ma binary-cache/server: init

author: makefu <github@syntax-fehler.de> 2018-08-06 16:30:09 +0200
committer: makefu <github@syntax-fehler.de> 2018-08-06 16:30:09 +0200
commit: 2af234e1d21f9c2e3b1cb2ae5454b399dac94314 (patch)
tree: d295e9df92009320847459912eb291a11e27953d /2configs/binary-cache
parent: 3ec8d7dd54ed5fec384c7e2c3579f5a4d5af49da (diff)
1 files changed, 31 insertions, 0 deletions
diff --git a/2configs/binary-cache/server.nix b/2configs/binary-cache/server.nix
new file mode 100644
index 000000000..ad6256830
--- /dev/null
+++ b/2configs/binary-cache/server.nix
@@ -0,0 +1,31 @@
+{ config, lib, pkgs, ...}:
+
+{
+  # generate private key with:
+  # nix-store --generate-binary-cache-key gum nix-serve.key nix-serve.pub
+  services.nix-serve = {
+    enable = true;
+    secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+  };
+
+  systemd.services.nix-serve = {
+    requires = ["secret.service"];
+    after = ["secret.service"];
+  };
+  krebs.secret.files.nix-serve-key = {
+    path = "/run/secret/nix-serve.key";
+    owner.name = "nix-serve";
+    source-path = toString <secrets> + "/nix-serve.key";
+  };
+  services.nginx = {
+    enable = true;
+    virtualHosts.nix-serve = {
+      serverAliases = [ "cache.gum.r"
+                        "cache.euer.krebsco.de"
+                        "cache.gum.krebsco.de"
+                      ];
+      locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}";
+    };
+  };
+}
+
author	makefu <github@syntax-fehler.de>	2018-08-06 16:30:09 +0200
committer	makefu <github@syntax-fehler.de>	2018-08-06 16:30:09 +0200
commit	2af234e1d21f9c2e3b1cb2ae5454b399dac94314 (patch)
tree	d295e9df92009320847459912eb291a11e27953d /2configs/binary-cache
parent	3ec8d7dd54ed5fec384c7e2c3579f5a4d5af49da (diff)