commit 5cc202ecca0f25cb2a601381da05a9896f014042 Author: Raito Bezarius Date: Fri Jul 19 13:08:52 2024 +0200 Initial binary cache Signed-off-by: Raito Bezarius diff --git a/README.md b/README.md new file mode 100644 index 0000000..f79194f --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# The portable binary cache + +This is an experiment of a portable binary cache with deduplication via Tvix. diff --git a/binary-cache/default.nix b/binary-cache/default.nix new file mode 100644 index 0000000..84f409c --- /dev/null +++ b/binary-cache/default.nix @@ -0,0 +1,43 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ./tvix-cache.nix + ./network.nix + ]; + + environment.systemPackages = [ + pkgs.kitty.terminfo + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "tvix-binary-cache"; # Define your hostname. + users.users.root.openssh.authorizedKeys.keyFiles = [ ./raito.keys ]; + # Set your time zone. + time.timeZone = "Europe/Paris"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Log refused connections + networking.firewall.logRefusedConnections = false; + + system.stateVersion = "24.05"; # Did you read the comment? +} + diff --git a/binary-cache/hardware-configuration.nix b/binary-cache/hardware-configuration.nix new file mode 100644 index 0000000..bba182a --- /dev/null +++ b/binary-cache/hardware-configuration.nix @@ -0,0 +1,31 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/f5bb341d-c149-4728-8816-ee3c04cb74b6"; + fsType = "f2fs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/AC3D-42CA"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/binary-cache/network.nix b/binary-cache/network.nix new file mode 100644 index 0000000..225a6df --- /dev/null +++ b/binary-cache/network.nix @@ -0,0 +1,15 @@ +{ lib, ... }: { + systemd.network.enable = true; + networking.useDHCP = lib.mkDefault false; + + systemd.network.networks."10-wan" = { + matchConfig.Name = "wan"; + linkConfig.RequiredForOnline = true; + DHCP = "yes"; + }; + + systemd.network.links."10-wan" = { + matchConfig.MACAddress = "00:02:c9:9d:ed:64"; # SFP+ port 2. + linkConfig.Name = "wan"; + }; +} diff --git a/binary-cache/raito.keys b/binary-cache/raito.keys new file mode 100644 index 0000000..5e94674 --- /dev/null +++ b/binary-cache/raito.keys @@ -0,0 +1,3 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJFsZ7PMDt80tYXHyScQajNhqH4wuYg/o0OxfOHaZD4rXuT0VIKflKH1M9LslfHWIEH3XNeqhQOziH9r+Ny5JcM= diff --git a/binary-cache/tvix-cache.nix b/binary-cache/tvix-cache.nix new file mode 100644 index 0000000..453a7c8 --- /dev/null +++ b/binary-cache/tvix-cache.nix @@ -0,0 +1,24 @@ +{ config, ... }: { + services.tvix-binary-cache = { + enable = true; + caches = { + forkos.port = 8000; + cno.port = 8001; + }; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + clientMaxBodySize = "50G"; + virtualHosts.cache = { + default = true; + locations = { + "/forkos".return = "302 /forkos/"; + "/forkos/".proxyPass = "http://localhost:${toString config.services.tvix-binary-cache.caches.forkos.port}/"; + "/cno".return = "302 /cno/"; + "/cno/".proxyPass = "http://localhost:${toString config.services.tvix-binary-cache.caches.cno.port}/"; + }; + }; + }; +} diff --git a/hive.nix b/hive.nix new file mode 100644 index 0000000..659e086 --- /dev/null +++ b/hive.nix @@ -0,0 +1,21 @@ +let + npins = import ./npins; +in +{ + meta = { + nixpkgs = import npins.nixpkgs { + overlays = [ + (import "${npins.binary-cache}/pkgs/overlay.nix") + ]; + }; + }; + + binary-cache = { ... }: { + imports = [ + ./binary-cache + "${npins.binary-cache}/modules" + ]; + + deployment.targetHost = "2001:678:9ec:32:202:c9ff:fe9d:ed64"; + }; +} diff --git a/npins/default.nix b/npins/default.nix new file mode 100644 index 0000000..fb04b70 --- /dev/null +++ b/npins/default.nix @@ -0,0 +1,80 @@ +# Generated by npins. Do not modify; will be overwritten regularly +let + data = builtins.fromJSON (builtins.readFile ./sources.json); + version = data.version; + + mkSource = + spec: + assert spec ? type; + let + path = + if spec.type == "Git" then + mkGitSource spec + else if spec.type == "GitRelease" then + mkGitSource spec + else if spec.type == "PyPi" then + mkPyPiSource spec + else if spec.type == "Channel" then + mkChannelSource spec + else + builtins.throw "Unknown source type ${spec.type}"; + in + spec // { outPath = path; }; + + mkGitSource = + { + repository, + revision, + url ? null, + hash, + branch ? null, + ... + }: + assert repository ? type; + # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository + # In the latter case, there we will always be an url to the tarball + if url != null then + (builtins.fetchTarball { + inherit url; + sha256 = hash; + }) + else + assert repository.type == "Git"; + let + urlToName = + url: rev: + let + matched = builtins.match "^.*/([^/]*)(\\.git)?$" repository.url; + + short = builtins.substring 0 7 rev; + + appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else ""; + in + "${if matched == null then "source" else builtins.head matched}${appendShort}"; + name = urlToName repository.url revision; + in + builtins.fetchGit { + url = repository.url; + rev = revision; + inherit name; + narHash = hash; + }; + + mkPyPiSource = + { url, hash, ... }: + builtins.fetchurl { + inherit url; + sha256 = hash; + }; + + mkChannelSource = + { url, hash, ... }: + builtins.fetchTarball { + inherit url; + sha256 = hash; + }; +in +if version == 4 then + builtins.mapAttrs (_: mkSource) data.pins +else + throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`" diff --git a/npins/sources.json b/npins/sources.json new file mode 100644 index 0000000..20174ac --- /dev/null +++ b/npins/sources.json @@ -0,0 +1,22 @@ +{ + "pins": { + "binary-cache": { + "type": "Git", + "repository": { + "type": "Git", + "url": "https://git.dgnum.eu/mdebray/binary-cache.git" + }, + "branch": "master", + "revision": "7dac2d81b00a8652dc3554d872df96bbbf25e16c", + "url": null, + "hash": "sha256-oCooSHe4w70eKQIFdmoCai3QiR3EpjfUdt9BhkGWTpw=" + }, + "nixpkgs": { + "type": "Channel", + "name": "nixpkgs-unstable", + "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre653845.9355fa86e6f2/nixexprs.tar.xz", + "hash": "1gvnxs10qx98jb5xpv96v9q98l1jsaxpmxgqvdmzgaj0rss6lm4x" + } + }, + "version": 4 +} \ No newline at end of file