From 7720224bbdde412a08ccb91f71d794cbab4752ba Mon Sep 17 00:00:00 2001 From: Filippo Berto Date: Sun, 8 Sep 2024 22:09:25 +0200 Subject: [PATCH] S3 cache setup --- flake.nix | 9 +++++++++ instances/baldur/configuration.nix | 1 + modules/nixos/basics/distributed.nix | 6 +++++- modules/nixos/s3_cache_read.nix | 4 ++++ modules/nixos/s3_cache_write.nix | 5 +++++ secrets/s3_cache_read.age | 19 +++++++++++++++++++ secrets/s3_cache_write.age | Bin 0 -> 673 bytes secrets/secrets.nix | 2 ++ 8 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 modules/nixos/s3_cache_read.nix create mode 100644 modules/nixos/s3_cache_write.nix create mode 100644 secrets/s3_cache_read.age create mode 100644 secrets/s3_cache_write.age diff --git a/flake.nix b/flake.nix index 825e30c..8cada7d 100644 --- a/flake.nix +++ b/flake.nix @@ -200,6 +200,9 @@ # Nix configuration nix_configuration + # S3 cache read + ./modules/nixos/s3_cache_read.nix + # Agenix configuration agenix.nixosModules.default { @@ -238,6 +241,9 @@ nixos-hardware.nixosModules.common-pc-ssd ./instances/thor/configuration.nix + # S3 cache write + ./modules/nixos/s3_cache_write.nix + ./modules/nixos/pro_audio.nix ./modules/nixos/kdeconnect.nix ./modules/nixos/steam.nix @@ -268,6 +274,9 @@ ./instances/odin/hardware-configuration.nix ./instances/odin/common_configuration.nix + # S3 cache write + ./modules/nixos/s3_cache_write.nix + # ./modules/nixos/pro_audio.nix ./modules/nixos/kdeconnect.nix ./modules/nixos/steam.nix diff --git a/instances/baldur/configuration.nix b/instances/baldur/configuration.nix index 055651d..b527138 100644 --- a/instances/baldur/configuration.nix +++ b/instances/baldur/configuration.nix @@ -104,6 +104,7 @@ proxyWebsockets = true; }; extraConfig = '' + client_max_body_size 6g; proxy_pass_header Authorization; proxy_buffering off; ''; diff --git a/modules/nixos/basics/distributed.nix b/modules/nixos/basics/distributed.nix index ae6eec9..f5b4389 100644 --- a/modules/nixos/basics/distributed.nix +++ b/modules/nixos/basics/distributed.nix @@ -1,7 +1,11 @@ { security.sudo.wheelNeedsPassword = false; nix.settings = { - substituters = [ "https://hyprland.cachix.org" ]; + substituters = [ + "s3://nix-cache?endpoint=heimdall.tsn:9000&scheme=http" + "s3://nix-cache?endpoint=s3.bertof.net" + "https://hyprland.cachix.org" + ]; trusted-users = [ "root" diff --git a/modules/nixos/s3_cache_read.nix b/modules/nixos/s3_cache_read.nix new file mode 100644 index 0000000..44cd48d --- /dev/null +++ b/modules/nixos/s3_cache_read.nix @@ -0,0 +1,4 @@ +{ config, ... }: { + age.secrets.s3_cache_read.file = ../../secrets/s3_cache_read.age; + systemd.services.nix-daemon.serviceConfig.EnvironmentFile = config.age.secrets.s3_cache_read.path; +} diff --git a/modules/nixos/s3_cache_write.nix b/modules/nixos/s3_cache_write.nix new file mode 100644 index 0000000..9e8ad8a --- /dev/null +++ b/modules/nixos/s3_cache_write.nix @@ -0,0 +1,5 @@ +{ config, lib, ... }: { + age.secrets.s3_cache_write.file = ../../secrets/s3_cache_write.age; + systemd.services.nix-daemon.serviceConfig.EnvironmentFile = lib.mkForce config.age.secrets.s3_cache_write.path; +} + diff --git a/secrets/s3_cache_read.age b/secrets/s3_cache_read.age new file mode 100644 index 0000000..82484a7 --- /dev/null +++ b/secrets/s3_cache_read.age @@ -0,0 +1,19 @@ +age-encryption.org/v1 +-> ssh-ed25519 hGQASA G3TGk4qo8DMYTHfyJL0pfdNJ9ne7tIan0c0lPBfWWVQ +bazgE8wB5d6R13HH498beHaJWRhXK9Yt3T0L5ijJ+EM +-> ssh-ed25519 4behFA YT0OQi3hpn/jBdr2d0y7vO2BRuUqOJat/mSMhWtLtDo +UUOafLht9mF5bgLLcTYR/QJnxAUShqd2zitSZd+7VdY +-> ssh-ed25519 XSnoeQ 32kTcJCX1INUwaXIEWpzgjoul+1p0KcHuVDtT6ZsNFs +GghX9UPSEirjQZYBE1GJW7KkRAYqydT5NoQQGCpOY1w +-> ssh-ed25519 l795CA TbbhVlrXkV5WWApcOVNz3YxwxI2GLa83TFqECsKUHEQ +0yhucRC79qToTvSabSL/MwmzhI7hblIL0ErZWNiVi1g +-> ssh-ed25519 yiYoXg sXZHM2bny/vXG+wq/Yh62cmRxZSNn7pOrO0LnxDg23s +2vjQIn91qlZqSYg58bCMFAqta8arXHZCfpgYU3Gj5ck +-> ssh-ed25519 XgC3XA wfk2g7+d9mNRKM5fSQi2luxpHM/5CALDvnfN7HNd6xo +NkLd2h9laQtUYIsoEXI3BPZVixzhFmslWJjpQt1Hwco +-> ssh-ed25519 IvyYug vj1EGqt6TqZY6c3YQquRca+v7zwwhaXArt+mesA4pGE +jiZC7eed0I3MFopntzHBcEYhQHHrhFTzTwFN5PO7LNk +-> ssh-ed25519 v7O/FA KBfLseqIoO2QmrO9IdLOzf2ViFfRt1OfDjeYjb4Z0FY +d2OjGEDj43UmIgG2HEx/nRnRyEWyws3Tx4LeXudL2hc +--- 8dDjpCdPDALUBJGMZBrzTfKS11NGBxsd5jJCPUa/BQc +xEji!^Ծgokuj!jvpDƾ=BE^(T.aH9 eVg*a k}d=67fQkLryO#:߀ O݂ xccө2տzHX+N/B, \ No newline at end of file diff --git a/secrets/s3_cache_write.age b/secrets/s3_cache_write.age new file mode 100644 index 0000000000000000000000000000000000000000..fece3a2c79a3efad1da4c0e046a6dc5846d5819f GIT binary patch literal 673 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7a1V40c2o$A$SX=U z2n#6m&I>ilcFHLV4>l+(&vS`1P09*Qb_+>%caI7-EKl}w4dk-)Nb?HHDD?C9HOL50 z4NVKr33882N(ykRbTkMp$PY^NE^`g^Neiz?i$u50Bq=q+%~8R{E5s|;ure{jF;71= zJ<*`DI48x#Ju*DsAl$?_Co$JIA|TDPB-1e4EuX8zq_nWYHM>ebJ2Kd#xYRr=*~Hz& zE8D!-DL+v^D$2k=#UnW{(KIXH3&XZDbANp|M}?xi%G7|w@{)+sw9-toA_HSD&x$Ie zlH4HE0C%4VkHSi)TwmW*(~78EPp-%!r_>}1r@V|54`a9TAVbf>(&YSN!wUC2FYlxx zw}7I;h&+o-SAF+<4BI@*DkDqN6`~??-OG}~a*EtblU%i3id}t!iW2q1%kxt7eN#hy zj3SB>!`yOA+#NF=xr{x_Qgh4ve6lh_%H3U3oKq{^OS3Dzq9T%Ae9}sjlZ~BCg8j^$ zGn3MNxpZ}P74poC%=BH8@=b$NazmW*12WUhoL%)zjWP|RjI|?uij%UF$}J7c94)IH zx%v$H!nXELDd6OPcwq?_4_odDt)nkLZ7A2caVoLtsbM*5hvqvH@=c_ zKi29|uhhEs?#ly8h8%Bete0x@)HCpMzu8b#-d^=haKlFU0%rBr*F#m{9|FqX?310uX{UQU#-Y`H-V?E=7-X>buvJSLk_99{@SZ^xgmf literal 0 HcmV?d00001 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 4a55890..f0ea94f 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -47,4 +47,6 @@ in "spotify_password.age".publicKeys = devUsers ++ systems; "thor_wg_priv.age".publicKeys = devUsers ++ [ thor ]; "wg_psk.age".publicKeys = devUsers ++ systems; + "s3_cache_write.age".publicKeys = devUsers ++ [ thor odin ]; + "s3_cache_read.age".publicKeys = devUsers ++ systems; }