From 397bf4932652cb0ddfee24a42ec4621ee230e021 Mon Sep 17 00:00:00 2001 From: oqyude Date: Sun, 3 May 2026 20:04:25 +0300 Subject: [PATCH] nix-serve added --- .gitignore | 1 + modules/essentials/settings.nix | 6 ++++-- modules/server/default.nix | 1 + modules/server/nix-serve.nix | 24 ++++++++++++++++++++++++ modules/server/secrets/nix-serve.yaml | 16 ++++++++++++++++ 5 files changed, 46 insertions(+), 2 deletions(-) create mode 100644 .gitignore create mode 100644 modules/server/nix-serve.nix create mode 100644 modules/server/secrets/nix-serve.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..600d2d3 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.vscode \ No newline at end of file diff --git a/modules/essentials/settings.nix b/modules/essentials/settings.nix index 4b6cf5a..c1be027 100644 --- a/modules/essentials/settings.nix +++ b/modules/essentials/settings.nix @@ -15,6 +15,7 @@ settings = { require-sigs = false; substituters = [ + "http://100.64.0.0:5000" "https://cache.nixos.org" "https://nix-community.cachix.org" "https://mirror.yandex.ru/nixos" @@ -26,10 +27,11 @@ # "https://nixos.snix.store" # https://nixos.snix.store/ ]; trusted-public-keys = [ + "cache.local:be5jFLkiwNyOep/McxSafB3jguBmztxx+oJ46ySyc/s=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; - stalled-download-timeout = 4; - connect-timeout = 4; + stalled-download-timeout = 8; + connect-timeout = 8; auto-optimise-store = true; fallback = true; allow-import-from-derivation = true; diff --git a/modules/server/default.nix b/modules/server/default.nix index 2faf0e3..4d7af11 100644 --- a/modules/server/default.nix +++ b/modules/server/default.nix @@ -14,6 +14,7 @@ ./netdata.nix ./nextcloud.nix ./nginx.nix + ./nix-serve.nix ./open-webui.nix ./postgresql.nix ./samba.nix diff --git a/modules/server/nix-serve.nix b/modules/server/nix-serve.nix new file mode 100644 index 0000000..56bc86a --- /dev/null +++ b/modules/server/nix-serve.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + pkgs, + ... +}: +{ + services = { + nix-serve = { + enable = true; + openFirewall = true; + port = 5000; + bindAddress = "0.0.0.0"; + secretKeyFile = config.sops.secrets.private-key.path; + }; + }; + sops.secrets = { + private-key = { + key = "private-key"; + sopsFile = ./secrets/nix-serve.yaml; + mode = "0600"; + }; + }; +} diff --git a/modules/server/secrets/nix-serve.yaml b/modules/server/secrets/nix-serve.yaml new file mode 100644 index 0000000..ada8bf3 --- /dev/null +++ b/modules/server/secrets/nix-serve.yaml @@ -0,0 +1,16 @@ +private-key: ENC[AES256_GCM,data:VTj1cmhYLbBuUnIgtXI3CZtULaNZ5XOpoheJB0gUwrWrH5B0rmxcvZLlJWX7xhGs4oqcC3Wwmo+TBPhcgGylLVdCuhJG5A94UwOa9ZIV4s3x3IJ4RU3UcHTsA0xdtw7XxBfryw==,iv:8oZCojIU0JXWJgE5t+fNNW9trC109yOJp1UGAV76FbU=,tag:S74cHFy9B8C29npdcoVBeg==,type:str] +sops: + age: + - recipient: age13l2gtk0nzr484zprp7e0pkrt0ne0j4asyn2pjmlaw73nte7t7d8q4sqtxm + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6MHBkYzZneEdhUlN5MEpx + NGxud1BkVU1NUFdyVFE2VDJWb1M2cW9IcUVFCm9QZ3RvNHFaeWpFbnZ3Q1dKSDdn + RHQvUDgrZHRiUHpSR3FrWXRkQUxXWGMKLS0tIERsemNuL1BwR2xYYUpmbVFROWtN + RGI1WlRGMzlkS2tqQ0JPSFJHTUY1TUkKDeaivc+ST8MYtnJEDx07Y+IhtpvblR47 + SLZf6WKQ8WNY4Bb5VeMWiCABPP/2L+VwoACqkOdZ01yGUVQSc9X6tw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-05-03T17:05:41Z" + mac: ENC[AES256_GCM,data:6jNp7N7lIvsLez3zQbDKTWPyvkL8u9g34I3q27GudgXzYw8B3Pb26jc9dCYCxCylCZxN5IeWWyHvUt4PadQABI4jrrIKnIfVV1A2c+A90chu+xSyE/B9OhkSC7yYVOnCURJPYku8799RIRkpHAWeKawkydbOiszCiC3qIKZDSTQ=,iv:xXivLDNnTABlNeWOOWsCESDUOnFv+9Lh0o029r7rk+A=,tag:vUoIZjcNtE3xJX/jNCao7Q==,type:str] + unencrypted_suffix: _unencrypted + version: 3.12.2