2024-04-22 20:51:23 +02:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
services.harmonia = {
|
|
|
|
enable = true;
|
|
|
|
settings.bind = "[::1]:5005";
|
2024-05-22 17:17:14 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
systemd.services.harmonia = {
|
|
|
|
environment = {
|
|
|
|
SIGN_KEY_PATHS = "%d/key1 %d/key2";
|
|
|
|
};
|
|
|
|
serviceConfig = {
|
|
|
|
LoadCredential = [
|
|
|
|
"key1:${config.sops.secrets."sign-key-nix-cache.clerie.de".path}"
|
|
|
|
"key2:${config.sops.secrets."sign-key-cache.nix.clerie.de".path}"
|
|
|
|
];
|
|
|
|
};
|
2024-04-22 20:51:23 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
services.nginx.virtualHosts = {
|
|
|
|
"nix-cache.clerie.de" = {
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
locations."= /" = {
|
2024-05-12 16:46:19 +02:00
|
|
|
index = "/index.txt";
|
|
|
|
};
|
|
|
|
locations."= /index.txt" = {
|
|
|
|
root = ./cache.nix.clerie.de;
|
|
|
|
};
|
|
|
|
locations."/" = {
|
|
|
|
proxyPass = "http://[::1]:5005";
|
2024-04-22 20:51:23 +02:00
|
|
|
extraConfig = ''
|
2024-05-12 16:46:19 +02:00
|
|
|
proxy_redirect http:// https://;
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
|
proxy_set_header Connection $connection_upgrade;
|
2024-04-22 20:51:23 +02:00
|
|
|
'';
|
|
|
|
};
|
2024-05-12 16:46:19 +02:00
|
|
|
};
|
|
|
|
"cache.nix.clerie.de" = {
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
locations."= /" = {
|
|
|
|
index = "/index.txt";
|
|
|
|
};
|
|
|
|
locations."= /index.txt" = {
|
|
|
|
root = ./cache.nix.clerie.de;
|
|
|
|
};
|
2024-05-12 17:24:46 +02:00
|
|
|
locations."= /nix/store/" = {
|
|
|
|
extraConfig = ''
|
|
|
|
return 404;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
locations."/nix/store/" = {
|
|
|
|
root = "/";
|
|
|
|
extraConfig = ''
|
|
|
|
autoindex on;
|
|
|
|
autoindex_exact_size off;
|
|
|
|
'';
|
|
|
|
};
|
2024-04-22 20:51:23 +02:00
|
|
|
locations."/" = {
|
|
|
|
proxyPass = "http://[::1]:5005";
|
|
|
|
extraConfig = ''
|
|
|
|
proxy_redirect http:// https://;
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
|
proxy_set_header Connection $connection_upgrade;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
}
|