feat: Use mirai as substituter

2024-11-22 20:27:10 +05:30
parent 5a1729328e
commit f26456606b
9 changed files with 62 additions and 60 deletions
--- a/nixos/mirai/configuration.nix
+++ b/nixos/mirai/configuration.nix
@@ -10,15 +10,13 @@
    ./services.nix
  ];
  security.sudo.wheelNeedsPassword = false;
-
-  sops.defaultSopsFile = ../../secrets/secrets.yaml;
-  sops.defaultSopsFormat = "yaml";
-  sops.age.keyFile = "/home/fs0c131y/.config/sops/age/keys.txt";
-  sops.secrets."nextcloud/adminpass" = {
-    owner = config.users.users.nextcloud.name;
-  };
-  sops.secrets."llama/user" = {
-    owner = config.services.caddy.user;
+  sops = {
+    defaultSopsFile = ../../secrets/secrets.yaml;
+    defaultSopsFormat = "yaml";
+    age.keyFile = "/home/fs0c131y/.config/sops/age/keys.txt";
+    secrets."nextcloud/adminpass".owner = config.users.users.nextcloud.name;
+    secrets."llama/user".owner = config.services.caddy.user;
+    secrets."builder/mirai/cache/private" = {};
  };

  # Use the systemd-boot EFI boot loader.
@@ -35,6 +33,7 @@
      build-users-group = nixbld
      extra-nix-path = nixpkgs=flake:nixpkgs
      builders-use-substitutes = true
+      secret-key-files = ${config.sops.secrets."builder/mirai/cache/private".path}
    '';
    gc = {
      automatic = true;
--- a/nixos/mirai/services.nix
+++ b/nixos/mirai/services.nix
@@ -8,36 +8,32 @@
    factorio-headless
  ];
  sops = {
-    secrets = {
-      "authelia/darksailor/jwtSecret" = {
-        owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
-      };
-      "authelia/darksailor/storageEncryptionSecret" = {
-        owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
-      };
-    };
+    # secrets = {
+    #   "authelia/darksailor/jwtSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
+    #   "authelia/darksailor/storageEncryptionSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
+    # };
  };
  services = {
-    authelia = {
-      instances.darksailor = {
-        enable = true;
-        settings = {
-          # server = {
-          #   address = "unix:///run/authelia/authelia.sock";
-          # };
-          # session.domain = "auth.darksailor.dev";
-          access_control = {
-            rules = {
-            };
-          };
-          storage = "local";
-        };
-        secrets = {
-          jwtSecretFile = config.sops.secrets."authelia/darksailor/jwtSecret".path;
-          storageEncryptionKeyFile = config.sops.secrets."authelia/darksailor/storageEncryptionSecret".path;
-        };
-      };
-    };
+    # authelia = {
+    #   instances.darksailor = {
+    #     enable = false;
+    #     settings = {
+    #       # server = {
+    #       #   address = "unix:///run/authelia/authelia.sock";
+    #       # };
+    #       # session.domain = "auth.darksailor.dev";
+    #       access_control = {
+    #         rules = {
+    #         };
+    #       };
+    #       storage = "local";
+    #     };
+    #     secrets = {
+    #       jwtSecretFile = config.sops.secrets."authelia/darksailor/jwtSecret".path;
+    #       storageEncryptionKeyFile = config.sops.secrets."authelia/darksailor/storageEncryptionSecret".path;
+    #     };
+    #   };
+    # };
    tailscale = {
      enable = true;
    };
--- a/nixos/ryu/configuration.nix
+++ b/nixos/ryu/configuration.nix
@@ -1,5 +1,6 @@
 {
  pkgs,
+  config,
  device,
  ...
 }: {
@@ -20,6 +21,8 @@
      auto-optimise-store = true;
      extra-experimental-features = "nix-command flakes auto-allocate-uids";
      trusted-users = ["root" "servius"];
+      substituters = ["https://sh.darksailor.dev"];
+      trusted-public-keys = ["mirai:bcVPoFGBZ0i7JAKMXIqLj2GY3CulLC4kP7rQyqes1RM="];
    };
    extraOptions = ''
      build-users-group = nixbld