{ pkgs, lib, config, ... }: with import <stockholm/lib>; let # see https://github.com/zeropingheroes/lancache for full docs lancache= pkgs.stdenv.mkDerivation rec { name = "lancache-2017-06-26"; src = pkgs.fetchFromGitHub { # origin: https://github.com/multiplay/lancache # forked: https://github.com/zeropingheroes/lancache repo = "lancache"; owner = "zeropingheroes"; rev = "143f7bb"; sha256 = "1ra4l7qz3k231j5wabr89s5hh80n1kk8vgd3dsh0xx5mdpjhvdl6"; }; phases = [ "unpackPhase" "installPhase" ]; # here we can chance to edit `includes/proxy-cache-paths.conf` installPhase = '' mkdir -p $out cp -r * $out/ rm $out/caches-enabled/* sed -i -e 's/^\(user\).*/\1 ${cfg.user} ${cfg.group};/' \ -e '1 idaemon off;' \ -e 's#/var/lancache#${cfg.statedir}#g' \ $out/nginx.conf sed -i -e 's#/var/lancache#${cfg.statedir}#g' \ $out/*/*.conf ln -s $out/caches-available/* $out/caches-enabled/ ''; }; cfg = { statedir = "/data/cache"; group = "nginx-lancache"; user = "nginx-lancache"; package = pkgs.stdenv.lib.overrideDerivation pkgs.nginx (old:{ configureFlags = old.configureFlags ++ [ "--with-http_slice_module" "--with-stream" "--with-pcre" ]; }); }; in { systemd.services.nginx-lancache = { description = "Nginx lancache Server"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; restartIfChanged = true; preStart = '' mkdir -p ${cfg.statedir} && cd ${cfg.statedir} chmod 700 ${cfg.statedir} PATH_CACHE=$PATH_BASE/cache PATH_LOGS=$PATH_BASE/logs mkdir -p cache/{installers,tmp} logs rm -f conf; ln -s ${lancache} conf chown -R ${cfg.user}:${cfg.group} . ''; serviceConfig = { ExecStart = "${cfg.package}/bin/nginx -p ${cfg.statedir}"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; Restart = "always"; RestartSec = "10s"; StartLimitInterval = "1min"; }; }; environment.etc.nginx.source = lancache; users.extraUsers = (singleton { name = cfg.user; group = cfg.group; uid = genid cfg.group; }); users.extraGroups = (singleton { name = "${cfg.group}"; gid = genid cfg.group; }); networking.firewall.allowedTCPPorts = [ 80 443 ]; }