The Nest
Explore
0 
{
  config,
  pkgs,
  inputs,
  ...
}:
{

  age.secrets."binary-cache-key.age" = {
    # Used in modules/nixos/nix-serve-builder.nix
    file = "${inputs.mysecrets}/binary-cache-key.age";
    owner = "nix-serve";
    mode = "400";
  };

  networking.firewall.allowedTCPPorts = [
    22
    80
  ];

  nix = {
    daemonCPUSchedPolicy = "idle";
    settings = {
      allowed-users = [
        "@builders"
        "@wheel"
        "marvin"
        "root"
      ];
      trusted-users = [
        "@wheel"
        "marvin"
        "root"
      ];
    };
    sshServe = {
      enable = true;
      keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxuAo4v9CUjlhUEq+biSwhjeXqevtI9M934f/in3dyh marvin@toaster"
      ];
      write = true;
    };
  };

  services = {
    nginx = {
      enable = true;
      recommendedProxySettings = true;
      virtualHosts = {
        "baker.local" = {
          locations."/".proxyPass =
            "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
        };
      };
    };
    nix-serve = {
      bindAddress = "127.0.0.1";
      enable = true;
      package = pkgs.nix-serve-ng;
      port = 5000;
      secretKeyFile = config.age.secrets."binary-cache-key.age".path;
    };
    openssh.enable = true;
  };

  users.users.marvin.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxuAo4v9CUjlhUEq+biSwhjeXqevtI9M934f/in3dyh marvin@toaster"
  ];
}