Switch nix-serve for harmonia

2024-08-16 17:03:12 +02:00 · 2024-08-16 17:03:12 +02:00 · 733388ec86
parent e79217aa02
commit 733388ec86
3 changed files with 13 additions and 10 deletions
--- a/modules/services/nix-cache/default.nix
+++ b/modules/services/nix-cache/default.nix
@ -3,6 +3,8 @@
 with { inherit (lib) mkEnableOption mkOption types mkIf; };
 let
  cfg = config.nki.services.nix-cache;
+
+  bindAddr = "127.0.0.1:5000";
 in
 {
  options.nki.services.nix-cache = {
@ -31,18 +33,17 @@ in

  config = {
    nix.settings = mkIf cfg.enableClient {
-      substituters = [ "http://${cfg.host}" ];
+      substituters = lib.mkAfter [ "http://${cfg.host}" ];
      trusted-public-keys = [ cfg.publicKey ];
    };

-    services.nix-serve = mkIf cfg.enableServer {
+    services.harmonia = mkIf cfg.enableServer {
      enable = true;
-      secretKeyFile = cfg.privateKeyFile;
-    };
-
-    users = mkIf cfg.enableServer {
-      users.nix-serve = { group = "nix-serve"; isSystemUser = true; };
-      groups.nix-serve = { };
+      signKeyPaths = [ cfg.privateKeyFile ];
+      settings = {
+        bind = bindAddr;
+        priority = 45;
+      };
    };

    services.nginx = mkIf cfg.enableServer {
@ -51,7 +52,7 @@ in
      virtualHosts = {
        # ... existing hosts config etc. ...
        "${cfg.host}" = {
-          locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
+          locations."/".proxyPass = "http://${bindAddr}";
        };
      };
    };
--- a/nki-framework/configuration.nix
+++ b/nki-framework/configuration.nix
@ -21,6 +21,8 @@
  common.linux.sops.enable = true;
  common.linux.sops.file = ./secrets.yaml;

+  services.nix-build-farm.enable = false;
+
  # services.xserver.enable = true;
  # services.xserver.displayManager.sddm.enable = true;
  # services.xserver.displayManager.sddm.wayland.enable = true;
--- a/nki-home/configuration.nix
+++ b/nki-home/configuration.nix
@ -32,7 +32,7 @@ with lib;
  common.linux.sops.file = ./secrets.yaml;

  # Nix cache server
-  sops.secrets."nix-cache/private-key" = { owner = "nix-serve"; group = "nix-serve"; mode = "0600"; };
+  sops.secrets."nix-cache/private-key" = { owner = "harmonia"; group = "harmonia"; mode = "0600"; };
  nki.services.nix-cache = {
    enableServer = true;
    privateKeyFile = config.sops.secrets."nix-cache/private-key".path;