S3 cache setup

2024-09-08 22:09:25 +02:00 · 2024-09-08 22:09:25 +02:00 · 7720224bbd
commit 7720224bbd
parent 75726dc403
8 changed files with 45 additions and 1 deletions
--- a/flake.nix
+++ b/flake.nix
@ -200,6 +200,9 @@
        # Nix configuration
        nix_configuration

+        # S3 cache read
+        ./modules/nixos/s3_cache_read.nix
+
        # Agenix configuration
        agenix.nixosModules.default
        {
@ -238,6 +241,9 @@
                nixos-hardware.nixosModules.common-pc-ssd
                ./instances/thor/configuration.nix

+                # S3 cache write
+                ./modules/nixos/s3_cache_write.nix
+
                ./modules/nixos/pro_audio.nix
                ./modules/nixos/kdeconnect.nix
                ./modules/nixos/steam.nix
@ -268,6 +274,9 @@
              ./instances/odin/hardware-configuration.nix
              ./instances/odin/common_configuration.nix

+              # S3 cache write
+              ./modules/nixos/s3_cache_write.nix
+
              # ./modules/nixos/pro_audio.nix
              ./modules/nixos/kdeconnect.nix
              ./modules/nixos/steam.nix
--- a/instances/baldur/configuration.nix
+++ b/instances/baldur/configuration.nix
@ -104,6 +104,7 @@
              proxyWebsockets = true;
            };
            extraConfig = ''
+              client_max_body_size 6g;
              proxy_pass_header Authorization;
              proxy_buffering off;
            '';
--- a/modules/nixos/basics/distributed.nix
+++ b/modules/nixos/basics/distributed.nix
@ -1,7 +1,11 @@
 {
  security.sudo.wheelNeedsPassword = false;
  nix.settings = {
-    substituters = [ "https://hyprland.cachix.org" ];
+    substituters = [
+      "s3://nix-cache?endpoint=heimdall.tsn:9000&scheme=http"
+      "s3://nix-cache?endpoint=s3.bertof.net"
+      "https://hyprland.cachix.org"
+    ];

    trusted-users = [
      "root"
--- a/modules/nixos/s3_cache_read.nix
+++ b/modules/nixos/s3_cache_read.nix
@ -0,0 +1,4 @@
+{ config, ... }: {
+  age.secrets.s3_cache_read.file = ../../secrets/s3_cache_read.age;
+  systemd.services.nix-daemon.serviceConfig.EnvironmentFile = config.age.secrets.s3_cache_read.path;
+}
--- a/modules/nixos/s3_cache_write.nix
+++ b/modules/nixos/s3_cache_write.nix
@ -0,0 +1,5 @@
+{ config, lib, ... }: {
+  age.secrets.s3_cache_write.file = ../../secrets/s3_cache_write.age;
+  systemd.services.nix-daemon.serviceConfig.EnvironmentFile = lib.mkForce config.age.secrets.s3_cache_write.path;
+}
+
--- a/secrets/s3_cache_read.age
+++ b/secrets/s3_cache_read.age
@ -0,0 +1,19 @@
+age-encryption.org/v1
+-> ssh-ed25519 hGQASA G3TGk4qo8DMYTHfyJL0pfdNJ9ne7tIan0c0lPBfWWVQ
+bazgE8wB5d6R13HH498beHaJWRhXK9Yt3T0L5ijJ+EM
+-> ssh-ed25519 4behFA YT0OQi3hpn/jBdr2d0y7vO2BRuUqOJat/mSMhWtLtDo
+UUOafLht9mF5bgLLcTYR/QJnxAUShqd2zitSZd+7VdY
+-> ssh-ed25519 XSnoeQ 32kTcJCX1INUwaXIEWpzgjoul+1p0KcHuVDtT6ZsNFs
+GghX9UPSEirjQZYBE1GJW7KkRAYqydT5NoQQGCpOY1w
+-> ssh-ed25519 l795CA TbbhVlrXkV5WWApcOVNz3YxwxI2GLa83TFqECsKUHEQ
+0yhucRC79qToTvSabSL/MwmzhI7hblIL0ErZWNiVi1g
+-> ssh-ed25519 yiYoXg sXZHM2bny/vXG+wq/Yh62cmRxZSNn7pOrO0LnxDg23s
+2vjQIn91qlZqSYg58bCMFAqta8arXHZCfpgYU3Gj5ck
+-> ssh-ed25519 XgC3XA wfk2g7+d9mNRKM5fSQi2luxpHM/5CALDvnfN7HNd6xo
+NkLd2h9laQtUYIsoEXI3BPZVixzhFmslWJjpQt1Hwco
+-> ssh-ed25519 IvyYug vj1EGqt6TqZY6c3YQquRca+v7zwwhaXArt+mesA4pGE
+jiZC7eed0I3MFopntzHBcEYhQHHrhFTzTwFN5PO7LNk
+-> ssh-ed25519 v7O/FA KBfLseqIoO2QmrO9IdLOzf2ViFfRt1OfDjeYjb4Z0FY
+d2OjGEDj43UmIgG2HEx/nRnRyEWyws3Tx4LeXudL2hc
+--- 8dDjpCdPDALUBJGMZBrzTfKS11NGBxsd5jJCPUa/BQc
+xEjØði!^ÏÔ¾<C394><C2BE>ýgÈoÄk“¯uj!¬jóŠvÄpçòDÆ¾«=úBE^(ûTð.aëH9òùeV Èg¾Ö*a÷„	k }þˆ<C3BE>‚d=ñÊþ¥À6¥¢7fQkLryO#:ß€œžÂ –¾OÙãÝ‚¹ x®¢cíÜcøÓ©2Õ¿ìzHöèX+N°/’ÑB,ø–ƒ¸Š
--- a/secrets/s3_cache_write.age
+++ b/secrets/s3_cache_write.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -47,4 +47,6 @@ in
  "spotify_password.age".publicKeys = devUsers ++ systems;
  "thor_wg_priv.age".publicKeys = devUsers ++ [ thor ];
  "wg_psk.age".publicKeys = devUsers ++ systems;
+  "s3_cache_write.age".publicKeys = devUsers ++ [ thor odin ];
+  "s3_cache_read.age".publicKeys = devUsers ++ systems;
 }