Merge remote-tracking branch 'prism/master'

author: tv <tv@krebsco.de> 2018-08-29 01:38:45 +0200
committer: tv <tv@krebsco.de> 2018-08-29 01:38:45 +0200
commit: 000f2a7c9123fcd4b110c6c220570758d556c837 (patch)
tree: 8464e80b13adce3b5958ad6e9bcebc8a4f559cd9 /makefu/2configs/binary-cache/server.nix
parent: 16ad5fb0a835a1022656253ae838e83fa024e692 (diff)
parent: 413e0689acd4f6b322f9996950927ebd41d0e58c (diff)
1 files changed, 31 insertions, 0 deletions
diff --git a/makefu/2configs/binary-cache/server.nix b/makefu/2configs/binary-cache/server.nix
new file mode 100644
index 000000000..ad6256830
--- /dev/null
+++ b/makefu/2configs/binary-cache/server.nix
@@ -0,0 +1,31 @@
+{ config, lib, pkgs, ...}:
+
+{
+  # generate private key with:
+  # nix-store --generate-binary-cache-key gum nix-serve.key nix-serve.pub
+  services.nix-serve = {
+    enable = true;
+    secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+  };
+
+  systemd.services.nix-serve = {
+    requires = ["secret.service"];
+    after = ["secret.service"];
+  };
+  krebs.secret.files.nix-serve-key = {
+    path = "/run/secret/nix-serve.key";
+    owner.name = "nix-serve";
+    source-path = toString <secrets> + "/nix-serve.key";
+  };
+  services.nginx = {
+    enable = true;
+    virtualHosts.nix-serve = {
+      serverAliases = [ "cache.gum.r"
+                        "cache.euer.krebsco.de"
+                        "cache.gum.krebsco.de"
+                      ];
+      locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}";
+    };
+  };
+}
+
author	tv <tv@krebsco.de>	2018-08-29 01:38:45 +0200
committer	tv <tv@krebsco.de>	2018-08-29 01:38:45 +0200
commit	000f2a7c9123fcd4b110c6c220570758d556c837 (patch)
tree	8464e80b13adce3b5958ad6e9bcebc8a4f559cd9 /makefu/2configs/binary-cache/server.nix
parent	16ad5fb0a835a1022656253ae838e83fa024e692 (diff)
parent	413e0689acd4f6b322f9996950927ebd41d0e58c (diff)