
@ -55,12 +55,14 @@
      accept-flake-config = true;
      extra-substituters = [
        "https://attic.dayl.in/oizys"
+        "https://nix-cache.dayl.in"
        # "https://nixpkgs-wayland.cachix.org"
        # "https://hyprland.cachix.org"
        # "https://daylin.cachix.org"
      ];
      extra-trusted-public-keys = [
        "oizys:DSw3mwVMM/Y+PXSVpkDlU5dLwlORuiJRGPkwr5INSMc="
+        "nix-cache.dayl.in-1:lj22Sov7m1snupBz/43O1fxyEfy/S7cxBpweD7iREcs="
        # "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
        # "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
        # "daylin.cachix.org-1:fLdSnbhKjtOVea6H9KqXeir+PyhO+sDSPhEW66ClE/k="