summaryrefslogtreecommitdiffstats
path: root/krebs/2configs/cache.nsupdate.info.nix
blob: 1ac63eaf57a8bd535c019b23739659f6fa61bd13 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
{ pkgs, lib, ... }:
with lib;
let
  domain = "cache.nsupdate.info";
in {
  # This only works for a single domain for nsupdate.info as multiple usernames
  # and passwords are required for multiple domains
  services.ddclient = {
    enable = true;
    server = "ipv4.nsupdate.info";
    username = domain;
    password = import "${config.krebs.secret.directory}/nsupdate-cache.nix";
    domains = [ domain ];
    use= "if, if=et0";
    # use = "web, web=http://ipv4.nsupdate.info/myip";

  };
  krebs.cachecache = {
    enable = true;
    enableSSL = true; # disable letsencrypt for testing
    cacheDir = "/var/cache/nix-cache-cache";
    maxSize = "10g";
    indexFile = pkgs.fetchurl {
      url = "https://raw.githubusercontent.com/krebs/35c3-nixos-cache/master/index.html";
      sha256 = "1vlngzbn0jipigspccgikd7xgixksimdl4wf8ix7d30ljx47p9n0";
    };

    # assumes that the domain is reachable from the internet
    virtualHost = domain;
  };

  boot.kernelModules = [ "tcp_bbr" ];

  boot.kernel.sysctl."net.ipv4.tcp_congestion_control" = "bbr";
  boot.kernel.sysctl."net.core.default_qdisc" = "fq";
  networking.firewall.allowedTCPPorts = [ 80 443 ];
}