From 75b0f48715b88fe06c159eb33193517e9663738b Mon Sep 17 00:00:00 2001 From: Rodrigo Arias Mallo Date: Tue, 12 Sep 2023 12:19:43 +0200 Subject: [PATCH] Serve the nix store from hut --- m/hut/configuration.nix | 1 + m/hut/nix-serve.nix | 16 ++++++++++++++++ secrets/nix-serve.age | 12 ++++++++++++ secrets/secrets.nix | 1 + 4 files changed, 30 insertions(+) create mode 100644 m/hut/nix-serve.nix create mode 100644 secrets/nix-serve.age diff --git a/m/hut/configuration.nix b/m/hut/configuration.nix index fc4d2ab..9187812 100644 --- a/m/hut/configuration.nix +++ b/m/hut/configuration.nix @@ -9,6 +9,7 @@ ./monitoring.nix ./nfs.nix ./slurm-daemon.nix + ./nix-serve.nix #./pxe.nix ]; diff --git a/m/hut/nix-serve.nix b/m/hut/nix-serve.nix new file mode 100644 index 0000000..35ccd72 --- /dev/null +++ b/m/hut/nix-serve.nix @@ -0,0 +1,16 @@ +{ config, ... }: + +{ + age.secrets.nixServe.file = ../../secrets/nix-serve.age; + + services.nix-serve = { + enable = true; + # Only listen locally, as we serve it via ssh + bindAddress = "127.0.0.1"; + port = 5000; + + secretKeyFile = config.age.secrets.nixServe.path; + # Public key: + # jungle.bsc.es:pEc7MlAT0HEwLQYPtpkPLwRsGf80ZI26aj29zMw/HH0= + }; +} diff --git a/secrets/nix-serve.age b/secrets/nix-serve.age new file mode 100644 index 0000000..f59c323 --- /dev/null +++ b/secrets/nix-serve.age @@ -0,0 +1,12 @@ +age-encryption.org/v1 +-> ssh-ed25519 HY2yRg d144D+VvxhYgKtH//uD2qNuVnYX6bh74YqkyM3ZjBwU +0IeVmFAf4U8Sm0d01O6ZwJ1V2jl/mSMl4wF0MP5LrIg +-> ssh-ed25519 CAWG4Q H4nKxue/Cj/3KUF5A+/ygHMjjArwgx3SIWwXcqFtyUo +4k5NJkLUrueLYiPkr2LAwQLWmuaOIsDmV/86ravpleU +-> ssh-ed25519 MSF3dg HpgUAFHLPs4w0cdJHqTwf8lySkTeV9O9NnBf49ClDHs +foPIUUgAYe1YSDy6+aMfjN7xv9xud9fDmhRlIztHoEo +-> vLkF\<-grease +3GRT+W8gYSpjl/a6Ix9+g9UJnTpl1ZH/oucfR801vfE8y77DV2Jxz/XJwzxYxKG5 +YEhiTGMNbXw/V7E5aVSz6Bdc +--- GtiHKCZdHByq9j0BSLd544PhbEwTN138E8TFdxipeiA +¥¿£‹„ÝG$Sº¼ƒRAæÀ¾Th]nÄ8,ùHœsÈïÚ=p¼™Ù'»ô+ôjõÓõŒ9±)ñ:”)‘¸œYâþÑ8³IØõ8:olë’åÃZÐæ3–PM”F;ÊrYõ“ÞÛ$¨­y¸LâÙœ¦ÎœàÕUús16Ǿ¡LŒb÷¨² \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 9dce058..95b43ac 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -8,6 +8,7 @@ in { "ovni-token.age".publicKeys = hut; "nosv-token.age".publicKeys = hut; + "nix-serve.age".publicKeys = hut; "ceph-user.age".publicKeys = safe; "munge-key.age".publicKeys = safe;