Move cache back to HTTPS

This commit is contained in:
Vili Sinervä 2025-07-14 03:03:22 +03:00
parent ae10053eeb
commit f3b8ea78de
Signed by: Vili Sinervä
SSH key fingerprint: SHA256:FladqYjaE4scJY3Hi+gnShZ6ygnTJgixy0I6BAoHyos
2 changed files with 17 additions and 1 deletions

View file

@ -31,7 +31,7 @@ in
];
distributedBuilds = true;
settings = {
substituters = [ "ssh://nix-ssh@cache.sinerva.eu" ];
substituters = [ "https://cache.sinerva.eu" ];
trusted-public-keys = [ "cache.sinerva.eu:TaIhyAKozO/r88EBWMSdbp+TB0YlcXT/EADunYoYLVc=" ];
builders-use-substitutes = true;
max-jobs = lib.mkIf cfg.disableLocalBuilds 0;

View file

@ -1,6 +1,7 @@
{ config, lib, ... }:
let
cfg = config.custom.services.nixCacheServer;
cacheDomain = "cache.sinerva.eu";
in
{
options.custom.services.nixCacheServer.enable = lib.mkEnableOption "Nix SSH cache server";
@ -8,6 +9,21 @@ in
config = lib.mkIf cfg.enable {
sops.secrets.priv-cache-key.sopsFile = ../../secrets/ci.yaml;
services = {
nix-serve = {
enable = true;
bindAddress = "127.0.0.2";
port = 8081;
secretKeyFile = config.sops.secrets.priv-cache-key.path;
};
nginx.virtualHosts = {
${cacheDomain}.locations."/" = {
proxyPass = "http://127.0.0.2:8081";
};
};
};
nix = {
extraOptions = ''
secret-key-files = ${config.sops.secrets.priv-cache-key.path}