feat: set forgejo runner and cachix

2026-03-18 12:25:09 -07:00 · 2026-03-18 12:25:09 -07:00 · 231ff004e1
commit 231ff004e1
parent 5ff23b18ef
5 changed files with 83 additions and 0 deletions
--- a/modules/harmonia.nix
+++ b/modules/harmonia.nix
@ -0,0 +1,43 @@
+{ config, pkgs, ... }:
+
+let
+  cacheKeyDir = "/var/lib/harmonia";
+  privKeyPath = "${cacheKeyDir}/cache-priv-key.pem";
+  pubKeyPath = "${cacheKeyDir}/cache-pub-key.pem";
+in
+{
+  # Generate signing key pair on first boot
+  systemd.services.harmonia-setup = {
+    description = "Generate Harmonia binary cache signing key";
+    wantedBy = [ "multi-user.target" ];
+    before = [ "harmonia.service" ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+    script = ''
+      if [ ! -f ${privKeyPath} ]; then
+        mkdir -p ${cacheKeyDir}
+        ${pkgs.nix}/bin/nix-store --generate-binary-cache-key cache.extremist.software-1 ${privKeyPath} ${pubKeyPath}
+        chmod 600 ${privKeyPath}
+        chmod 644 ${pubKeyPath}
+        echo "Signing key generated. Public key:"
+        cat ${pubKeyPath}
+      fi
+    '';
+  };
+
+  # Harmonia binary cache server
+  services.harmonia = {
+    enable = true;
+    signKeyPath = privKeyPath;
+    settings.bind = "[::]:5000";
+  };
+
+  # Caddy reverse proxy for the cache
+  services.caddy.virtualHosts."cache.extremist.software" = {
+    extraConfig = ''
+      reverse_proxy localhost:5000
+    '';
+  };
+}