Merge remote-tracking branch 'prism/master'

author: tv <tv@krebsco.de> 2018-11-27 11:47:54 +0100
committer: tv <tv@krebsco.de> 2018-11-27 11:47:54 +0100
commit: c4fabb0bc40e270f7d34a06115b121ef879fc2d1 (patch)
tree: d745b162ca3fed36057a1d6aa7d4b4b591d76107 /krebs/2configs
parent: 09144f173677ed33850e484cf46876d13bb37c9e (diff)
parent: eef1d7877defd7c310dc20f62bf96c7b8f408044 (diff)
1 files changed, 33 insertions, 0 deletions
diff --git a/krebs/2configs/cache.nsupdate.info.nix b/krebs/2configs/cache.nsupdate.info.nix
new file mode 100644
index 000000000..056667d8c
--- /dev/null
+++ b/krebs/2configs/cache.nsupdate.info.nix
@@ -0,0 +1,33 @@
+{lib, ... }:
+with lib;
+let
+  domain = "cache.nsupdate.info";
+in {
+  # This only works for a single domain for nsupdate.info as multiple usernames
+  # and passwords are required for multiple domains
+  services.ddclient = {
+    enable = true;
+    server = "ipv4.nsupdate.info";
+    username = domain;
+    password = import ((toString <secrets>) + "/nsupdate-cache.nix");
+    domains = [ domain ];
+    use= "if, if=et0";
+    # use = "web, web=http://ipv4.nsupdate.info/myip";
+
+  };
+  krebs.cachecache = {
+    enable = true;
+    enableSSL = false; # disable letsencrypt for testing
+    cacheDir = "/var/cache/nix-cache-cache";
+    maxSize = "10g";
+
+    # assumes that the domain is reachable from the internet
+    virtualHost = domain;
+  };
+
+  boot.kernelModules = [ "tcp_bbr" ];
+
+  boot.kernel.sysctl."net.ipv4.tcp_congestion_control" = "bbr";
+  boot.kernel.sysctl."net.core.default_qdisc" = "fq";
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+}
author	tv <tv@krebsco.de>	2018-11-27 11:47:54 +0100
committer	tv <tv@krebsco.de>	2018-11-27 11:47:54 +0100
commit	c4fabb0bc40e270f7d34a06115b121ef879fc2d1 (patch)
tree	d745b162ca3fed36057a1d6aa7d4b4b591d76107 /krebs/2configs
parent	09144f173677ed33850e484cf46876d13bb37c9e (diff)
parent	eef1d7877defd7c310dc20f62bf96c7b8f408044 (diff)