clan-infra/modules/web01/harmonia.nix

30 lines
902 B
Nix
Raw Normal View History

2023-07-05 15:38:01 +00:00
{ config, pkgs, ... }: {
2023-07-05 15:27:07 +00:00
services.harmonia.enable = true;
# $ nix-store --generate-binary-cache-key cache.yourdomain.tld-1 harmonia.secret harmonia.pub
services.harmonia.signKeyPath = config.sops.secrets.harmonia-key.path;
sops.secrets.harmonia-key = { };
2023-07-05 15:38:01 +00:00
services.nginx = {
package = pkgs.nginxStable.override {
modules = [ pkgs.nginxModules.zstd ];
};
};
2023-07-05 15:27:07 +00:00
services.nginx.virtualHosts."cache.clan.lol" = {
forceSSL = true;
enableACME = true;
locations."/".extraConfig = ''
proxy_pass http://127.0.0.1:5000;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
zstd on;
zstd_types application/x-nix-archive;
'';
};
}