summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/binary-cache
diff options
context:
space:
mode:
authorlassulus <lass@blue.r>2018-08-09 17:23:53 +0200
committerlassulus <lass@blue.r>2018-08-09 17:23:53 +0200
commit2bf24eae616997e52a16fff96b4485ee7c619f8d (patch)
treecbb3aab9f8fa2f4da28e5a01b16129263b1fa0cb /makefu/2configs/binary-cache
parentf9d96d13de74ed6acbde92778af88f94f04081bd (diff)
parent6368507f02eb4e267c7fdab73e4c3cec5ee5827f (diff)
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'makefu/2configs/binary-cache')
-rw-r--r--makefu/2configs/binary-cache/server.nix31
1 files changed, 31 insertions, 0 deletions
diff --git a/makefu/2configs/binary-cache/server.nix b/makefu/2configs/binary-cache/server.nix
new file mode 100644
index 000000000..ad6256830
--- /dev/null
+++ b/makefu/2configs/binary-cache/server.nix
@@ -0,0 +1,31 @@
+{ config, lib, pkgs, ...}:
+
+{
+ # generate private key with:
+ # nix-store --generate-binary-cache-key gum nix-serve.key nix-serve.pub
+ services.nix-serve = {
+ enable = true;
+ secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+ };
+
+ systemd.services.nix-serve = {
+ requires = ["secret.service"];
+ after = ["secret.service"];
+ };
+ krebs.secret.files.nix-serve-key = {
+ path = "/run/secret/nix-serve.key";
+ owner.name = "nix-serve";
+ source-path = toString <secrets> + "/nix-serve.key";
+ };
+ services.nginx = {
+ enable = true;
+ virtualHosts.nix-serve = {
+ serverAliases = [ "cache.gum.r"
+ "cache.euer.krebsco.de"
+ "cache.gum.krebsco.de"
+ ];
+ locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}";
+ };
+ };
+}
+