fuuko/binary-cache: Add nar-serve

This commit is contained in:
Simon Bruder 2021-04-08 21:40:14 +02:00
parent 8d9e3af211
commit 5dff1a426f
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC

View file

@ -8,7 +8,7 @@
# ${XDG_CACHE_HOME:-$HOME/.cache}/.cache/nix/binary-cache-v6.sqlite and does
# not re-check or invalidate them. Devices that often are not at home should
# ensure that the cached priority is 50 to avoid slow substitutions.
{ config, lib, ... }:
{ config, lib, pkgs, ... }:
let
binaryCachePath = "/data/cache/nix-binary-cache";
in
@ -52,9 +52,43 @@ in
auth_basic_user_file ${config.sops.secrets.nix-binary-cache-htpasswd.path};
}
'';
"/nix/store/".proxyPass = "http://localhost:${config.systemd.services.nar-serve.environment.PORT}";
};
};
};
systemd.services.nginx.serviceConfig.ReadWritePaths = lib.singleton binaryCachePath;
# TODO 21.05: Replace with upstream module
systemd.services.nar-serve =
let
# TODO: remove once new version is released and in nixpkgs
nar-serve = pkgs.unstable.nar-serve.overrideAttrs (o: o // {
version = "unstable-2021-04-08";
src = pkgs.fetchFromGitHub {
owner = "numtide";
repo = "nar-serve";
rev = "4243b0efa41910dfa4be8b9936ae460699d3f8f0";
sha256 = "0mjs3yilf5rixm67wk4h4jji54dsc0w3vfxd561pvfbxplbmgh3c";
};
});
in
{
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = {
PORT = "8383";
NAR_CACHE_URL = "file://${binaryCachePath}";
};
serviceConfig = {
Restart = "always";
RestartSec = "5s";
ExecStart = "${nar-serve}/bin/nar-serve";
DynamicUser = true;
StandardOutput = "null"; # nar-server logs multiple lines on every request
};
};
}