modules.serrvices.harmonia: init

2026-01-11 16:49:22 +08:00 · 2025-12-07 12:03:50 +08:00
parent 5d3abe7b8b
commit 7fd61ef0cb
6 changed files with 29 additions and 33 deletions
--- a/devices/nas/default.nix
+++ b/devices/nas/default.nix
@@ -40,7 +40,6 @@ inputs:
          dnsmasq = { extraInterfaces = [ "enp3s0" ]; hosts."git.chn.moe" = "127.0.0.1"; };
        };
        beesd."/".hashTableSizeMB = 10 * 128;
-        nix-serve.hostname = "nix-store.nas.chn.moe";
        postgresql.mountFrom = "ssd";
        mariadb.mountFrom = "ssd";
        rsshub = {};
--- a/devices/pc/default.nix
+++ b/devices/pc/default.nix
@@ -69,7 +69,7 @@ inputs:
          );
          extraInterfaces = [ "wlo1" ];
        };
-        # nix-serve = {};
+        harmonia.store = "/nix/tf/nix/store";
        beesd = { "/".hashTableSizeMB = 2 * 128; "/nix/tf".hashTableSizeMB = 128; };
        slurm =
        {
--- a/flake/dns/config/chn.moe.nix
+++ b/flake/dns/config/chn.moe.nix
@@ -18,7 +18,7 @@ let
    srv1-node0 = [ "srv1" ];
    srv2-node0 = [ "srv2" ];
    "pc.ts" = [ "nix-store" "chat" ];
-    "nas.ts" = [ "nix-store.nas" "ssh.git" ];
+    "nas.ts" = [ "ssh.git" ];
    autoroute = [ "铜锣湾" "matrix" ];
    vps9 =
    [
--- a/modules/services/harmonia.nix
+++ b/modules/services/harmonia.nix
@@ -0,0 +1,26 @@
+inputs:
+{
+  options.nixos.services.harmonia = let inherit (inputs.lib) mkOption types; in mkOption
+  {
+    type = types.nullOr (types.submodule { options =
+    {
+      hostname = mkOption { type = types.nonEmptyStr; default = "nix-store.chn.moe"; };
+      store = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
+    };});
+    default = null;
+  };
+  config = let inherit (inputs.config.nixos.services) harmonia; in inputs.lib.mkIf (harmonia != null)
+  {
+    services.harmonia =
+    {
+      enable = true;
+      signKeyPaths = [ inputs.config.nixos.system.sops.secrets."store/signingKey".path ];
+      settings = inputs.lib.mkIf (harmonia.store != null) { real_nix_store = harmonia.store; };
+    };
+    nixos =
+    {
+      system.sops.secrets."store/signingKey" = {};
+      services.nginx.https.${harmonia.hostname}.location."/".proxy.upstream = "http://127.0.0.1:5000";
+    };
+  };
+}
--- a/modules/services/nix-serve.nix
+++ b/modules/services/nix-serve.nix
@@ -1,29 +0,0 @@
-inputs:
-{
-  options.nixos.services.nix-serve = let inherit (inputs.lib) mkOption types; in mkOption
-  {
-    type = types.nullOr (types.submodule { options =
-    {
-      hostname = mkOption { type = types.nonEmptyStr; default = "nix-store.chn.moe"; };
-    };});
-    default = null;
-  };
-  config = let inherit (inputs.config.nixos.services) nix-serve; in inputs.lib.mkIf (nix-serve != null)
-  {
-    services.nix-serve =
-    {
-      enable = true;
-      package = inputs.pkgs.nix-serve-ng;
-      openFirewall = true;
-      secretKeyFile = inputs.config.nixos.system.sops.secrets."store/signingKey".path;
-      # curl -L cache.nixos.org/nix-cache-info
-      # use this cache after official one
-      extraParams = "--priority 50";
-    };
-    nixos =
-    {
-      system.sops.secrets."store/signingKey" = {};
-      services.nginx.https.${nix-serve.hostname}.location."/".proxy.upstream = "http://127.0.0.1:5000";
-    };
-  };
-}
--- a/modules/system/nix.nix
+++ b/modules/system/nix.nix
@@ -40,7 +40,7 @@ inputs:
        keep-outputs = false;
        connect-timeout = 5;
        # https://cache.nixos.org 已经自带
-        substituters = [ "https://nix-store.chn.moe" "https://nix-store.nas.chn.moe" ];
+        substituters = [ "https://nix-store.chn.moe" ];
        build-dir = "/var/cache/nix";
      };
    }