ryan.freumh.org / nixos
btw i use nix
fork atom
nixos / modules / nix-cache.nix
at b19bf4bde17edffe9d0afa838b108842c2ce2d36 1.1 kB view raw
1{ 2 config, 3 pkgs, 4 lib, 5 ... 6}: 7 8let 9 cfg = config.custom; 10in 11{ 12 options.custom.nix-cache = { 13 enable = lib.mkEnableOption "nix-cache"; 14 domain = lib.mkOption { 15 type = lib.types.str; 16 default = "nix-cache.vpn.${config.networking.domain}"; 17 }; 18 }; 19 20 config = lib.mkIf cfg.nix-cache.enable { 21 age.secrets."cache-priv-key.pem" = { 22 file = ../secrets/cache-priv-key.pem.age; 23 mode = "770"; 24 owner = "${config.systemd.services.nix-serve.serviceConfig.User}"; 25 group = "${config.systemd.services.nix-serve.serviceConfig.Group}"; 26 }; 27 services.nix-serve = { 28 enable = true; 29 secretKeyFile = config.age.secrets."cache-priv-key.pem".path; 30 }; 31 32 services.nginx = { 33 enable = true; 34 virtualHosts.${cfg.nix-cache.domain} = { 35 forceSSL = true; 36 locations."/".extraConfig = '' 37 proxy_pass http://localhost:${toString config.services.nix-serve.port}; 38 proxy_set_header Host $host; 39 proxy_set_header X-Real-IP $remote_addr; 40 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 41 ''; 42 }; 43 }; 44 }; 45}