Serve the nix store from hut

m/hut/configuration.nix

@@ -9,6 +9,7 @@
     ./monitoring.nix
     ./nfs.nix
     ./slurm-daemon.nix
+    ./nix-serve.nix
     #./pxe.nix
   ];
 

m/hut/nix-serve.nix

@@ -0,0 +1,16 @@
+{ config, ... }:
+
+{
+  age.secrets.nixServe.file = ../../secrets/nix-serve.age;
+
+  services.nix-serve = {
+    enable = true;
+    # Only listen locally, as we serve it via ssh
+    bindAddress = "127.0.0.1";
+    port = 5000;
+
+    secretKeyFile = config.age.secrets.nixServe.path;
+    # Public key:
+    # jungle.bsc.es:pEc7MlAT0HEwLQYPtpkPLwRsGf80ZI26aj29zMw/HH0=
+  };
+}

secrets/nix-serve.age

@@ -0,0 +1,12 @@
+age-encryption.org/v1
+-> ssh-ed25519 HY2yRg d144D+VvxhYgKtH//uD2qNuVnYX6bh74YqkyM3ZjBwU
+0IeVmFAf4U8Sm0d01O6ZwJ1V2jl/mSMl4wF0MP5LrIg
+-> ssh-ed25519 CAWG4Q H4nKxue/Cj/3KUF5A+/ygHMjjArwgx3SIWwXcqFtyUo
+4k5NJkLUrueLYiPkr2LAwQLWmuaOIsDmV/86ravpleU
+-> ssh-ed25519 MSF3dg HpgUAFHLPs4w0cdJHqTwf8lySkTeV9O9NnBf49ClDHs
+foPIUUgAYe1YSDy6+aMfjN7xv9xud9fDmhRlIztHoEo
+-> vLkF\<-grease
+3GRT+W8gYSpjl/a6Ix9+g9UJnTpl1ZH/oucfR801vfE8y77DV2Jxz/XJwzxYxKG5
+YEhiTGMNbXw/V7E5aVSz6Bdc
+--- GtiHKCZdHByq9j0BSLd544PhbEwTN138E8TFdxipeiA
+¥¿£‹„ÝG$Sº¼ƒRAæÀ¾Th]nÄ8<C384>,ùHœsÈïÚ=p¼™Ù'»<>ô+ôjõÓõŒ9±)ñ:”)‘¸œYâþÑ8³IØõ8:ol<6F>ë’<1F>åÃZÐæ3–PM”F;ÊrYõ“ÞÛ<1F>$¨­y¸LâÙœ¦ÎœàÕUús16Ǿ¡LŒb÷¨²

secrets/secrets.nix

@@ -8,6 +8,7 @@ in
 {
   "ovni-token.age".publicKeys = hut;
   "nosv-token.age".publicKeys = hut;
+  "nix-serve.age".publicKeys = hut;
 
   "ceph-user.age".publicKeys = safe;
   "munge-key.age".publicKeys = safe;