diff options
author | tv <tv@krebsco.de> | 2016-02-27 15:13:10 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2016-02-27 15:23:21 +0100 |
commit | 94154606cb011a53bfd81b52dbc60cbdf416371e (patch) | |
tree | 503a90ee3384194d11239c5ded80b5ddc4d7d7d5 | |
parent | f7165409a511582507f465162609676c7b6ef0df (diff) |
tv wu-binary-cache: init
-rw-r--r-- | krebs/3modules/tv/default.nix | 5 | ||||
-rw-r--r-- | tv/1systems/wu.nix | 1 | ||||
-rw-r--r-- | tv/2configs/wu-binary-cache/client.nix | 7 | ||||
-rw-r--r-- | tv/2configs/wu-binary-cache/default.nix | 25 |
4 files changed, 37 insertions, 1 deletions
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix index 533502914..d8b5da007 100644 --- a/krebs/3modules/tv/default.nix +++ b/krebs/3modules/tv/default.nix @@ -286,7 +286,10 @@ with config.krebs.lib; nets = { gg23 = { addrs4 = ["10.23.1.37"]; - aliases = ["wu.gg23"]; + aliases = [ + "wu.gg23" + "cache.wu.gg23" + ]; ssh.port = 11423; }; retiolum = { diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 8c363d9fc..d64deaf95 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -16,6 +16,7 @@ with config.krebs.lib; ../2configs/nginx-public_html.nix ../2configs/pulse.nix ../2configs/retiolum.nix + ../2configs/wu-binary-cache ../2configs/xserver { environment.systemPackages = with pkgs; [ diff --git a/tv/2configs/wu-binary-cache/client.nix b/tv/2configs/wu-binary-cache/client.nix new file mode 100644 index 000000000..9634c21d4 --- /dev/null +++ b/tv/2configs/wu-binary-cache/client.nix @@ -0,0 +1,7 @@ +_: +{ + nix = { + binaryCaches = ["http://cache.wu.gg23"]; + binaryCachePublicKeys = ["cache.wu-1:cdhA201O2R2Ect463vhJFmhpMaNyT/tOvzYvtceT9q8="]; + }; +} diff --git a/tv/2configs/wu-binary-cache/default.nix b/tv/2configs/wu-binary-cache/default.nix new file mode 100644 index 000000000..6fcac21af --- /dev/null +++ b/tv/2configs/wu-binary-cache/default.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: with config.krebs.lib; +{ + services.nix-serve = assert config.krebs.build.host.name == "wu"; { + enable = true; + secretKeyFile = config.krebs.secret.files.nix-serve-key.path; + }; + systemd.services.nix-serve = { + requires = ["secret.service"]; + after = ["secret.service"]; + }; + krebs.secret.files.nix-serve-key = { + path = "/run/secret/nix-serve.key"; + owner.name = "nix-serve"; + source-path = toString <secrets> + "/nix-serve.key"; + }; + krebs.nginx = { + enable = true; + servers.nix-serve = { + server-names = [ "cache.wu.gg23" ]; + locations = singleton (nameValuePair "/" '' + proxy_pass http://localhost:${toString config.services.nix-serve.port}; + ''); + }; + }; +} |