diff --git a/machines/fuuko/services/binary-cache.nix b/machines/fuuko/services/binary-cache.nix index b724b7f..9ef711a 100644 --- a/machines/fuuko/services/binary-cache.nix +++ b/machines/fuuko/services/binary-cache.nix @@ -8,7 +8,7 @@ # ${XDG_CACHE_HOME:-$HOME/.cache}/.cache/nix/binary-cache-v6.sqlite and does # not re-check or invalidate them. Devices that often are not at home should # ensure that the cached priority is 50 to avoid slow substitutions. -{ config, lib, ... }: +{ config, lib, pkgs, ... }: let binaryCachePath = "/data/cache/nix-binary-cache"; in @@ -52,9 +52,43 @@ in auth_basic_user_file ${config.sops.secrets.nix-binary-cache-htpasswd.path}; } ''; + "/nix/store/".proxyPass = "http://localhost:${config.systemd.services.nar-serve.environment.PORT}"; }; }; }; systemd.services.nginx.serviceConfig.ReadWritePaths = lib.singleton binaryCachePath; + + # TODO 21.05: Replace with upstream module + systemd.services.nar-serve = + let + # TODO: remove once new version is released and in nixpkgs + nar-serve = pkgs.unstable.nar-serve.overrideAttrs (o: o // { + version = "unstable-2021-04-08"; + + src = pkgs.fetchFromGitHub { + owner = "numtide"; + repo = "nar-serve"; + rev = "4243b0efa41910dfa4be8b9936ae460699d3f8f0"; + sha256 = "0mjs3yilf5rixm67wk4h4jji54dsc0w3vfxd561pvfbxplbmgh3c"; + }; + }); + in + { + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + environment = { + PORT = "8383"; + NAR_CACHE_URL = "file://${binaryCachePath}"; + }; + + serviceConfig = { + Restart = "always"; + RestartSec = "5s"; + ExecStart = "${nar-serve}/bin/nar-serve"; + DynamicUser = true; + StandardOutput = "null"; # nar-server logs multiple lines on every request + }; + }; }