feat: set up cache

2026-03-07 10:59:55 +01:00 · 2025-06-30 21:00:51 +02:00 · 2025-06-30 21:00:51 +02:00 · 56cc86052f
commit 56cc86052f
parent 4c899bbfc6
6 changed files with 51 additions and 8 deletions
--- a/hosts/thegeneralist-central/cache/default.nix
+++ b/hosts/thegeneralist-central/cache/default.nix
@ -0,0 +1,27 @@
+{ pkgs, config, ... }: let
+  domain = "cache.thegeneralist01.com";
+
+  ssl = {
+    quic        = true;
+    useACMEHost = "thegeneralist01.com";
+  };
+in {
+  age.secrets.cacheSigningKey.file = ./key.age;
+  services.nix-serve = {
+    enable = true;
+    package = pkgs.nix-serve-ng;
+    secretKeyFile = config.age.secrets.cacheSigningKey.path;
+    port = 1337;
+    openFirewall = false;
+  };
+
+  services.nginx.virtualHosts.${domain} = ssl // {
+    locations."/".proxyPass = "http://127.0.0.1:1337";
+    locations."= /".return = "301 https://thegeneralist01.com/404";
+
+    extraConfig = /* nginx */ ''
+      proxy_intercept_errors on;
+      error_page 404 = thegeneralist01.com/404.html;
+    '';
+  };
+}
--- a/hosts/thegeneralist-central/cache/key.age
+++ b/hosts/thegeneralist-central/cache/key.age
@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 pp9qdQ 7QBh40bF+3U+uQaQiZNMVsIWX2ZX162OKbuzgNwIR3A
+Fj2ACjgfeswbIt+ril51zlNaacqgMzkl8p3CQpiUGFo
+--- yVZxFaEnzft0ovxvy0CbdIZso0qVMyFPGocBRiONTQM
+b²Q^4öø4ƒy!Rq9+AE6î²ÓòÅåW&ÃÇÃt[Ñç.ƒ…â/<2F>ª„ª™J¼<4A>#Bu„zwIïêÖ/ÊGCo¼xÕn©™0Ö1·J¡ckJv/¸p¤qwÿûz B/ßíëÖy<C396>$,¥;I–À3©wˆYÙ»üòSÔ
+ë³ÑP2‡
+_
ƒÀ”Á_µõDPž
--- a/hosts/thegeneralist-central/configuration.nix
+++ b/hosts/thegeneralist-central/configuration.nix
@ -5,7 +5,7 @@
 { self, config, pkgs, lib, inputs, ... }:

 {
-  imports = [ ./hardware-configuration.nix ./site.nix ];
+  imports = [ ./hardware-configuration.nix ./site.nix ./cache ];

  users.users.thegeneralist = {
    isNormalUser = true;
--- a/hosts/thegeneralist-central/site.nix
+++ b/hosts/thegeneralist-central/site.nix
@ -66,6 +66,7 @@ in {
      ingress = {
        "thegeneralist01.com" = "http://localhost:80";
        "www.thegeneralist01.com" = "http://localhost:80";
+        "cache.thegeneralist01.com" = "http://localhost:80";
      };
      default = "http_status:404";

--- a/modules/common/nix.nix
+++ b/modules/common/nix.nix
@ -1,17 +1,24 @@
 { pkgs, lib, ...}: {
  # todo: gc
-  # todo: cache
  environment.systemPackages = with pkgs; [
    nh
  ];

-  lib.debug.traceVal = pkgs.nh;
+  nix.settings = {
+    experimental-features = [
+      "flakes"
+      "nix-command"
+      "pipe-operators"
+    ];

-  nix.settings.experimental-features = [
-    "flakes"
-    "nix-command"
-    "pipe-operators"
-  ];
+    extra-substituters = [
+      "https://cache.thegeneralist01.com/"
+    ];
+
+    extra-trusted-public-keys = [
+      "etc.thegeneralist01.com:BIhIf7HJ5xjFX+2e0WrGDQ4LdHeEEyQrtWBB1li2Ve8="
+    ];
+  };

  home-manager.sharedModules  = [{
    programs.nh = {
--- a/secrets.nix
+++ b/secrets.nix
@ -7,6 +7,7 @@ in {
  "hosts/thegeneralist-central/acme/acmeEnvironment.age".publicKeys = [ thegeneralist ];
  "hosts/thegeneralist-central/cert.pem.age".publicKeys = [ thegeneralist ];
  "hosts/thegeneralist-central/credentials.age".publicKeys = [ thegeneralist ];
+  "hosts/thegeneralist-central/cache/key.age".publicKeys = [ thegeneralist ];

  "modules/linux/tailscale-marshall.age".publicKeys = [ thegeneralist ];
 }