77 lines
2.4 KiB
Nix
77 lines
2.4 KiB
Nix
{ lib, config, ... }:
|
|
|
|
let
|
|
|
|
inherit (config.pbsds.nginx) mkDomain;
|
|
|
|
/**
|
|
filter-caches :: [str] -> [str]
|
|
*/
|
|
filter-caches =
|
|
let
|
|
blacklist = [
|
|
"https://cache.nixos.org/"
|
|
"http://${config.services.ncps.server.addr}"
|
|
"http://${config.services.ncps.cache.hostName}"
|
|
"https://${config.services.ncps.cache.hostName}"
|
|
];
|
|
in
|
|
lib.filter (cacheAddr: !(builtins.elem cacheAddr blacklist));
|
|
|
|
in
|
|
|
|
{
|
|
|
|
# based on
|
|
# - https://discourse.nixos.org/t/announcing-ncps-a-nix-cache-proxy-server-for-faster-builds/58166
|
|
# - https://github.com/kalbasit/ncps
|
|
# - https://search.nixos.org/options?query=services.ncps
|
|
# - https://github.com/msfjarvis/dotfiles/blob/2dc0b9abc40b6af757b18f3f687fe205c96ef87c/modules/nixos/ncps/default.nix
|
|
# - https://github.com/Ramblurr/nixcfg/blob/2901418935895f86ea84a881e5571813c6370f11/hosts/mali/ncps.nix
|
|
# - https://github.com/numinit/MeshOS/blob/e30e3902a8d6d63d5eda031f58aff8c0b6bc9c94/nixos/modules/caches.nix
|
|
|
|
services.domeneshop-updater.targets = lib.mkIf config.services.ncps.enable [
|
|
config.services.ncps.cache.hostName
|
|
];
|
|
|
|
services.ncps = {
|
|
enable = !config.virtualisation.isVmVariant;
|
|
# logLevel = "info"; # default is "info"
|
|
server.addr = "127.0.0.1:8876";
|
|
# prometheus.enable = true;
|
|
|
|
cache = {
|
|
hostName = "cache-proxy.pbsds.net";
|
|
# hostName = mkDomain "cache-proxy";
|
|
# hostName = config.pbsds.tailscale.fqdn;
|
|
|
|
dataPath = "/mnt/meconium/blob/ncps"; # will be automatically chowned (systemd ReadWritePaths)
|
|
# tempPath = ""; # defaults to "/tmp"
|
|
maxSize = "50G";
|
|
# TODO:
|
|
secretKeyPath = TODO; # config.sops.secrets.ncps-private-key.path;
|
|
|
|
allowPutVerb = false;
|
|
allowDeleteVerb = false;
|
|
# lru = { scheduleTimeZone = "Europe/Oslo"; schedule = "00 08 * * *"; }; # 8 AM daily
|
|
};
|
|
|
|
upstream.caches = filter-caches config.nix.settings.trusted-substituters;
|
|
upstream.publicKeys = config.nix.settings.trusted-public-keys;
|
|
};
|
|
|
|
services.nginx.virtualHosts.${config.services.ncps.cache.hostName} = {
|
|
# addSSL = true;
|
|
forceSSL = true;
|
|
addSSL = true;
|
|
enableACME = true; # useACMEHost = acmeDomain;
|
|
# serverAliases = [ "binarycache" ];
|
|
# serverAliases = [ config.pbsds.tailscale.fqdn ];
|
|
locations."/" = {
|
|
inherit (config.pbsds.nginx.allowList) extraConfig;
|
|
# proxyPass = "http://localhost:${toString config.services.nix-serve.port}";
|
|
};
|
|
};
|
|
|
|
}
|