S3 cache setup

flake.nix

@@ -200,6 +200,9 @@
         # Nix configuration
         nix_configuration
 
+        # S3 cache read
+        ./modules/nixos/s3_cache_read.nix
+
         # Agenix configuration
         agenix.nixosModules.default
         {
@@ -238,6 +241,9 @@
                 nixos-hardware.nixosModules.common-pc-ssd
                 ./instances/thor/configuration.nix
 
+                # S3 cache write
+                ./modules/nixos/s3_cache_write.nix
+
                 ./modules/nixos/pro_audio.nix
                 ./modules/nixos/kdeconnect.nix
                 ./modules/nixos/steam.nix
@@ -268,6 +274,9 @@
               ./instances/odin/hardware-configuration.nix
               ./instances/odin/common_configuration.nix
 
+              # S3 cache write
+              ./modules/nixos/s3_cache_write.nix
+
               # ./modules/nixos/pro_audio.nix
               ./modules/nixos/kdeconnect.nix
               ./modules/nixos/steam.nix

instances/baldur/configuration.nix

@@ -104,6 +104,7 @@
               proxyWebsockets = true;
             };
             extraConfig = ''
+              client_max_body_size 6g;
               proxy_pass_header Authorization;
               proxy_buffering off;
             '';

modules/nixos/basics/distributed.nix

@@ -1,7 +1,11 @@
 {
   security.sudo.wheelNeedsPassword = false;
   nix.settings = {
-    substituters = [ "https://hyprland.cachix.org" ];
+    substituters = [
+      "s3://nix-cache?endpoint=heimdall.tsn:9000&scheme=http"
+      "s3://nix-cache?endpoint=s3.bertof.net"
+      "https://hyprland.cachix.org"
+    ];
 
     trusted-users = [
       "root"

modules/nixos/s3_cache_read.nix

@@ -0,0 +1,4 @@
+{ config, ... }: {
+  age.secrets.s3_cache_read.file = ../../secrets/s3_cache_read.age;
+  systemd.services.nix-daemon.serviceConfig.EnvironmentFile = config.age.secrets.s3_cache_read.path;
+}

modules/nixos/s3_cache_write.nix

@@ -0,0 +1,5 @@
+{ config, lib, ... }: {
+  age.secrets.s3_cache_write.file = ../../secrets/s3_cache_write.age;
+  systemd.services.nix-daemon.serviceConfig.EnvironmentFile = lib.mkForce config.age.secrets.s3_cache_write.path;
+}
+

secrets/s3_cache_read.age

@@ -0,0 +1,19 @@
+age-encryption.org/v1
+-> ssh-ed25519 hGQASA G3TGk4qo8DMYTHfyJL0pfdNJ9ne7tIan0c0lPBfWWVQ
+bazgE8wB5d6R13HH498beHaJWRhXK9Yt3T0L5ijJ+EM
+-> ssh-ed25519 4behFA YT0OQi3hpn/jBdr2d0y7vO2BRuUqOJat/mSMhWtLtDo
+UUOafLht9mF5bgLLcTYR/QJnxAUShqd2zitSZd+7VdY
+-> ssh-ed25519 XSnoeQ 32kTcJCX1INUwaXIEWpzgjoul+1p0KcHuVDtT6ZsNFs
+GghX9UPSEirjQZYBE1GJW7KkRAYqydT5NoQQGCpOY1w
+-> ssh-ed25519 l795CA TbbhVlrXkV5WWApcOVNz3YxwxI2GLa83TFqECsKUHEQ
+0yhucRC79qToTvSabSL/MwmzhI7hblIL0ErZWNiVi1g
+-> ssh-ed25519 yiYoXg sXZHM2bny/vXG+wq/Yh62cmRxZSNn7pOrO0LnxDg23s
+2vjQIn91qlZqSYg58bCMFAqta8arXHZCfpgYU3Gj5ck
+-> ssh-ed25519 XgC3XA wfk2g7+d9mNRKM5fSQi2luxpHM/5CALDvnfN7HNd6xo
+NkLd2h9laQtUYIsoEXI3BPZVixzhFmslWJjpQt1Hwco
+-> ssh-ed25519 IvyYug vj1EGqt6TqZY6c3YQquRca+v7zwwhaXArt+mesA4pGE
+jiZC7eed0I3MFopntzHBcEYhQHHrhFTzTwFN5PO7LNk
+-> ssh-ed25519 v7O/FA KBfLseqIoO2QmrO9IdLOzf2ViFfRt1OfDjeYjb4Z0FY
+d2OjGEDj43UmIgG2HEx/nRnRyEWyws3Tx4LeXudL2hc
+--- 8dDjpCdPDALUBJGMZBrzTfKS11NGBxsd5jJCPUa/BQc
+xEjØði!^­ÏÔ¾<C394><C2BE>ýgÈoÄk“¯uj!¬jóŠvÄ­pçòDƾ«=úBE^(ûTð.aëH9òùeV Èg¾Ö*a÷„	k }þˆ<C3BE>‚d=ñÊþ¥À6¥¢7fQkLryO#:߀œžÂ –¾OÙãÝ‚¹ x®¢cíÜcøÓ©2Õ¿ìzHöèX+N°/’ÑB,ø–ƒ¸Š

secrets/secrets.nix

@@ -47,4 +47,6 @@ in
   "spotify_password.age".publicKeys = devUsers ++ systems;
   "thor_wg_priv.age".publicKeys = devUsers ++ [ thor ];
   "wg_psk.age".publicKeys = devUsers ++ systems;
+  "s3_cache_write.age".publicKeys = devUsers ++ [ thor odin ];
+  "s3_cache_read.age".publicKeys = devUsers ++ systems;
 }