summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-02-27 15:13:10 +0100
committertv <tv@krebsco.de>2016-02-27 15:23:21 +0100
commit94154606cb011a53bfd81b52dbc60cbdf416371e (patch)
tree503a90ee3384194d11239c5ded80b5ddc4d7d7d5
parentf7165409a511582507f465162609676c7b6ef0df (diff)
tv wu-binary-cache: init
-rw-r--r--krebs/3modules/tv/default.nix5
-rw-r--r--tv/1systems/wu.nix1
-rw-r--r--tv/2configs/wu-binary-cache/client.nix7
-rw-r--r--tv/2configs/wu-binary-cache/default.nix25
4 files changed, 37 insertions, 1 deletions
diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 533502914..d8b5da007 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -286,7 +286,10 @@ with config.krebs.lib;
nets = {
gg23 = {
addrs4 = ["10.23.1.37"];
- aliases = ["wu.gg23"];
+ aliases = [
+ "wu.gg23"
+ "cache.wu.gg23"
+ ];
ssh.port = 11423;
};
retiolum = {
diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix
index 8c363d9fc..d64deaf95 100644
--- a/tv/1systems/wu.nix
+++ b/tv/1systems/wu.nix
@@ -16,6 +16,7 @@ with config.krebs.lib;
../2configs/nginx-public_html.nix
../2configs/pulse.nix
../2configs/retiolum.nix
+ ../2configs/wu-binary-cache
../2configs/xserver
{
environment.systemPackages = with pkgs; [
diff --git a/tv/2configs/wu-binary-cache/client.nix b/tv/2configs/wu-binary-cache/client.nix
new file mode 100644
index 000000000..9634c21d4
--- /dev/null
+++ b/tv/2configs/wu-binary-cache/client.nix
@@ -0,0 +1,7 @@
+_:
+{
+ nix = {
+ binaryCaches = ["http://cache.wu.gg23"];
+ binaryCachePublicKeys = ["cache.wu-1:cdhA201O2R2Ect463vhJFmhpMaNyT/tOvzYvtceT9q8="];
+ };
+}
diff --git a/tv/2configs/wu-binary-cache/default.nix b/tv/2configs/wu-binary-cache/default.nix
new file mode 100644
index 000000000..6fcac21af
--- /dev/null
+++ b/tv/2configs/wu-binary-cache/default.nix
@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }: with config.krebs.lib;
+{
+ services.nix-serve = assert config.krebs.build.host.name == "wu"; {
+ enable = true;
+ secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+ };
+ systemd.services.nix-serve = {
+ requires = ["secret.service"];
+ after = ["secret.service"];
+ };
+ krebs.secret.files.nix-serve-key = {
+ path = "/run/secret/nix-serve.key";
+ owner.name = "nix-serve";
+ source-path = toString <secrets> + "/nix-serve.key";
+ };
+ krebs.nginx = {
+ enable = true;
+ servers.nix-serve = {
+ server-names = [ "cache.wu.gg23" ];
+ locations = singleton (nameValuePair "/" ''
+ proxy_pass http://localhost:${toString config.services.nix-serve.port};
+ '');
+ };
+ };
+}