2024-06-06 15:52:20 +00:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
|
{
|
2023-07-05 15:27:07 +00:00
|
|
|
services.harmonia.enable = true;
|
|
|
|
|
# $ nix-store --generate-binary-cache-key cache.yourdomain.tld-1 harmonia.secret harmonia.pub
|
2023-10-04 05:58:53 +00:00
|
|
|
services.harmonia.signKeyPath = config.sops.secrets.harmonia-secret.path;
|
2023-07-05 15:27:07 +00:00
|
|
|
|
2023-07-05 15:38:01 +00:00
|
|
|
services.nginx = {
|
2024-06-06 15:52:20 +00:00
|
|
|
package = pkgs.nginxStable.override { modules = [ pkgs.nginxModules.zstd ]; };
|
2023-07-05 15:38:01 +00:00
|
|
|
};
|
|
|
|
|
|
2023-11-16 14:41:13 +00:00
|
|
|
# trust our own cache
|
|
|
|
|
nix.settings.trusted-substituters = [ "https://cache.clan.lol" ];
|
2024-06-06 15:52:20 +00:00
|
|
|
nix.settings.trusted-public-keys = [
|
|
|
|
|
"cache.clan.lol-1:3KztgSAB5R1M+Dz7vzkBGzXdodizbgLXGXKXlcQLA28="
|
|
|
|
|
];
|
2023-11-16 14:41:13 +00:00
|
|
|
|
2023-07-05 15:27:07 +00:00
|
|
|
services.nginx.virtualHosts."cache.clan.lol" = {
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
enableACME = true;
|
|
|
|
|
locations."/".extraConfig = ''
|
|
|
|
|
proxy_pass http://127.0.0.1:5000;
|
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
|
proxy_redirect http:// https://;
|
|
|
|
|
proxy_http_version 1.1;
|
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
|
|
proxy_set_header Connection $connection_upgrade;
|
|
|
|
|
|
|
|
|
|
zstd on;
|
|
|
|
|
zstd_types application/x-nix-archive;
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
}
|
