summaryrefslogtreecommitdiffstats
path: root/makefu/2configs
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2018-08-06 16:30:09 +0200
committermakefu <github@syntax-fehler.de>2018-08-06 16:30:09 +0200
commita9211863965bc62de1628e9406da4fbd50f208d8 (patch)
treec7a74d511ea779958976ee8f38b18119305b6d1b /makefu/2configs
parentb133bbe8ec5724c26249a5228b01e0ded368dec8 (diff)
ma binary-cache/server: init
Diffstat (limited to 'makefu/2configs')
-rw-r--r--makefu/2configs/binary-cache/server.nix31
1 files changed, 31 insertions, 0 deletions
diff --git a/makefu/2configs/binary-cache/server.nix b/makefu/2configs/binary-cache/server.nix
new file mode 100644
index 000000000..ad6256830
--- /dev/null
+++ b/makefu/2configs/binary-cache/server.nix
@@ -0,0 +1,31 @@
+{ config, lib, pkgs, ...}:
+
+{
+ # generate private key with:
+ # nix-store --generate-binary-cache-key gum nix-serve.key nix-serve.pub
+ services.nix-serve = {
+ enable = true;
+ secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+ };
+
+ systemd.services.nix-serve = {
+ requires = ["secret.service"];
+ after = ["secret.service"];
+ };
+ krebs.secret.files.nix-serve-key = {
+ path = "/run/secret/nix-serve.key";
+ owner.name = "nix-serve";
+ source-path = toString <secrets> + "/nix-serve.key";
+ };
+ services.nginx = {
+ enable = true;
+ virtualHosts.nix-serve = {
+ serverAliases = [ "cache.gum.r"
+ "cache.euer.krebsco.de"
+ "cache.gum.krebsco.de"
+ ];
+ locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}";
+ };
+ };
+}
+