Merge remote-tracking branch 'origin/master'

author: jeschli <jeschli@gmail.com> 2018-08-21 19:52:30 +0200
committer: jeschli <jeschli@gmail.com> 2018-08-21 19:52:30 +0200
commit: 8cfc4f5eda10b1025a4ad3b9725deb9ad7a32338 (patch)
tree: 4a9626e685bc076461f5e63c55e29e3689d2eedd /makefu/2configs/binary-cache/server.nix
parent: f2dadea808323f69531c51b12ed5cb872ac933a0 (diff)
parent: 89951ebd816248bc4e62b2dad78b5db906c3cefe (diff)
1 files changed, 31 insertions, 0 deletions
diff --git a/makefu/2configs/binary-cache/server.nix b/makefu/2configs/binary-cache/server.nix
new file mode 100644
index 000000000..ad6256830
--- /dev/null
+++ b/makefu/2configs/binary-cache/server.nix
@@ -0,0 +1,31 @@
+{ config, lib, pkgs, ...}:
+
+{
+  # generate private key with:
+  # nix-store --generate-binary-cache-key gum nix-serve.key nix-serve.pub
+  services.nix-serve = {
+    enable = true;
+    secretKeyFile = config.krebs.secret.files.nix-serve-key.path;
+  };
+
+  systemd.services.nix-serve = {
+    requires = ["secret.service"];
+    after = ["secret.service"];
+  };
+  krebs.secret.files.nix-serve-key = {
+    path = "/run/secret/nix-serve.key";
+    owner.name = "nix-serve";
+    source-path = toString <secrets> + "/nix-serve.key";
+  };
+  services.nginx = {
+    enable = true;
+    virtualHosts.nix-serve = {
+      serverAliases = [ "cache.gum.r"
+                        "cache.euer.krebsco.de"
+                        "cache.gum.krebsco.de"
+                      ];
+      locations."/".proxyPass= "http://localhost:${toString config.services.nix-serve.port}";
+    };
+  };
+}
+
author	jeschli <jeschli@gmail.com>	2018-08-21 19:52:30 +0200
committer	jeschli <jeschli@gmail.com>	2018-08-21 19:52:30 +0200
commit	8cfc4f5eda10b1025a4ad3b9725deb9ad7a32338 (patch)
tree	4a9626e685bc076461f5e63c55e29e3689d2eedd /makefu/2configs/binary-cache/server.nix
parent	f2dadea808323f69531c51b12ed5cb872ac933a0 (diff)
parent	89951ebd816248bc4e62b2dad78b5db906c3cefe (diff)