daylin/oizys
1
0
Fork 0
mirror of https://github.com/daylinmorgan/oizys.git synced 2025-02-23 03:45:50 -06:00
Code Issues Projects Releases Packages Wiki Activity

a new cache. a new oppurtunity

Browse source
This commit is contained in:
Daylin Morgan 2025-02-12 09:48:05 -06:00
parent 10280b0495
commit b4e9fb7018
Signed by: daylin
GPG key ID: 950D13E9719334AD
5 changed files with 47 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
hosts/algiz/README.md
View file

@ -45,3 +45,19 @@ atticd-atticadm make-token --sub daylin --push "*" --pull "*" --validity '1y' --
If I handled secrets via `sops` or `agenix` I think this could be stored directly in the repo. If I handled secrets via `sops` or `agenix` I think this could be stored directly in the repo.
I also had to modify the firewall so that docker would forward along the requests by caddy to `host.docker.internal` correctly. I also had to modify the firewall so that docker would forward along the requests by caddy to `host.docker.internal` correctly.
## Setting up Harmonia
Generated a signing key with the following command:
```sh
nix-store --generate-binary-cache-key nix-cache.dayl.in-1 ./secret ./public
```
public key:
```txt
nix-cache.dayl.in-1:lj22Sov7m1snupBz/43O1fxyEfy/S7cxBpweD7iREcs=
```
Then enabled the service using the nixos module and used sops to store the private key.

1
hosts/algiz/secrets.nix
View file

@ -7,6 +7,7 @@
# by default is accessible only by root:root which should work with above service # by default is accessible only by root:root which should work with above service
secrets.restic-algiz = { }; secrets.restic-algiz = { };
secrets.atticd-env = { }; secrets.atticd-env = { };
secrets.harmonia-key = {};
}; };
} }

5
hosts/algiz/secrets.yaml
View file

File diff suppressed because one or more lines are too long

35
hosts/algiz/services.nix
View file

@ -6,6 +6,7 @@
}: }:
let let
atticPort = "5656"; atticPort = "5656";
harmoniaPort = "5657";
static = pkgs.runCommandLocal "static-files" { } '' static = pkgs.runCommandLocal "static-files" { } ''
mkdir $out mkdir $out
cp ${./caddy/index.html} $out/index.html cp ${./caddy/index.html} $out/index.html
@ -70,19 +71,33 @@ in
}; };
}; };
services.harmonia = enabled // {
signKeyPaths = [ config.sops.secrets.harmonia-key.path ];
settings = {
bind = "[::]:${harmoniaPort}";
};
};
services.caddy = enabled // { services.caddy = enabled // {
extraConfig = builtins.readFile ./caddy/Caddyfile; extraConfig = builtins.readFile ./caddy/Caddyfile;
virtualHosts."attic.dayl.in".extraConfig = ''
redir /oizys /
handle / { virtualHosts = {
root * ${static} "attic.dayl.in".extraConfig = ''
file_server redir /oizys /
}
handle /* { handle / {
reverse_proxy http://localhost:${atticPort} root * ${static}
} file_server
''; }
handle /* {
reverse_proxy http://localhost:${atticPort}
}
'';
"nix-cache.dayl.in".extraConfig = ''
reverse_proxy http://localhost:${harmoniaPort}
'';
};
}; };
} }

2
modules/essentials.nix
View file

@ -55,12 +55,14 @@
accept-flake-config = true; accept-flake-config = true;
extra-substituters = [ extra-substituters = [
"https://attic.dayl.in/oizys" "https://attic.dayl.in/oizys"
"https://nix-cache.dayl.in"
# "https://nixpkgs-wayland.cachix.org" # "https://nixpkgs-wayland.cachix.org"
# "https://hyprland.cachix.org" # "https://hyprland.cachix.org"
# "https://daylin.cachix.org" # "https://daylin.cachix.org"
]; ];
extra-trusted-public-keys = [ extra-trusted-public-keys = [
"oizys:DSw3mwVMM/Y+PXSVpkDlU5dLwlORuiJRGPkwr5INSMc=" "oizys:DSw3mwVMM/Y+PXSVpkDlU5dLwlORuiJRGPkwr5INSMc="
"nix-cache.dayl.in-1:lj22Sov7m1snupBz/43O1fxyEfy/S7cxBpweD7iREcs="
# "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA=" # "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
# "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" # "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
# "daylin.cachix.org-1:fLdSnbhKjtOVea6H9KqXeir+PyhO+sDSPhEW66ClE/k=" # "daylin.cachix.org-1:fLdSnbhKjtOVea6H9KqXeir+PyhO+sDSPhEW66ClE/k="