Merge remote-tracking branch 'prism/master'

author: tv <tv@krebsco.de> 2016-06-30 16:31:05 +0200
committer: tv <tv@krebsco.de> 2016-06-30 16:31:05 +0200
commit: d81b068113325fb7604089c3647c365a41804978 (patch)
tree: 4c43ad2142825ac7c0a7045e5c48a039b25f6786 /lass/2configs/binary-cache/server.nix
parent: 1542f9bbee823025f703e6abf3836905cee416fd (diff)
parent: f12578c66f8b7b829c0dec5255f358778c0d3366 (diff)
1 files changed, 30 insertions, 0 deletions
diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix
new file mode 100644
index 000000000..22ec04307
--- /dev/null
+++ b/lass/2configs/binary-cache/server.nix
@@ -0,0 +1,30 @@
+{ config, lib, pkgs, ...}:
+
+{
+  # generate private key with:
+  # nix-store --generate-binary-cache-key my-secret-key my-public-key
+  services.nix-serve = {
+    enable = true;
+    secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+  };
+
+  systemd.services.nix-serve = {
+    requires = ["secret.service"];
+    after = ["secret.service"];
+  };
+  krebs.secret.files.nix-serve-key = {
+    path = "/run/secret/nix-serve.key";
+    owner.name = "nix-serve";
+    source-path = toString <secrets> + "/nix-serve.key";
+  };
+  krebs.nginx = {
+    enable = true;
+    servers.nix-serve = {
+      server-names = [ "cache.prism.r" ];
+      locations = lib.singleton (lib.nameValuePair "/" ''
+        proxy_pass http://localhost:${toString config.services.nix-serve.port};
+      '');
+    };
+  };
+}
+
author	tv <tv@krebsco.de>	2016-06-30 16:31:05 +0200
committer	tv <tv@krebsco.de>	2016-06-30 16:31:05 +0200
commit	d81b068113325fb7604089c3647c365a41804978 (patch)
tree	4c43ad2142825ac7c0a7045e5c48a039b25f6786 /lass/2configs/binary-cache/server.nix
parent	1542f9bbee823025f703e6abf3836905cee416fd (diff)
parent	f12578c66f8b7b829c0dec5255f358778c0d3366 (diff)