diff options
author | makefu <github@syntax-fehler.de> | 2018-08-06 16:30:09 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2018-08-06 16:30:09 +0200 |
commit | 2af234e1d21f9c2e3b1cb2ae5454b399dac94314 (patch) | |
tree | d295e9df92009320847459912eb291a11e27953d /2configs/binary-cache/server.nix | |
parent | 3ec8d7dd54ed5fec384c7e2c3579f5a4d5af49da (diff) |
ma binary-cache/server: init
Diffstat (limited to '2configs/binary-cache/server.nix')
-rw-r--r-- | 2configs/binary-cache/server.nix | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/2configs/binary-cache/server.nix b/2configs/binary-cache/server.nix new file mode 100644 index 000000000..ad6256830 --- /dev/null +++ b/2configs/binary-cache/server.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ...}: + +{ + # generate private key with: + # nix-store --generate-binary-cache-key gum nix-serve.key nix-serve.pub + services.nix-serve = { + enable = true; + secretKeyFile = config.krebs.secret.files.nix-serve-key.path; + }; + + systemd.services.nix-serve = { + requires = ["secret.service"]; + after = ["secret.service"]; + }; + krebs.secret.files.nix-serve-key = { + path = "/run/secret/nix-serve.key"; + owner.name = "nix-serve"; + source-path = toString <secrets> + "/nix-serve.key"; + }; + services.nginx = { + enable = true; + virtualHosts.nix-serve = { + serverAliases = [ "cache.gum.r" + "cache.euer.krebsco.de" + "cache.gum.krebsco.de" + ]; + locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}"; + }; + }; +} + |