diff options
author | makefu <github@syntax-fehler.de> | 2018-08-06 16:30:09 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2018-08-06 16:30:09 +0200 |
commit | a9211863965bc62de1628e9406da4fbd50f208d8 (patch) | |
tree | c7a74d511ea779958976ee8f38b18119305b6d1b /makefu/2configs | |
parent | b133bbe8ec5724c26249a5228b01e0ded368dec8 (diff) |
ma binary-cache/server: init
Diffstat (limited to 'makefu/2configs')
-rw-r--r-- | makefu/2configs/binary-cache/server.nix | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/makefu/2configs/binary-cache/server.nix b/makefu/2configs/binary-cache/server.nix new file mode 100644 index 000000000..ad6256830 --- /dev/null +++ b/makefu/2configs/binary-cache/server.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ...}: + +{ + # generate private key with: + # nix-store --generate-binary-cache-key gum nix-serve.key nix-serve.pub + services.nix-serve = { + enable = true; + secretKeyFile = config.krebs.secret.files.nix-serve-key.path; + }; + + systemd.services.nix-serve = { + requires = ["secret.service"]; + after = ["secret.service"]; + }; + krebs.secret.files.nix-serve-key = { + path = "/run/secret/nix-serve.key"; + owner.name = "nix-serve"; + source-path = toString <secrets> + "/nix-serve.key"; + }; + services.nginx = { + enable = true; + virtualHosts.nix-serve = { + serverAliases = [ "cache.gum.r" + "cache.euer.krebsco.de" + "cache.gum.krebsco.de" + ]; + locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}"; + }; + }; +} + |