Merge remote-tracking branch 'gum/master'

author: lassulus <lass@blue.r> 2018-08-09 17:23:53 +0200
committer: lassulus <lass@blue.r> 2018-08-09 17:23:53 +0200
commit: 2bf24eae616997e52a16fff96b4485ee7c619f8d (patch)
tree: cbb3aab9f8fa2f4da28e5a01b16129263b1fa0cb /makefu/2configs/binary-cache/server.nix
parent: f9d96d13de74ed6acbde92778af88f94f04081bd (diff)
parent: 6368507f02eb4e267c7fdab73e4c3cec5ee5827f (diff)
1 files changed, 31 insertions, 0 deletions
diff --git a/makefu/2configs/binary-cache/server.nix b/makefu/2configs/binary-cache/server.nix
new file mode 100644
index 000000000..ad6256830
--- /dev/null
+++ b/makefu/2configs/binary-cache/server.nix
@@ -0,0 +1,31 @@
+{ config, lib, pkgs, ...}:
+
+{
+  # generate private key with:
+  # nix-store --generate-binary-cache-key gum nix-serve.key nix-serve.pub
+  services.nix-serve = {
+    enable = true;
+    secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+  };
+
+  systemd.services.nix-serve = {
+    requires = ["secret.service"];
+    after = ["secret.service"];
+  };
+  krebs.secret.files.nix-serve-key = {
+    path = "/run/secret/nix-serve.key";
+    owner.name = "nix-serve";
+    source-path = toString <secrets> + "/nix-serve.key";
+  };
+  services.nginx = {
+    enable = true;
+    virtualHosts.nix-serve = {
+      serverAliases = [ "cache.gum.r"
+                        "cache.euer.krebsco.de"
+                        "cache.gum.krebsco.de"
+                      ];
+      locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}";
+    };
+  };
+}
+
author	lassulus <lass@blue.r>	2018-08-09 17:23:53 +0200
committer	lassulus <lass@blue.r>	2018-08-09 17:23:53 +0200
commit	2bf24eae616997e52a16fff96b4485ee7c619f8d (patch)
tree	cbb3aab9f8fa2f4da28e5a01b16129263b1fa0cb /makefu/2configs/binary-cache/server.nix
parent	f9d96d13de74ed6acbde92778af88f94f04081bd (diff)
parent	6368507f02eb4e267c7fdab73e4c3cec5ee5827f (diff)