diff --git a/hosts/deertopia/configuration.nix b/hosts/deertopia/configuration.nix index a8fb057..a4d74ab 100755 --- a/hosts/deertopia/configuration.nix +++ b/hosts/deertopia/configuration.nix @@ -47,6 +47,7 @@ webdav.enable = true; copyparty.enable = true; syncthing.enable = true; + cache.enable = true; # A simple default webpage. This should probably live somewhere else. nginx.vhosts."www" = { diff --git a/modules/nixos/deertopia/cache.nix b/modules/nixos/deertopia/cache.nix new file mode 100644 index 0000000..34d554c --- /dev/null +++ b/modules/nixos/deertopia/cache.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: + +let cfg = config.sydnix.deertopia.cache; +in { + options.sydnix.deertopia.cache.enable = + lib.mkEnableOption "Deertopia's binary cache"; + + config = lib.mkIf cfg.enable { + sydnix.sops.secrets.deertopia-cache-key.mode = "0600"; + + services.nix-serve = { + enable = true; + secretKeyFile = config.sops.secrets.deertopia-cache-key.path; + }; + + sydnix.deertopia.nginx.vhosts."cache".vhost = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = + let port = builtins.toString config.services.nix-serve.port; + in "http://127.0.0.1:${port}"; + }; + }; +} + diff --git a/public-keys/deertopia-cache.pub.pem b/public-keys/deertopia-cache.pub.pem new file mode 100644 index 0000000..fef2a67 --- /dev/null +++ b/public-keys/deertopia-cache.pub.pem @@ -0,0 +1 @@ +cache.deertopia.net:ZWh5BQrFHNKtZ/WvwgDglwy/eJuJUfpQdURDNlQlWoI= \ No newline at end of file diff --git a/secrets.yaml b/secrets.yaml index 05ad0dd..6e3c7cb 100755 --- a/secrets.yaml +++ b/secrets.yaml @@ -15,6 +15,8 @@ authelia-jwt-secret: ENC[AES256_GCM,data:uKWCq7x0mSZJKXDDhMNNPFCglLchlbzCDd68Gao authelia-session-secret: ENC[AES256_GCM,data:4RXVjaR4O3Zy0MbS/yHV/YKTlJyrL0PmBhYQxYiadI3R/aoZaT7VwPyMVRgia031au6UojZFooETdWdzEVKRwA==,iv:rdUk5UsWI56myFu3necp+iIzMNMkzRZQcOGmjG3UD4I=,tag:pqFFuLb5TdPic/n+Ccf/cQ==,type:str] authelia-storage-encryption-key: ENC[AES256_GCM,data:z/k/wXyLp53lZ50oaca/QIs55kF9iKT5ck/s6clFnhyLPkjFeTnVz9Met6klCrs/IkfPHOu50bS2o894D0Xa+A==,iv:Kd8xv6Rk1tTKYmp5/wFlj4HRqjVJQT5QzlpUQO9AF8o=,tag:nNzUumbV9Fgt+DveAmXY2w==,type:str] authelia-authentication-backend-ldap-password: ENC[AES256_GCM,data:VWHW3rjjYCiEw2TuDCAXBhkTMVFsjjQmHByB6H8SwNuF5rAxsZTN99jF9+BE66S3GBtgMJ7loJ/RHkZ4ukC1lQ==,iv:8Iz/ydhN6cnVqlUt0zsp0N6OGuiDwgu858MsJsp7SNM=,tag:8O9lbI//3CR0D7ATGmfLsw==,type:str] +mullvad-account-number: ENC[AES256_GCM,data:4YwyUGIjpkszBJ/rApsqfw==,iv:fz40K9elmeO19ZdhTT+VjI/DXa8emmSYd1Wqx+JBfU0=,tag:GJmbTVb1VB2cKarg+V1qbA==,type:str] +deertopia-cache-key: ENC[AES256_GCM,data:icKy8QZ59/zvQXgsTqN0PInUH3kgZBquwoAF0Lz3yy1avRI6z5DPuBAmj15lC8UmoDhTqi8nCvm5CGW1Xp5YgAQ5TgEWRpm8FWXxSofhLw8BotM4S3zxtCyefxcrW8Z7Lh7p25ECLrSX5F1h,iv:NNOWrgLrtg4WgG6IYWrVOhaTBmAaSeephvVwTT3VeUQ=,tag:zHmAil/falzhWXkvAV4PQA==,type:str] sops: kms: [] gcp_kms: [] @@ -39,8 +41,8 @@ sops: TXFLY2l0UHJ3Z0NGZjVpbTQ2UC8yaTQKA7wTmW9Ha6T2KmCr/nkXdizgv8+V6SAp ZhDO+uDQ1evIh2wLWMOXNJ3d/zplLCOTzR2xkqBIUp5V7MXj45RUIA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-21T22:42:25Z" - mac: ENC[AES256_GCM,data:a/xPkNMYY6rhiy3aPqQIVneSLvDkLVeZ0ugtiGKUrOn540CnSn2tCNACoqTfGRuOExpWqTjs6ihoE8R9eN8hIY3VKCRhXBFkO+sEZKwsF/YsXQcRprDKSQdRTjYBDa8OURlJlevLGLy1N+UY7l3IPW9cD5WhBW/nwqP++WnvQbc=,iv:PxsAguORboTxe+bL5OlVEQwTg+o+WBm7dY1IC08OcQY=,tag:JV9FwvwHFK7kRQHREnz5Vw==,type:str] + lastmodified: "2025-03-12T18:28:36Z" + mac: ENC[AES256_GCM,data:jQCvZ/quZSDdkjzUKLbdbHSWuTvSs8TvMHxW2+nUt/ZUcwvel+Qhv0Yn4Ao1iDcwaO+MqPquXWQpBlRy3K3ADgThhKBkL2ZcCSaZ6bJA8KkCvk5BxE4+Il77cTr/gAYk/anWVLK8qLoMhjvSHVWUydGzsIL0w0kDHlEfIM4WC14=,iv:Z0tvSatR6d54LOtz1dlJuwYMrmE3uPh9L08OpUkF8zc=,tag:b/MrbFhhgPGtCEMvW7JGYQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4