diff --git a/devices/nas/default.nix b/devices/nas/default.nix index cd633922..cb44f722 100644 --- a/devices/nas/default.nix +++ b/devices/nas/default.nix @@ -40,7 +40,6 @@ inputs: dnsmasq = { extraInterfaces = [ "enp3s0" ]; hosts."git.chn.moe" = "127.0.0.1"; }; }; beesd."/".hashTableSizeMB = 10 * 128; - nix-serve.hostname = "nix-store.nas.chn.moe"; postgresql.mountFrom = "ssd"; mariadb.mountFrom = "ssd"; rsshub = {}; diff --git a/devices/pc/default.nix b/devices/pc/default.nix index 8995a1ad..2afaa53f 100644 --- a/devices/pc/default.nix +++ b/devices/pc/default.nix @@ -69,7 +69,7 @@ inputs: ); extraInterfaces = [ "wlo1" ]; }; - # nix-serve = {}; + harmonia.store = "/nix/tf/nix/store"; beesd = { "/".hashTableSizeMB = 2 * 128; "/nix/tf".hashTableSizeMB = 128; }; slurm = { diff --git a/flake/dns/config/chn.moe.nix b/flake/dns/config/chn.moe.nix index 8cb08d98..c5dc43a8 100644 --- a/flake/dns/config/chn.moe.nix +++ b/flake/dns/config/chn.moe.nix @@ -18,7 +18,7 @@ let srv1-node0 = [ "srv1" ]; srv2-node0 = [ "srv2" ]; "pc.ts" = [ "nix-store" "chat" ]; - "nas.ts" = [ "nix-store.nas" "ssh.git" ]; + "nas.ts" = [ "ssh.git" ]; autoroute = [ "铜锣湾" "matrix" ]; vps9 = [ diff --git a/modules/services/harmonia.nix b/modules/services/harmonia.nix new file mode 100644 index 00000000..7130c9d0 --- /dev/null +++ b/modules/services/harmonia.nix @@ -0,0 +1,26 @@ +inputs: +{ + options.nixos.services.harmonia = let inherit (inputs.lib) mkOption types; in mkOption + { + type = types.nullOr (types.submodule { options = + { + hostname = mkOption { type = types.nonEmptyStr; default = "nix-store.chn.moe"; }; + store = mkOption { type = types.nullOr types.nonEmptyStr; default = null; }; + };}); + default = null; + }; + config = let inherit (inputs.config.nixos.services) harmonia; in inputs.lib.mkIf (harmonia != null) + { + services.harmonia = + { + enable = true; + signKeyPaths = [ inputs.config.nixos.system.sops.secrets."store/signingKey".path ]; + settings = inputs.lib.mkIf (harmonia.store != null) { real_nix_store = harmonia.store; }; + }; + nixos = + { + system.sops.secrets."store/signingKey" = {}; + services.nginx.https.${harmonia.hostname}.location."/".proxy.upstream = "http://127.0.0.1:5000"; + }; + }; +} diff --git a/modules/services/nix-serve.nix b/modules/services/nix-serve.nix deleted file mode 100644 index acd9a27f..00000000 --- a/modules/services/nix-serve.nix +++ /dev/null @@ -1,29 +0,0 @@ -inputs: -{ - options.nixos.services.nix-serve = let inherit (inputs.lib) mkOption types; in mkOption - { - type = types.nullOr (types.submodule { options = - { - hostname = mkOption { type = types.nonEmptyStr; default = "nix-store.chn.moe"; }; - };}); - default = null; - }; - config = let inherit (inputs.config.nixos.services) nix-serve; in inputs.lib.mkIf (nix-serve != null) - { - services.nix-serve = - { - enable = true; - package = inputs.pkgs.nix-serve-ng; - openFirewall = true; - secretKeyFile = inputs.config.nixos.system.sops.secrets."store/signingKey".path; - # curl -L cache.nixos.org/nix-cache-info - # use this cache after official one - extraParams = "--priority 50"; - }; - nixos = - { - system.sops.secrets."store/signingKey" = {}; - services.nginx.https.${nix-serve.hostname}.location."/".proxy.upstream = "http://127.0.0.1:5000"; - }; - }; -} diff --git a/modules/system/nix.nix b/modules/system/nix.nix index e0b283ec..5745d482 100644 --- a/modules/system/nix.nix +++ b/modules/system/nix.nix @@ -40,7 +40,7 @@ inputs: keep-outputs = false; connect-timeout = 5; # https://cache.nixos.org 已经自带 - substituters = [ "https://nix-store.chn.moe" "https://nix-store.nas.chn.moe" ]; + substituters = [ "https://nix-store.chn.moe" ]; build-dir = "/var/cache/nix"; }; }