diff --git a/machines/loki/configuration.nix b/machines/loki/configuration.nix index 445d7a0..c16c66d 100644 --- a/machines/loki/configuration.nix +++ b/machines/loki/configuration.nix @@ -40,6 +40,10 @@ in }; nix-common = { enable = true; + disable-cache = true; + }; + nix-serve = { + enable = true; }; sound.enable = true; systemd.enable = true; diff --git a/modules/nix-common/default.nix b/modules/nix-common/default.nix index 8834a30..d72a3c3 100644 --- a/modules/nix-common/default.nix +++ b/modules/nix-common/default.nix @@ -29,12 +29,12 @@ in substituters = [ "https://nix-community.cachix.org" "https://marcus7070.cachix.org" - ]; + ] ++ lib.optionals (! cfg.disable-cache) [ "http://loki.datarift.nl" ]; trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "marcus7070.cachix.org-1:JawxHSgnYsgNYJmNqZwvLjI4NcOwrcEZDToWlT3WwXw=" - ]; + ] ++ lib.optionals (! cfg.disable-cache) [ "loki.datarift.nl:Mk+g9h52oCWtCi6b6KxRkntrD+HZVhwNT8muUQtgKoA=" ]; }; gc = { diff --git a/modules/nix-serve/default.nix b/modules/nix-serve/default.nix new file mode 100644 index 0000000..6073101 --- /dev/null +++ b/modules/nix-serve/default.nix @@ -0,0 +1,29 @@ +{ pkgs, config, lib, ... }: +with lib; +let + cfg = config.eboskma.nix-serve; +in +{ + options.eboskma.nix-serve = { enable = mkEnableOption "nix-serve"; }; + + config = mkIf (cfg.enable) { + services.nix-serve = { + enable = true; + secretKeyFile = "/var/cache-priv-key.pem"; + bindAddress = "127.0.0.1"; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + virtualHosts = { + "loki.datarift.nl" = { + serverAliases = [ "loki" ]; + locations."/".proxyPass = "http://localhost:${toString config.services.nix-serve.port}"; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 ]; + }; +}