desktop bincache, but real
4 files changed, 25 insertions, 0 deletions
diff --git a/host/Rory-desktop/configuration.nix b/host/Rory-desktop/configuration.nix
index 5e42695..bf37eab 100644
--- a/host/Rory-desktop/configuration.nix
+++ b/host/Rory-desktop/configuration.nix
@@ -22,6 +22,7 @@ args@{
./services/nginx.nix
./services/postgres.nix
+ ./services/nix-bincache.nix
# hardware-specific imports
./optional/hardware-specific/amd.nix
diff --git a/host/Rory-desktop/services/nginx.nix b/host/Rory-desktop/services/nginx.nix
index 8cec099..3a9c53d 100644
--- a/host/Rory-desktop/services/nginx.nix
+++ b/host/Rory-desktop/services/nginx.nix
@@ -29,6 +29,7 @@
'';
additionalModules = with pkgs.nginxModules; [ moreheaders ];
virtualHosts = {
+ "nix-bincache.rory-desktop.local" = import ./nginx/nix-bincache.nix { inherit config; };
"discord.localhost" = import ./nginx/discord.localhost.nix { inherit pkgs; };
"hse.localhost" = import ./nginx/hse.localhost.nix { inherit pkgs; };
"matrix.opensuse.localhost" = import ./nginx/matrix.opensuse.localhost.nix { inherit pkgs; };
diff --git a/host/Rory-desktop/services/nginx/nix-bincache.nix b/host/Rory-desktop/services/nginx/nix-bincache.nix
new file mode 100755
index 0000000..29ffc4d
--- /dev/null
+++ b/host/Rory-desktop/services/nginx/nix-bincache.nix
@@ -0,0 +1,12 @@
+{ config }:
+{
+ locations."/" = {
+ proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
+ extraConfig = ''
+ allow 10.0.0.0/8;
+ allow 192.168.0.0/16;
+ allow 127.0.0.0/8;
+ deny all;
+ '';
+ };
+}
diff --git a/host/Rory-desktop/services/nix-bincache.nix b/host/Rory-desktop/services/nix-bincache.nix
new file mode 100644
index 0000000..811ca63
--- /dev/null
+++ b/host/Rory-desktop/services/nix-bincache.nix
@@ -0,0 +1,11 @@
+{ pkgs, ... }:
+
+{
+ services.nix-serve = {
+ enable = true;
+ package = pkgs.nix-serve-ng;
+ port = 3642;
+ bindAddress = "127.0.0.1";
+ secretKeyFile = "/data/secrets/nix-bincache-priv-key.pem";
+ };
+}
|
