nix-home/modules/services/nix-cache/default.nix

{ config, pkgs, lib, ... }:

with { inherit (lib) mkEnableOption mkOption types mkIf; };
let
  cfg = config.nki.services.nix-cache;
in
{
  options.nki.services.nix-cache = {
    enableClient = mkOption {
      type = types.bool;
      default = !cfg.enableServer;
      description = "Enable nix-cache client";
    };
    enableServer = mkEnableOption "Enable nix-cache server";

    host = mkOption {
      type = types.str;
      default = "nix.home.tinc";
    };

    publicKey = mkOption {
      type = types.str;
      default = builtins.readFile ./cache-pub-key.pem;
    };

    privateKeyFile = mkOption {
      type = types.path;
      description = "Path to the private key .pem file";
    };
  };

  config = {
    nix.settings = mkIf cfg.enableClient {
      substituters = [ "http://${cfg.host}" ];
      trusted-public-keys = [ cfg.publicKey ];
    };

    services.nix-serve = mkIf cfg.enableServer {
      enable = true;
      secretKeyFile = cfg.privateKeyFile;
    };

    users = mkIf cfg.enableServer {
      users.nix-serve = { group = "nix-serve"; isSystemUser = true; };
      groups.nix-serve = { };
    };

    services.nginx = mkIf cfg.enableServer {
      enable = true;
      recommendedProxySettings = true;
      virtualHosts = {
        # ... existing hosts config etc. ...
        "${cfg.host}" = {
          locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
        };
      };
    };
  };
}
Add nix cache implementation 2024-08-16 12:36:11 +00:00			`{ config, pkgs, lib, ... }:`

			`with { inherit (lib) mkEnableOption mkOption types mkIf; };`
			`let`
			`cfg = config.nki.services.nix-cache;`
			`in`
			`{`
			`options.nki.services.nix-cache = {`
			`enableClient = mkOption {`
			`type = types.bool;`
			`default = !cfg.enableServer;`
			`description = "Enable nix-cache client";`
			`};`
			`enableServer = mkEnableOption "Enable nix-cache server";`

			`host = mkOption {`
			`type = types.str;`
			`default = "nix.home.tinc";`
			`};`

			`publicKey = mkOption {`
			`type = types.str;`
			`default = builtins.readFile ./cache-pub-key.pem;`
			`};`

			`privateKeyFile = mkOption {`
			`type = types.path;`
			`description = "Path to the private key .pem file";`
			`};`
			`};`

			`config = {`
			`nix.settings = mkIf cfg.enableClient {`
Properly configure firewall to allow tinc to pass through 2024-08-16 13:02:25 +00:00			`substituters = [ "http://${cfg.host}" ];`
Add nix cache implementation 2024-08-16 12:36:11 +00:00			`trusted-public-keys = [ cfg.publicKey ];`
			`};`

			`services.nix-serve = mkIf cfg.enableServer {`
			`enable = true;`
			`secretKeyFile = cfg.privateKeyFile;`
			`};`

			`users = mkIf cfg.enableServer {`
			`users.nix-serve = { group = "nix-serve"; isSystemUser = true; };`
			`groups.nix-serve = { };`
			`};`

			`services.nginx = mkIf cfg.enableServer {`
			`enable = true;`
			`recommendedProxySettings = true;`
			`virtualHosts = {`
			`# ... existing hosts config etc. ...`
			`"${cfg.host}" = {`
			`locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";`
			`};`
			`};`
			`};`
			`};`
			`}`