summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/prism.nix25
-rw-r--r--lass/2configs/binary-cache/client.nix9
-rw-r--r--lass/2configs/binary-cache/server.nix30
-rw-r--r--lass/2configs/default.nix7
4 files changed, 41 insertions, 30 deletions
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 34c1ef69b..8dfc11f60 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -20,6 +20,7 @@ in {
../2configs/radio.nix
../2configs/buildbot-standalone.nix
../2configs/repo-sync.nix
+ ../2configs/binary-cache/server.nix
{
imports = [
../2configs/git.nix
@@ -211,30 +212,6 @@ in {
'')
];
}
- {
- services.nix-serve = {
- enable = true;
- secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
- };
- systemd.services.nix-serve = {
- requires = ["secret.service"];
- after = ["secret.service"];
- };
- krebs.secret.files.nix-serve-key = {
- path = "/run/secret/nix-serve.key";
- owner.name = "nix-serve";
- source-path = toString <secrets> + "/nix-serve.key";
- };
- krebs.nginx = {
- enable = true;
- servers.nix-serve = {
- server-names = [ "cache.prism.r" ];
- locations = lib.singleton (lib.nameValuePair "/" ''
- proxy_pass http://localhost:${toString config.services.nix-serve.port};
- '');
- };
- };
- }
];
krebs.build.host = config.krebs.hosts.prism;
diff --git a/lass/2configs/binary-cache/client.nix b/lass/2configs/binary-cache/client.nix
new file mode 100644
index 000000000..108ff7a1e
--- /dev/null
+++ b/lass/2configs/binary-cache/client.nix
@@ -0,0 +1,9 @@
+{ config, ... }:
+
+{
+ nix = {
+ binaryCaches = ["http://cache.prism.r"];
+ binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="];
+ };
+}
+
diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix
new file mode 100644
index 000000000..22ec04307
--- /dev/null
+++ b/lass/2configs/binary-cache/server.nix
@@ -0,0 +1,30 @@
+{ config, lib, pkgs, ...}:
+
+{
+ # generate private key with:
+ # nix-store --generate-binary-cache-key my-secret-key my-public-key
+ services.nix-serve = {
+ enable = true;
+ secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+ };
+
+ systemd.services.nix-serve = {
+ requires = ["secret.service"];
+ after = ["secret.service"];
+ };
+ krebs.secret.files.nix-serve-key = {
+ path = "/run/secret/nix-serve.key";
+ owner.name = "nix-serve";
+ source-path = toString <secrets> + "/nix-serve.key";
+ };
+ krebs.nginx = {
+ enable = true;
+ servers.nix-serve = {
+ server-names = [ "cache.prism.r" ];
+ locations = lib.singleton (lib.nameValuePair "/" ''
+ proxy_pass http://localhost:${toString config.services.nix-serve.port};
+ '');
+ };
+ };
+}
+
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 95c6cf3e2..b6eb33546 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -8,6 +8,7 @@ with config.krebs.lib;
../2configs/mc.nix
../2configs/retiolum.nix
../2configs/nixpkgs.nix
+ ../2configs/binary-cache/client.nix
./backups.nix
{
users.extraUsers =
@@ -41,12 +42,6 @@ with config.krebs.lib;
};
};
}
- {
- nix = {
- binaryCaches = ["http://cache.prism.r"];
- binaryCachePublicKeys = ["cache.prism-1:+S+6Lo/n27XEtvdlQKuJIcb1yO5NUqUCE2lolmTgNJU="];
- };
- }
];
networking.hostName = config.krebs.build.host.name;