Initial binary cache

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>

README.md

@@ -0,0 +1,3 @@
+# The portable binary cache
+
+This is an experiment of a portable binary cache with deduplication via Tvix.

binary-cache/default.nix

@@ -0,0 +1,43 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page, on
+# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
+
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      ./tvix-cache.nix
+      ./network.nix
+    ];
+
+  environment.systemPackages = [
+    pkgs.kitty.terminfo
+  ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "tvix-binary-cache"; # Define your hostname.
+  users.users.root.openssh.authorizedKeys.keyFiles = [ ./raito.keys ];
+  # Set your time zone.
+  time.timeZone = "Europe/Paris";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
+  };
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+
+  # Log refused connections
+  networking.firewall.logRefusedConnections = false;
+
+  system.stateVersion = "24.05"; # Did you read the comment?
+}
+

binary-cache/hardware-configuration.nix

@@ -0,0 +1,31 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/f5bb341d-c149-4728-8816-ee3c04cb74b6";
+      fsType = "f2fs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/AC3D-42CA";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

binary-cache/network.nix

@@ -0,0 +1,15 @@
+{ lib, ... }: {
+  systemd.network.enable = true;
+  networking.useDHCP = lib.mkDefault false;
+
+  systemd.network.networks."10-wan" = {
+    matchConfig.Name = "wan";
+    linkConfig.RequiredForOnline = true;
+    DHCP = "yes";
+  };
+
+  systemd.network.links."10-wan" = {
+    matchConfig.MACAddress = "00:02:c9:9d:ed:64"; # SFP+ port 2.
+    linkConfig.Name = "wan";
+  };
+}

binary-cache/raito.keys

@@ -0,0 +1,3 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJFsZ7PMDt80tYXHyScQajNhqH4wuYg/o0OxfOHaZD4rXuT0VIKflKH1M9LslfHWIEH3XNeqhQOziH9r+Ny5JcM=

binary-cache/tvix-cache.nix

@@ -0,0 +1,24 @@
+{ config, ... }: {
+  services.tvix-binary-cache = {
+    enable = true;
+    caches = {
+      forkos.port = 8000;
+      cno.port = 8001;
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    clientMaxBodySize = "50G";
+    virtualHosts.cache = {
+      default = true;
+      locations = {
+        "/forkos".return = "302 /forkos/";
+        "/forkos/".proxyPass = "http://localhost:${toString config.services.tvix-binary-cache.caches.forkos.port}/";
+        "/cno".return = "302 /cno/";
+        "/cno/".proxyPass = "http://localhost:${toString config.services.tvix-binary-cache.caches.cno.port}/";
+      };
+    };
+  };
+}

hive.nix

@@ -0,0 +1,21 @@
+let
+  npins = import ./npins;
+in
+{
+  meta = {
+    nixpkgs = import npins.nixpkgs {
+      overlays = [
+        (import "${npins.binary-cache}/pkgs/overlay.nix")
+      ];
+    };
+  };
+
+  binary-cache = { ... }: {
+    imports = [
+      ./binary-cache
+      "${npins.binary-cache}/modules"
+    ];
+
+    deployment.targetHost = "2001:678:9ec:32:202:c9ff:fe9d:ed64";
+  };
+}

npins/default.nix

@@ -0,0 +1,80 @@
+# Generated by npins. Do not modify; will be overwritten regularly
+let
+  data = builtins.fromJSON (builtins.readFile ./sources.json);
+  version = data.version;
+
+  mkSource =
+    spec:
+    assert spec ? type;
+    let
+      path =
+        if spec.type == "Git" then
+          mkGitSource spec
+        else if spec.type == "GitRelease" then
+          mkGitSource spec
+        else if spec.type == "PyPi" then
+          mkPyPiSource spec
+        else if spec.type == "Channel" then
+          mkChannelSource spec
+        else
+          builtins.throw "Unknown source type ${spec.type}";
+    in
+    spec // { outPath = path; };
+
+  mkGitSource =
+    {
+      repository,
+      revision,
+      url ? null,
+      hash,
+      branch ? null,
+      ...
+    }:
+    assert repository ? type;
+    # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
+    # In the latter case, there we will always be an url to the tarball
+    if url != null then
+      (builtins.fetchTarball {
+        inherit url;
+        sha256 = hash;
+      })
+    else
+      assert repository.type == "Git";
+      let
+        urlToName =
+          url: rev:
+          let
+            matched = builtins.match "^.*/([^/]*)(\\.git)?$" repository.url;
+
+            short = builtins.substring 0 7 rev;
+
+            appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else "";
+          in
+          "${if matched == null then "source" else builtins.head matched}${appendShort}";
+        name = urlToName repository.url revision;
+      in
+      builtins.fetchGit {
+        url = repository.url;
+        rev = revision;
+        inherit name;
+        narHash = hash;
+      };
+
+  mkPyPiSource =
+    { url, hash, ... }:
+    builtins.fetchurl {
+      inherit url;
+      sha256 = hash;
+    };
+
+  mkChannelSource =
+    { url, hash, ... }:
+    builtins.fetchTarball {
+      inherit url;
+      sha256 = hash;
+    };
+in
+if version == 4 then
+  builtins.mapAttrs (_: mkSource) data.pins
+else
+  throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"

npins/sources.json

@@ -0,0 +1,22 @@
+{
+  "pins": {
+    "binary-cache": {
+      "type": "Git",
+      "repository": {
+        "type": "Git",
+        "url": "https://git.dgnum.eu/mdebray/binary-cache.git"
+      },
+      "branch": "master",
+      "revision": "7dac2d81b00a8652dc3554d872df96bbbf25e16c",
+      "url": null,
+      "hash": "sha256-oCooSHe4w70eKQIFdmoCai3QiR3EpjfUdt9BhkGWTpw="
+    },
+    "nixpkgs": {
+      "type": "Channel",
+      "name": "nixpkgs-unstable",
+      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre653845.9355fa86e6f2/nixexprs.tar.xz",
+      "hash": "1gvnxs10qx98jb5xpv96v9q98l1jsaxpmxgqvdmzgaj0rss6lm4x"
+    }
+  },
+  "version": 4
+}