tv wu-binary-cache: init

2016-02-27 15:13:10 +01:00 · 2016-02-27 15:13:10 +01:00 · 94154606cb
parent f7165409a5
commit 94154606cb
4 changed files with 37 additions and 1 deletions
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@ -286,7 +286,10 @@ with config.krebs.lib;
      nets = {
        gg23 = {
          addrs4 = ["10.23.1.37"];
-          aliases = ["wu.gg23"];
+          aliases = [
+            "wu.gg23"
+            "cache.wu.gg23"
+          ];
          ssh.port = 11423;
        };
        retiolum = {
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@ -16,6 +16,7 @@ with config.krebs.lib;
    ../2configs/nginx-public_html.nix
    ../2configs/pulse.nix
    ../2configs/retiolum.nix
+    ../2configs/wu-binary-cache
    ../2configs/xserver
    {
      environment.systemPackages = with pkgs; [
--- a/tv/2configs/wu-binary-cache/client.nix
+++ b/tv/2configs/wu-binary-cache/client.nix
@ -0,0 +1,7 @@
+_:
+{
+  nix = {
+    binaryCaches = ["http://cache.wu.gg23"];
+    binaryCachePublicKeys = ["cache.wu-1:cdhA201O2R2Ect463vhJFmhpMaNyT/tOvzYvtceT9q8="];
+  };
+}
--- a/tv/2configs/wu-binary-cache/default.nix
+++ b/tv/2configs/wu-binary-cache/default.nix
@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }: with config.krebs.lib;
+{
+  services.nix-serve = assert config.krebs.build.host.name == "wu"; {
+    enable = true;
+    secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+  };
+  systemd.services.nix-serve = {
+    requires = ["secret.service"];
+    after = ["secret.service"];
+  };
+  krebs.secret.files.nix-serve-key = {
+    path = "/run/secret/nix-serve.key";
+    owner.name = "nix-serve";
+    source-path = toString <secrets> + "/nix-serve.key";
+  };
+  krebs.nginx = {
+    enable = true;
+    servers.nix-serve = {
+      server-names = [ "cache.wu.gg23" ];
+      locations = singleton (nameValuePair "/" ''
+        proxy_pass http://localhost:${toString config.services.nix-serve.port};
+      '');
+    };
+  };
+}