clan-infra/modules/web01/harmonia.nix

{ config, ... }: {
  services.harmonia.enable = true;
  # $ nix-store --generate-binary-cache-key cache.yourdomain.tld-1 harmonia.secret harmonia.pub
  services.harmonia.signKeyPath = config.sops.secrets.harmonia-key.path;
  sops.secrets.harmonia-key = { };

  services.nginx.virtualHosts."cache.clan.lol" = {
    useACMEHost = "thalheim.io";
    forceSSL = true;
    enableACME = true;
    locations."/".extraConfig = ''
      proxy_pass http://127.0.0.1:5000;
      proxy_set_header Host $host;
      proxy_redirect http:// https://;
      proxy_http_version 1.1;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;

      zstd on;
      zstd_types application/x-nix-archive;
    '';
  };
}
deploy binary cache 2023-07-05 15:27:07 +00:00			`{ config, ... }: {`
			`services.harmonia.enable = true;`
			`# $ nix-store --generate-binary-cache-key cache.yourdomain.tld-1 harmonia.secret harmonia.pub`
			`services.harmonia.signKeyPath = config.sops.secrets.harmonia-key.path;`
			`sops.secrets.harmonia-key = { };`

			`services.nginx.virtualHosts."cache.clan.lol" = {`
			`useACMEHost = "thalheim.io";`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/".extraConfig = ''`
			`proxy_pass http://127.0.0.1:5000;`
			`proxy_set_header Host $host;`
			`proxy_redirect http:// https://;`
			`proxy_http_version 1.1;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header Upgrade $http_upgrade;`
			`proxy_set_header Connection $connection_upgrade;`

			`zstd on;`
			`zstd_types application/x-nix-archive;`
			`'';`
			`};`
			`}`