From 104c58e01e74732a24cfce2826c7a961262efd49 Mon Sep 17 00:00:00 2001 From: Raito Bezarius Date: Fri, 19 Jul 2024 18:25:12 +0200 Subject: [PATCH] chore: more work & more explain Signed-off-by: Raito Bezarius --- README.md | 20 ++++++++++++- binary-cache/default.nix | 2 +- binary-cache/sinavir.keys | 1 + binary-cache/tvix-cache.nix | 58 ++++++++++++++++++++++++++----------- npins/sources.json | 8 ++--- 5 files changed, 66 insertions(+), 23 deletions(-) create mode 100644 binary-cache/sinavir.keys diff --git a/README.md b/README.md index f79194f..8242822 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,21 @@ -# The portable binary cache +# The portable binary cache This is an experiment of a portable binary cache with deduplication via Tvix. + +Currently hosted in Bornhack. + +## `cache.nixos.org` + +```nix +nix.settings.substituters = [ "https://tvix.store/cno/" ]; +nix.settings.trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ]; +``` + +## 🌶️ `cache.forkos.org` 🌶️ + +Don't ask what is this. + +```nix +nix.settings.substituters = [ "https://tvix.store/forkos/" ]; +nix.settings.trusted-public-keys = [ "cache.forkos.org:xfXIUJO1yiEITJmYsVmNDa9BFSlgTh/YqZ+4ei1EhQg=" ]; +``` diff --git a/binary-cache/default.nix b/binary-cache/default.nix index 84f409c..c97bbb5 100644 --- a/binary-cache/default.nix +++ b/binary-cache/default.nix @@ -21,7 +21,7 @@ boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "tvix-binary-cache"; # Define your hostname. - users.users.root.openssh.authorizedKeys.keyFiles = [ ./raito.keys ]; + users.users.root.openssh.authorizedKeys.keyFiles = [ ./raito.keys ./sinavir.keys ]; # Set your time zone. time.timeZone = "Europe/Paris"; diff --git a/binary-cache/sinavir.keys b/binary-cache/sinavir.keys new file mode 100644 index 0000000..471d054 --- /dev/null +++ b/binary-cache/sinavir.keys @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpwF+XD3HgX64kqD42pcEZRNYAWoO4YNiOm5KO4tH6o diff --git a/binary-cache/tvix-cache.nix b/binary-cache/tvix-cache.nix index 453a7c8..18e1030 100644 --- a/binary-cache/tvix-cache.nix +++ b/binary-cache/tvix-cache.nix @@ -1,24 +1,48 @@ -{ config, ... }: { - services.tvix-binary-cache = { - enable = true; - caches = { - forkos.port = 8000; - cno.port = 8001; - }; +{ pkgs, ... }: { + fileSystems."/nvme" = { + device = "/dev/nvme0n1"; + fsType = "ext4"; }; - services.nginx = { + security.acme.acceptTerms = true; + security.acme.defaults.email = "experiments@lahfa.xyz"; + services.tvix-binary-cache = { enable = true; - recommendedProxySettings = true; - clientMaxBodySize = "50G"; - virtualHosts.cache = { - default = true; - locations = { - "/forkos".return = "302 /forkos/"; - "/forkos/".proxyPass = "http://localhost:${toString config.services.tvix-binary-cache.caches.forkos.port}/"; - "/cno".return = "302 /cno/"; - "/cno/".proxyPass = "http://localhost:${toString config.services.tvix-binary-cache.caches.cno.port}/"; + enableNginx = true; + nginx = { + clientMaxBodySize = "50G"; + host = "binary-cache"; + }; + caches = { + forkos = { + port = 8000; + remote-path-info-service-addr = "nix+https://bagel-cache.s3-web.delroth.net"; + }; + cno = { + port = 8001; + remote-path-info-service-addr = "nix+https://cache.nixos.org?trusted-public-keys=cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="; + }; + third = { + port = 8002; + remote-path-info-service-addr = "nix+http://[::1]:8001/cno"; }; }; }; + + fileSystems."/var/lib/tvix-castore" = { + device = "/nvme"; + options = [ "bind" ]; + }; + + services.nginx.virtualHosts.binary-cache = { + enableACME = true; + default = true; + serverName = "tvix.store"; + serverAliases = [ + "cache.nixos.sh" + ]; + }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + environment.systemPackages = with pkgs; [ broot tree iotop glances htop ]; } diff --git a/npins/sources.json b/npins/sources.json index 20174ac..a587531 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -7,15 +7,15 @@ "url": "https://git.dgnum.eu/mdebray/binary-cache.git" }, "branch": "master", - "revision": "7dac2d81b00a8652dc3554d872df96bbbf25e16c", + "revision": "fa45ea47797c63bc259fbd6aa32b34f383878f14", "url": null, - "hash": "sha256-oCooSHe4w70eKQIFdmoCai3QiR3EpjfUdt9BhkGWTpw=" + "hash": "sha256-66aRLAmelImRWFGav6N+sqieBQyMBrxEfGDOabKde3o=" }, "nixpkgs": { "type": "Channel", "name": "nixpkgs-unstable", - "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre653845.9355fa86e6f2/nixexprs.tar.xz", - "hash": "1gvnxs10qx98jb5xpv96v9q98l1jsaxpmxgqvdmzgaj0rss6lm4x" + "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre655005.cfa5366588c9/nixexprs.tar.xz", + "hash": "08wwq26cd2g7h58bfavgvfmhwp2kh5v3qvf1a35xvd1rp20lzs3d" } }, "version": 4