1
0
nixfiles/hosts/hydra-1/nix-cache.nix

76 lines
1.8 KiB
Nix
Raw Permalink Normal View History

{ config, pkgs, ... }:
{
services.harmonia = {
enable = true;
settings.bind = "[::1]:5005";
};
systemd.services.harmonia = {
environment = {
SIGN_KEY_PATHS = "%d/key1 %d/key2";
};
serviceConfig = {
LoadCredential = [
"key1:${config.sops.secrets."sign-key-nix-cache.clerie.de".path}"
"key2:${config.sops.secrets."sign-key-cache.nix.clerie.de".path}"
];
};
};
services.nginx.virtualHosts = {
"nix-cache.clerie.de" = {
enableACME = true;
forceSSL = true;
locations."= /" = {
index = "/index.txt";
};
locations."= /index.txt" = {
root = ./cache.nix.clerie.de;
};
locations."/" = {
proxyPass = "http://[::1]:5005";
extraConfig = ''
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
'';
};
};
"cache.nix.clerie.de" = {
enableACME = true;
forceSSL = true;
locations."= /" = {
index = "/index.txt";
};
locations."= /index.txt" = {
root = ./cache.nix.clerie.de;
};
locations."= /nix/store/" = {
extraConfig = ''
return 404;
'';
};
locations."/nix/store/" = {
root = "/";
extraConfig = ''
autoindex on;
autoindex_exact_size off;
'';
};
locations."/" = {
proxyPass = "http://[::1]:5005";
extraConfig = ''
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
'';
};
};
};
}