From a7248262179d254d6fcc60ec86eab1f295e90dc5 Mon Sep 17 00:00:00 2001
From: Jake Hillion <jake@hillion.co.uk>
Date: Fri, 31 May 2024 22:34:30 +0100
Subject: [PATCH] sodium: build kernel with ccache

---
 hosts/sodium.pop.ts.hillion.co.uk/default.nix | 13 ++++++++++
 .../default.nix                               | 26 ++++++++++++++++---
 .../hardware-configuration.nix                |  5 ++++
 3 files changed, 41 insertions(+), 3 deletions(-)

diff --git a/hosts/sodium.pop.ts.hillion.co.uk/default.nix b/hosts/sodium.pop.ts.hillion.co.uk/default.nix
index 7479fdc..6c7fa3a 100644
--- a/hosts/sodium.pop.ts.hillion.co.uk/default.nix
+++ b/hosts/sodium.pop.ts.hillion.co.uk/default.nix
@@ -41,6 +41,19 @@
     #   };
     # };
 
+    ## Use ccache for building the Linux kernel
+    programs.ccache.enable = true;
+    nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
+    fileSystems."${config.programs.ccache.cacheDir}" = {
+      device = "${config.custom.dns.authoritative.ipv4.uk.co.hillion.ts.storage.tywin}:/ccache";
+      fsType = "nfs";
+      options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
+    };
+    programs.ccache.packageNames = [
+      # linux_rpi5 overrides from linux_rpi4
+      "linux_rpi4"
+    ];
+
     ## Custom Services
     custom.locations.autoServe = true;
 
diff --git a/hosts/tywin.storage.ts.hillion.co.uk/default.nix b/hosts/tywin.storage.ts.hillion.co.uk/default.nix
index cc3d9dd..6777799 100644
--- a/hosts/tywin.storage.ts.hillion.co.uk/default.nix
+++ b/hosts/tywin.storage.ts.hillion.co.uk/default.nix
@@ -67,6 +67,15 @@
       interval = "Wed, 02:00";
     };
 
+    ## NFS
+    services.nfs.server = {
+      enable = true;
+      exports = ''
+        /export           ${config.custom.dns.authoritative.ipv4.uk.co.hillion.ts.pop.sodium}(ro,fsid=0,no_subtree_check)
+        /export/ccache    ${config.custom.dns.authoritative.ipv4.uk.co.hillion.ts.pop.sodium}(rw,no_subtree_check)
+      '';
+    };
+
     ## Backups
     ### Git
     age.secrets."git/git_backups_ecdsa".file = ../../secrets/git/git_backups_ecdsa.age;
@@ -238,8 +247,19 @@
 
     ## Networking
     networking.nameservers = lib.mkForce [ ]; # Trust the DHCP nameservers
-    networking.firewall.interfaces."tailscale0".allowedTCPPorts = [
-      80 # Caddy (restic.tywin.storage.ts.)
-    ];
+    networking.firewall = {
+      trustedInterfaces = [ "tailscale0" ];
+      allowedTCPPorts = lib.mkForce [
+      ];
+      allowedUDPPorts = lib.mkForce [ ];
+      interfaces = {
+        eth0 = {
+          allowedTCPPorts = lib.mkForce [
+          ];
+          allowedUDPPorts = lib.mkForce [
+          ];
+        };
+      };
+    };
   };
 }
diff --git a/hosts/tywin.storage.ts.hillion.co.uk/hardware-configuration.nix b/hosts/tywin.storage.ts.hillion.co.uk/hardware-configuration.nix
index 8615974..46822bd 100644
--- a/hosts/tywin.storage.ts.hillion.co.uk/hardware-configuration.nix
+++ b/hosts/tywin.storage.ts.hillion.co.uk/hardware-configuration.nix
@@ -67,6 +67,11 @@
       fsType = "btrfs";
     };
 
+  fileSystems."/export/ccache" = {
+    device = "/data/ccache";
+    options = [ "bind" ];
+  };
+
   swapDevices = [ ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking