blob: 48887ad8aecf8f8abd988dbe61db3ef5bddf6ef8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
{ config, ... }:
{
services.nginx.virtualHosts."nix-cache.emile.space" = {
forceSSL = true;
enableACME = true;
locations = {
"= /" = {
index = "/index.txt";
};
"= /index.txt" = {
root = ./nix-cache.emile.space;
};
"/" = {
proxyPass = "http://${config.services.harmonia.settings.bind}";
};
};
};
services.harmonia = {
enable = true;
# TODO(emile): manage this using age
# signKeyPath = "/var/lib/secrets/harmonia.secret";
signKeyPath = config.age.secrets.harmonia-signkey.path;
settings.bind = "[::1]:${toString config.emile.ports.harmonia}";
};
# locations."= /" = {
# index = "/index.txt";
# };
# locations."= /nix/store/" = {
# extraConfig = ''
# return 404;
# '';
# };
# locations."/nix/store/" = {
# root = "/";
# extraConfig = ''
# autoindex on;
# autoindex_exact_size off;
# '';
# };
# locations."/" = {
# proxyPass = "http://${config.services.harmonia.settings.bind}";
# extraConfig = ''
# proxy_set_header Host $host;
# proxy_redirect http:// https://;
# proxy_http_version 1.1;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection $connection_upgrade;
# zstd on;
# zstd_types application/x-nix-archive;
# '';
# };
# };
}
|