nix-serve maybe

hosts/nas/apps/traefik/default.nix

@@ -11,6 +11,7 @@ let
   hassUrl = "http://jallen-hass.local:8123";
   openWebUIUrl = "http://10.0.1.18:8888";
   paperlessUrl = "http://10.0.1.20:28981";
+  cacheUrl = "http://10.0.1.18:5000";
 in
 {
   networking.firewall = {
@@ -166,6 +167,11 @@ in
               url = openWebUIUrl;
             }
           ];
+          cache.loadBalancer.servers = [
+            {
+              url = cacheUrl;
+            }
+          ];
           paperless.loadBalancer.servers = [
             {
               url = paperlessUrl;
@@ -228,6 +234,12 @@ in
             priority = 10;
             tls.certResolver = "letsencrypt";
           };
+          cache = {
+            entryPoints = [ "websecure" ];
+            rule = "Host(`cache.${domain}`)";
+            service = "cache";
+            tls.certResolver = "letsencrypt";
+          };
           # paperless = {
           #   entryPoints = ["websecure"];
           #   rule = "Host(`paperless.${domain}`)";

hosts/nas/configuration.nix

@@ -276,6 +276,9 @@ in
     '';
   };
 
+  # Enable binfmt emulation for ARM
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+
   # Virtualisation
   virtualisation = {
     podman = {

hosts/nas/nix-serve.nix

@@ -0,0 +1,73 @@
+{ pkgs, ... }:
+{
+  # "https://cache.mjallen.dev"
+  # "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
+  services.nix-serve = {
+    enable = true;
+    secretKeyFile = "/etc/nix/cache-priv-key.pem";
+    port = 5000;  # Choose your preferred port
+    openFirewall = true;
+  };
+  
+  # Improved systemd service with better error handling
+  systemd.services.nix-rebuild-cache = {
+    description = "Rebuild all NixOS configurations for cache";
+    serviceConfig = {
+      Type = "oneshot";
+      User = "root";
+      WorkingDirectory = "/etc/nixos";  # Update this path
+      StandardOutput = "journal+console";
+      StandardError = "journal+console";
+      Restart = "no";
+      # Increase timeout for large builds
+      TimeoutStartSec = "2h";
+    };
+    path = with pkgs; [
+      nix
+      git
+      coreutils
+      gnugrep
+      gnused
+    ];
+    script = ''
+      #!/usr/bin/env bash
+      set -euo pipefail
+      
+      # Pull latest changes if in a git repo
+      if [ -d .git ]; then
+        git pull || echo "Warning: Could not pull latest changes"
+      fi
+      
+      # Run the build-all script
+      echo "Starting build of all systems at $(date)"
+      if nix run .#build-all; then
+        echo "All systems built successfully at $(date)"
+      else
+        echo "Some systems failed to build at $(date)"
+        exit 1
+      fi
+    '';
+    # # Send an email on failure (optional)
+    # startPost = ''
+    #   if [ $SERVICE_RESULT != "success" ]; then
+    #     ${pkgs.mailutils}/bin/mail -s "NixOS cache rebuild failed" your-email@example.com <<EOF
+    #   The nix-rebuild-cache service failed at $(date).
+    #   Please check the logs with: journalctl -u nix-rebuild-cache
+    #   EOF
+    #   fi
+    # '';
+  };
+
+  systemd.timers.nix-rebuild-cache = {
+    description = "Timer for rebuilding NixOS configurations cache";
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnCalendar = "weekly";  # Or your preferred schedule
+      Persistent = true;
+      RandomizedDelaySec = "1h";  # Spread load
+    };
+  };
+  
+  # Monitor the cache service
+  services.prometheus.exporters.node.enabledCollectors = [ "systemd" ];
+}

hosts/nas/services.nix

@@ -3,6 +3,8 @@ let
   enableDisplayManager = true;
 in
 {
+  imports = [ ./nix-serve.nix ];
+
   # Services configs
   services = {