upgrade

update
working on using new created cache
2024-07-20 14:26:47 +02:00 · 2024-07-20 14:17:18 +02:00 · 2024-07-20 13:56:03 +02:00
9 changed files with 127 additions and 65 deletions
--- a/.forgejo/workflows/build.yaml
+++ b/.forgejo/workflows/build.yaml
@ -11,15 +11,16 @@ jobs:
          ${{ secrets.SSH_KEY }}
          EOF
          chmod 600 .id_rsa
-          
+
          eval $(ssh-agent)
          ssh-add .id_rsa
-          
+
          cat <<EOF > "$GITHUB_ENV"
          SSH_AUTH_SOCK="$SSH_AUTH_SOCK"
          SSH_AGENT_PID=$SSH_AGENT_PID
          EOF

+      - run: nix flake check
 #      - run: nix flake update
      - run: nix build .#nixosConfigurations.orbi.config.system.build.toplevel
      - run: nix build .#nixosConfigurations.cream.config.system.build.toplevel
--- a/components/network/sshd/default.nix
+++ b/components/network/sshd/default.nix
@ -61,7 +61,7 @@ in
        # We might want to remove this once, openssh is fixed everywhere:
        # Workaround for CVE-2024-6387 and CVE-2024-6409
        # https://github.com/NixOS/nixpkgs/pull/323753#issuecomment-2199762128
-        settings.LoginGraceTime = 0;
+        # settings.LoginGraceTime = 0;
      };

      users.users.root.openssh.authorizedKeys.keyFiles = cfg.rootKeyFiles ++ defaultRootKeyFiles;
--- a/components/network/wireguard.nix
+++ b/components/network/wireguard.nix
@ -22,6 +22,12 @@ with lib;
  #  };
  #};

+  config = {
+    networking.extraHosts = ''
+      10.100.0.1 cache.orbi.wg0
+    '';
+  };
+

 }

--- a/flake.lock
+++ b/flake.lock
@ -53,11 +53,11 @@
    "base16-helix": {
      "flake": false,
      "locked": {
-        "lastModified": 1696727917,
-        "narHash": "sha256-FVrbPk+NtMra0jtlC5oxyNchbm8FosmvXIatkRbYy1g=",
+        "lastModified": 1720809814,
+        "narHash": "sha256-numb3xigRGnr/deF7wdjBwVg7fpbTH7reFDkJ75AJkY=",
        "owner": "tinted-theming",
        "repo": "base16-helix",
-        "rev": "dbe1480d99fe80f08df7970e471fac24c05f2ddb",
+        "rev": "34f41987bec14c0f3f6b2155c19787b1f6489625",
        "type": "github"
      },
      "original": {
@ -121,11 +121,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1720975977,
-        "narHash": "sha256-9x2Yjsw6t++go/jZ5prKGJFDl4b5+ei5eCgm10xorDI=",
+        "lastModified": 1721402843,
+        "narHash": "sha256-/DiRx6TgI/3KcrgO5SAs0FjLz68j7lqp3kf8MbfSCcw=",
        "owner": "nix-community",
        "repo": "buildbot-nix",
-        "rev": "93942c0a662b7c6ad80810ae9f99f80988a27b1d",
+        "rev": "5bdbb7609689989a79f7d6e6e59c4b7985634230",
        "type": "github"
      },
      "original": {
@ -148,11 +148,11 @@
        "treefmt-nix": "treefmt-nix_2"
      },
      "locked": {
-        "lastModified": 1720716544,
-        "narHash": "sha256-SoWNPWkxRaEvTs1w//AKIdFzU2N8WikpWgL69rW0aMI=",
+        "lastModified": 1721420605,
+        "narHash": "sha256-E2je0KB09PXoJE1ofL2GUYnwB+BIE7D5Y2Fy+F/2cJw=",
        "ref": "refs/heads/main",
-        "rev": "0bbab9484122735a5a42412be641a1af60da2039",
-        "revCount": 3395,
+        "rev": "f3c9c379e61d127b2c5a1f7a848dcdf0e7a307b3",
+        "revCount": 3512,
        "type": "git",
        "url": "https://git.clan.lol/clan/clan-core"
      },
@ -191,11 +191,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1720056646,
-        "narHash": "sha256-BymcV4HWtx2VFuabDCM4/nEJcfivCx0S02wUCz11mAY=",
+        "lastModified": 1720661479,
+        "narHash": "sha256-nsGgA14vVn0GGiqEfomtVgviRJCuSR3UEopfP8ixW1I=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "64679cd7f318c9b6595902b47d4585b1d51d5f9e",
+        "rev": "786965e1b1ed3fd2018d78399984f461e2a44689",
        "type": "github"
      },
      "original": {
@ -426,11 +426,11 @@
        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
-        "lastModified": 1720734513,
-        "narHash": "sha256-neWQ8eNtLTd+YMesb7WjKl1SVCbDyCm46LUgP/g/hdo=",
+        "lastModified": 1721135958,
+        "narHash": "sha256-H548rpPMsn25LDKn1PCFmPxmWlClJJGnvdzImHkqjuY=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "90ae324e2c56af10f20549ab72014804a3064c7f",
+        "rev": "afd2021bedff2de92dfce0e257a3d03ae65c603d",
        "type": "github"
      },
      "original": {
@ -467,11 +467,11 @@
      },
      "locked": {
        "dir": "nix",
-        "lastModified": 1720421296,
-        "narHash": "sha256-Pl8n7CkrurvRFGyWV6oi9jmxRHDcsrcM4AlUMYG0rwU=",
+        "lastModified": 1721284730,
+        "narHash": "sha256-eWPldqxXsqtbWrXflLEhZBjiSq0TJvIYoXQ/ExDKmls=",
        "owner": "kmonad",
        "repo": "kmonad",
-        "rev": "97a3dea051a3565e97f2bdde60473a2d78182b07",
+        "rev": "e5e839bcbedda23df0b8a3f8659edfa2c9bef8f8",
        "type": "github"
      },
      "original": {
@ -510,11 +510,11 @@
        "treefmt-nix": "treefmt-nix_3"
      },
      "locked": {
-        "lastModified": 1719852663,
-        "narHash": "sha256-83rF68wdvOc9iyHSIxlgk/PMoFXilIYabOxC+meamyo=",
+        "lastModified": 1720926282,
+        "narHash": "sha256-JOF4DNpKHzK7noVkh9tP+Rg9yZUyOBrEKPbdqKom5KI=",
        "owner": "nix-community",
        "repo": "nixos-anywhere",
-        "rev": "f99d120b3788a286989db4e592a698f5d310d2f6",
+        "rev": "daf19effbafba2cfeac4c41e17dccdd07ca86cb3",
        "type": "github"
      },
      "original": {
@ -525,11 +525,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1720737798,
-        "narHash": "sha256-G/OtEAts7ZUvW5lrGMXSb8HqRp2Jr9I7reBuvCOL54w=",
+        "lastModified": 1721413321,
+        "narHash": "sha256-0GdiQScDceUrVGbxYpV819LHesK3szHOhJ09e6sgES4=",
        "owner": "nixos",
        "repo": "nixos-hardware",
-        "rev": "c5013aa7ce2c7ec90acee5d965d950c8348db751",
+        "rev": "ab165a8a6cd12781d76fe9cbccb9e975d0fb634f",
        "type": "github"
      },
      "original": {
@ -549,11 +549,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1720055024,
-        "narHash": "sha256-c5rsiI1R7tnCDpcgfsa7ouSdn6wpctbme9TUp53CFyU=",
+        "lastModified": 1720659757,
+        "narHash": "sha256-ltzUuCsEfPA9CYM9BAnwObBGqDyQIs2OLkbVMeOOk00=",
        "owner": "nix-community",
        "repo": "nixos-images",
-        "rev": "f8650460d37d9d1820a93ebb7f0db5b6c3621946",
+        "rev": "5eddae0afbcfd4283af5d6676d08ad059ca04b70",
        "type": "github"
      },
      "original": {
@ -605,11 +605,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1720890539,
-        "narHash": "sha256-1K32XHPcQBo8XdLDQNybfLQc9I8hqSZdjA/Ur3zW/io=",
+        "lastModified": 1721215108,
+        "narHash": "sha256-aOiSBcftoGye0spDdIylZE6TVTo7C/B4atYH25tSemQ=",
        "owner": "Nixos",
        "repo": "nixpkgs",
-        "rev": "19116ccf234e32acf133863d430506da68008550",
+        "rev": "7edc243443b44444eba596557de03ee52beca2eb",
        "type": "github"
      },
      "original": {
@ -653,11 +653,11 @@
    },
    "nixpkgs-legacy_2405": {
      "locked": {
-        "lastModified": 1720691131,
-        "narHash": "sha256-CWT+KN8aTPyMIx8P303gsVxUnkinIz0a/Cmasz1jyIM=",
+        "lastModified": 1721226092,
+        "narHash": "sha256-UBvzVpo5sXSi2S/Av+t+Q+C2mhMIw/LBEZR+d6NMjws=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "a046c1202e11b62cbede5385ba64908feb7bfac4",
+        "rev": "c716603a63aca44f39bef1986c13402167450e0a",
        "type": "github"
      },
      "original": {
@ -681,11 +681,11 @@
    },
    "nixpkgs-unstable-small": {
      "locked": {
-        "lastModified": 1720760861,
-        "narHash": "sha256-/j6neSfVGNaW5BfNP1vD5fU6qYImnXStX9MANDzAqDk=",
+        "lastModified": 1721393053,
+        "narHash": "sha256-xNiw9gIxyF6xsyXCiFESPjxMjuVAfmr4sBpM9u2l5io=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "03bad7d9c068c6d73772148f314b69072a6bd179",
+        "rev": "a0691657e9634cfc001f02995cca394025e3e940",
        "type": "github"
      },
      "original": {
@ -760,11 +760,11 @@
    },
    "nixpkgs_6": {
      "locked": {
-        "lastModified": 1720542800,
-        "narHash": "sha256-ZgnNHuKV6h2+fQ5LuqnUaqZey1Lqqt5dTUAiAnqH0QQ=",
+        "lastModified": 1721379653,
+        "narHash": "sha256-8MUgifkJ7lkZs3u99UDZMB4kbOxvMEXQZ31FO3SopZ0=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "feb2849fdeb70028c70d73b848214b00d324a497",
+        "rev": "1d9c2c9b3e71b9ee663d11c5d298727dace8d374",
        "type": "github"
      },
      "original": {
@ -806,11 +806,11 @@
    },
    "nixpkgs_9": {
      "locked": {
-        "lastModified": 1720585496,
-        "narHash": "sha256-UONPcQR2r0voopd6pcNFmUv7p4TJPeAXzwnqWmaPujw=",
+        "lastModified": 1721215108,
+        "narHash": "sha256-aOiSBcftoGye0spDdIylZE6TVTo7C/B4atYH25tSemQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e01511309fe8b0432aa58a547365e51d5a3ecf85",
+        "rev": "7edc243443b44444eba596557de03ee52beca2eb",
        "type": "github"
      },
      "original": {
@ -983,11 +983,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1720321395,
-        "narHash": "sha256-kcI8q9Nh8/CSj0ygfWq1DLckHl8IHhFarL8ie6g7OEk=",
+        "lastModified": 1720926522,
+        "narHash": "sha256-eTpnrT6yu1vp8C0B5fxHXhgKxHoYMoYTEikQx///jxY=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "c184aca4db5d71c3db0c8cbfcaaec337a5d065ea",
+        "rev": "0703ba03fd9c1665f8ab68cc3487302475164617",
        "type": "github"
      },
      "original": {
@ -1001,11 +1001,11 @@
        "nixpkgs": "nixpkgs_9"
      },
      "locked": {
-        "lastModified": 1720691926,
-        "narHash": "sha256-VE9ZfWRbyBjps5GV8KXiF8XodAykmwRpcJtPiVWCu8M=",
+        "lastModified": 1721263500,
+        "narHash": "sha256-6l0+MciXkktANuZ+Rwc6BZJxtMi7jHZRiSnzG+xpwyk=",
        "owner": "nix-community",
        "repo": "srvos",
-        "rev": "e3e8ff545ef14f13c69a0f743078637fde952018",
+        "rev": "ef4f2248e1bbd84a0dd269ab31b9927d9c0bf2e6",
        "type": "github"
      },
      "original": {
@ -1033,11 +1033,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1719525570,
-        "narHash": "sha256-xSO/H67GAHEW0siD2PHoO/e97MbROL3r3s5SpF6A6Dc=",
+        "lastModified": 1721429336,
+        "narHash": "sha256-DTJUvI4Xkj4KC5tdq15OEUkPpk7Ebvqcz356dIT6jtY=",
        "owner": "danth",
        "repo": "stylix",
-        "rev": "1ff9d37d27377bfe8994c24a8d6c6c1734ffa116",
+        "rev": "6bbae4f85b891df2e6e48b649919420434088507",
        "type": "github"
      },
      "original": {
@ -1105,11 +1105,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1720818892,
-        "narHash": "sha256-f52x9srIcqQm1Df3T+xYR5P6VfdnDFa2vkkcLhlTp6U=",
+        "lastModified": 1721059077,
+        "narHash": "sha256-gCICMMX7VMSKKt99giDDtRLkHJ0cwSgBtDijJAqTlto=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "5b002f8a53ed04c1a4177e7b00809d57bd2c696f",
+        "rev": "0fb28f237f83295b4dd05e342f333b447c097398",
        "type": "github"
      },
      "original": {
@ -1126,11 +1126,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1720436211,
-        "narHash": "sha256-/cKXod0oGLl+vH4bKBZnTV3qxrw4jgOLnyQ8KXey5J8=",
+        "lastModified": 1720930114,
+        "narHash": "sha256-VZK73b5hG5bSeAn97TTcnPjXUXtV7j/AtS4KN8ggCS0=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "6fc8bded78715cdd43a3278a14ded226eb3a239e",
+        "rev": "b92afa1501ac73f1d745526adc4f89b527595f14",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -179,6 +179,7 @@
          assets = ./assets;
          factsGenerator = clan-fact-generators.lib { inherit pkgs; };
          clanLib = import ./lib/clanlib.nix { inherit (pkgs) lib; machineDir = ./machines; };
+          zerotierDeviceName = "ztbn67ogn2";
        };
      };

@ -251,9 +252,14 @@
          ];
        })
        # configure nix
-        ({ pkgs, lib, ... }:
+        ({ pkgs, lib, clanLib, ... }:
          {
-            nix.settings.substituters = [ "https://cache.nixos.org/" ];
+            nix.settings.substituters = [
+              "http://cache.orbi.wg0/"
+            ];
+            nix.settings.trusted-public-keys = [
+              (clanLib.readFact "nix-serve.pub" "orbi")
+            ];
            nix.settings.experimental-features = [ "nix-command" "flakes" ];
            nix.settings.max-jobs = 1;
            # no channesl needed this way
--- a/machines/orbi/configuration.nix
+++ b/machines/orbi/configuration.nix
@ -16,6 +16,7 @@
    ./service-vaultwarden.nix
    #./service-surrealdb.nix # not really needed at the moment
    ./service-vikunja.nix
+    ./service-nix-cache.nix

    ./nginx-ingolf-wagner-de.nix
    ./nginx-wkd.nix
--- a/machines/orbi/facts/nix-serve.pub
+++ b/machines/orbi/facts/nix-serve.pub
@ -0,0 +1 @@
+cache.orbi.wg0:TAQd7qqh08yKkCU6WofWTVH1ORFAnmwxZJaYXWtuojQ=
--- a/machines/orbi/service-forgejo-runner.nix
+++ b/machines/orbi/service-forgejo-runner.nix
@ -17,7 +17,7 @@ in
  };
  users.groups.gitea-runner = { };

-  clanCore.facts.services.gitea-runner = {
+  clan.core.facts.services.gitea-runner = {
    secret."gitea-runner.token" = { };
    generator = {
      prompt = "please enter your gitea-runner password";
@ -51,7 +51,7 @@ in
        pkgs.openssh
      ];
      url = "https://git.ingolf-wagner.de";
-      tokenFile = config.clanCore.facts.services.gitea-runner.secret."gitea-runner.token".path;
+      tokenFile = config.clan.core.facts.services.gitea-runner.secret."gitea-runner.token".path;
      name = "fick_deine_mudda";
      labels = [
        # provide a debian base with nodejs for actions
--- a/machines/orbi/service-nix-cache.nix
+++ b/machines/orbi/service-nix-cache.nix
@ -0,0 +1,47 @@
+{ config, lib, pkgs, ... }:
+{
+
+  # nixpkgs.config.packageOverrides = p: {
+  #   nix-serve = p.haskellPackages.nix-serve-ng;
+  # };
+
+  # generate private key with:
+  # nix-store --generate-binary-cache-key my-secret-key my-public-key
+  clan.core.facts.services."nix-serve" = {
+    secret."nix-serve.key" = { };
+    public."nix-serve.pub" = { };
+    generator.path = with pkgs; [ coreutils nix ];
+    generator.script = ''
+      nix-store --generate-binary-cache-key "cache.${config.networking.hostName}.wg0" nix-serve.key nix-serve.pub
+      mv nix-serve.key "$secrets"/nix-serve.key
+      mv nix-serve.pub "$facts"/nix-serve.pub
+    '';
+  };
+
+  services.nix-serve = {
+    enable = true;
+    secretKeyFile = config.clan.core.facts.services.nix-serve.secret."nix-serve.key".path;
+    port = 5005;
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts."cache.${config.networking.hostName}.wg0" = {
+      locations."/".extraConfig = ''
+        proxy_pass http://localhost:${toString config.services.nix-serve.port};
+        allow ${config.wireguard.wg0.subnet};
+        deny all;
+      '';
+      locations."= /nix-cache-info".extraConfig = ''
+        alias ${pkgs.writeText "cache-info" ''
+          StoreDir: /nix/store
+          WantMassQuery: 1
+          Priority: 42
+        ''};
+        allow ${config.wireguard.wg0.subnet};
+        deny all;
+      '';
+    };
+  };
+}
+
Author	SHA1	Message	Date
Ingolf Wagner	0aad87d144	upgrade All checks were successful / build (push) Successful in 1h37m43s Details	2024-07-20 14:26:47 +02:00
Ingolf Wagner	1c78afe0cc	update Some checks failed / build (push) Failing after 3h14m35s Details	2024-07-20 14:17:18 +02:00
Ingolf Wagner	6a07f4259a	working on using new created cache	2024-07-20 13:56:03 +02:00
				`@ -0,0 +1 @@`
				`cache.orbi.wg0:TAQd7qqh08yKkCU6WofWTVH1ORFAnmwxZJaYXWtuojQ=`