diff --git a/dnscontrol/dnsconfig.js b/dnscontrol/dnsconfig.js index b0cec61b9..4b0b87030 100644 --- a/dnscontrol/dnsconfig.js +++ b/dnscontrol/dnsconfig.js @@ -59,6 +59,7 @@ var cnames = { "nixpkgs-update-logs": "build02", "nur-update": "build03", "prometheus": "web02", + "temp-cache": "build03", }; var records = []; diff --git a/flake.nix b/flake.nix index d5eecd7f5..247f98996 100644 --- a/flake.nix +++ b/flake.nix @@ -1,9 +1,13 @@ { description = "NixOS configuration of our builders"; - nixConfig.extra-substituters = [ "https://nix-community.cachix.org" ]; + nixConfig.extra-substituters = [ + "https://nix-community.cachix.org" + "https://temp-cache.nix-community.org" + ]; nixConfig.extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "temp-cache.nix-community.org-1:RSXIfGjilfBsilDvj03/VnL/9qAxacBnb1YQvSdCoDc=" ]; inputs = { diff --git a/hosts/build03/cache.nix b/hosts/build03/cache.nix new file mode 100644 index 000000000..efd0d8645 --- /dev/null +++ b/hosts/build03/cache.nix @@ -0,0 +1,26 @@ +{ config, ... }: +{ + # temp-cache.nix-community.org-1:RSXIfGjilfBsilDvj03/VnL/9qAxacBnb1YQvSdCoDc= + + sops.secrets.harmonia-key = { }; + + services.harmonia = { + enable = true; + signKeyPaths = [ config.sops.secrets.harmonia-key.path ]; + settings.priority = 50; # prefer c.n.o + }; + + services.nginx.virtualHosts."temp-cache.nix-community.org" = { + locations."/" = { + extraConfig = '' + proxy_pass http://127.0.0.1:5000; + proxy_set_header Host $host; + proxy_redirect http:// https://; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + ''; + }; + }; +} diff --git a/hosts/build03/default.nix b/hosts/build03/default.nix index d29be6414..2337781e7 100644 --- a/hosts/build03/default.nix +++ b/hosts/build03/default.nix @@ -2,6 +2,7 @@ { imports = [ ./builders.nix + ./cache.nix ./postgresql.nix inputs.self.nixosModules.buildbot inputs.self.nixosModules.cgroups diff --git a/hosts/build03/secrets.yaml b/hosts/build03/secrets.yaml index a93cd474e..18f6c3f45 100644 --- a/hosts/build03/secrets.yaml +++ b/hosts/build03/secrets.yaml @@ -9,6 +9,7 @@ buildbot-github-oauth-secret: ENC[AES256_GCM,data:C5P54zotOwe3u2cOsJMKEVmZVH6hrL buildbot-github-webhook-secret: ENC[AES256_GCM,data:AtUFcOjLivJt8np5451Wfol5s48R4vW5gJPisT+hMD7dFAvucKriQEY+mcAMqL1X6w==,iv:oBKj9XXu/4mkeH+3KkMlWSx8GnMoXwBugNuG8Uu3XtU=,tag:8cBZVE7TOJf3QEqxfsuF8g==,type:str] buildbot-nix-worker-password: ENC[AES256_GCM,data:TaMHVzlzuAHfTBAyqG5JJFwpG2We+wlXva3YJnNkO9KSX9PIhnRHVES72jO63AkhvfBVEg==,iv:rTpaiCYcedcsy115BEDep68Mehb6knes7OxvBrEOrUQ=,tag:dD4Hg4oR3SfpYdP1e8V2jA==,type:str] buildbot-effects-nix-community-infra: ENC[AES256_GCM,data:wAYSvEza+1xjT/rIp5MtR3HEQe3OscRBtrWF/f6G/z+ftaiWXMfWhW9X8z53I20lzx9a6BqmO4jcWAGmXRSV4TX6wxKsUP9BnzxTImDS41zWfOtHV9sDifk6jmVJyAAsrY8CrebGTmPvWUXEUMmAZkUorQkv8gfxoL66GCtPfqa7d1OSKX8rAXd1YAJL58aXFeD6X6iZqo2tVd1OhlmUuFj5oum+9uLPjCY54IfilLlERw5DdTPDhMBdKt5owR0dpJDmp9t8i0AV2j4Hm36ZsY8L9ket1iB04MlapsUI24RiXHk+aFJqSy+0onvmqeniiBeaa106YomSQAS1cyOp0U+Rcqwhtnh9MNUZzciVXi2F5nkPzA3OcbQh8MDcJ/66z/VUkSac0iMXvr/47d5V0XCm9JSKXuijOUGTu9LRbdEAAQ+gsZ/Z8i6+9d75CeSoVH5Mtm7eU4CbhloNmpAcz5qyFf+sRgWz5qK8z1MwT795P/P/Oi2YQswtwnyLO7UkQ5tCrE+qcFxM9cAAcJzkzGctB5QdHDaPkkpMGic8vpAoYgx3t7Qmasuef96Fhhj4lk10sTTUrWZlnFbmduO/fDOULvisnW/BTpYsnsIPSKREg8wQAu7Fiu9EO0TZOagAQf03EiFDcxosetxPJIXoNWsZK/1LsX+7SnBBklVDtwxu6urOUCW8vYXD4aGZvkTGc6O6vwiOs+oEHd6J7Mes/+23hTzldnFobodwnzbRNVt/WT2FQjX5qFehyxbARL+EtT4MQC4sWGpXSybUs10=,iv:rdLHfK4NbCaMIIhhQd2MfVf1DdKKF9Sqe4Kxuy57yok=,tag:DPxsDTLIhA0d4KPXwseL9g==,type:str] +harmonia-key: ENC[AES256_GCM,data:J75n5ltSXTM2FcJJ2/J1zmGBdluLx5r6hk2hnvsufzhurmMd15JfZ48PXpcmmXruunjI7ESu731QsiZyXRILvCYY4n8I0TLI+MjhZkZeQMoYi+BGy+DJh+AoKdmy/uKSdZArnQU1dUBNXrAVmdjuWbF0Ca/w5oEm,iv:bM9h6TJw6gh0xLOtKTdPkABG0amTji4/692copvCHx8=,tag:b5HzLU0mtvBIF/AEnjMI+Q==,type:str] sops: age: - recipient: age1qg7tfjwzp6dxwkw9vej6knkhdvqre3fu7ryzsdk5ggvtdx854ycqevlwnq @@ -65,7 +66,7 @@ sops: WUZQSGQyQy9halJsRTIvb1FGV08zZEEKmjlYY6epTuZKRBcVyjPvJI5XKQtP5Yag FMrI+M6hUeyBeCade5C+Y4eGQbt57BWLmsX7u0J1WTlkUSS5j7+wPg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-31T22:39:35Z" - mac: ENC[AES256_GCM,data:ElmfLZnKsI6bctc8/bQIvP922g6PUVjMfvqC+jEorAkXrqzHOKKNgnglNOUCsgGwOtTNIcoc8/LWZdTlNLECssjIbKYAOXIrbH8m3tS+8eLO4iP1NfYs7xkJfjBkeYNmIxLHLX9IcIEMI5qHFNAKQpRyyIDLEmLHETCcxd7vqGs=,iv:zOycJAh3X1e+R/9XTo+hCYcpeM+5OXgXOI+QY3YXY9s=,tag:lWUd/IfLTIvIge1JhBOq5w==,type:str] + lastmodified: "2025-04-03T00:01:38Z" + mac: ENC[AES256_GCM,data:LVtM9u7yi7eCMGemQhBQG5mJ8g1iRoL+bBl4MJsvWFh/9BTP1jnMh+nfUz947CnAiPUnBpIK0EV1lxqrRT67O5bTfVReHMQfmSBUgjFqOBJEQywvGNucumGE1n/iSpzj3gwoDlWlMWmq2lzofOEQOTsbXSHCzz8nWXyZ6HxjYKQ=,iv:zxgRFZo1VTWpOYdQCEC/YMgSGMX1/sN1iKqFXEcJ+U8=,tag:2c/xd9M6VfVcMOnIMMnW+w==,type:str] unencrypted_suffix: _unencrypted - version: 3.10.0 + version: 3.10.1 diff --git a/modules/shared/nix-daemon.nix b/modules/shared/nix-daemon.nix index babd2d99e..771227cee 100644 --- a/modules/shared/nix-daemon.nix +++ b/modules/shared/nix-daemon.nix @@ -16,9 +16,13 @@ in nix = { settings.trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "temp-cache.nix-community.org-1:RSXIfGjilfBsilDvj03/VnL/9qAxacBnb1YQvSdCoDc=" ]; - settings.substituters = [ "https://nix-community.cachix.org" ]; + settings.substituters = [ + "https://nix-community.cachix.org" + "https://temp-cache.nix-community.org" + ]; # auto-free the /nix/store settings.min-free = asGB 1;