Add nix cache implementation

2024-08-16 14:36:11 +02:00 · 2024-08-16 14:36:11 +02:00 · 9fecd353f8
commit 9fecd353f8
parent f0807443fd
7 changed files with 76 additions and 6 deletions
--- a/modules/services/nix-cache/default.nix
+++ b/modules/services/nix-cache/default.nix
@ -0,0 +1,59 @@
+{ config, pkgs, lib, ... }:
+
+with { inherit (lib) mkEnableOption mkOption types mkIf; };
+let
+  cfg = config.nki.services.nix-cache;
+in
+{
+  options.nki.services.nix-cache = {
+    enableClient = mkOption {
+      type = types.bool;
+      default = !cfg.enableServer;
+      description = "Enable nix-cache client";
+    };
+    enableServer = mkEnableOption "Enable nix-cache server";
+
+    host = mkOption {
+      type = types.str;
+      default = "nix.home.tinc";
+    };
+
+    publicKey = mkOption {
+      type = types.str;
+      default = builtins.readFile ./cache-pub-key.pem;
+    };
+
+    privateKeyFile = mkOption {
+      type = types.path;
+      description = "Path to the private key .pem file";
+    };
+  };
+
+  config = {
+    nix.settings = mkIf cfg.enableClient {
+      substituters = [ cfg.host ];
+      trusted-public-keys = [ cfg.publicKey ];
+    };
+
+    services.nix-serve = mkIf cfg.enableServer {
+      enable = true;
+      secretKeyFile = cfg.privateKeyFile;
+    };
+
+    users = mkIf cfg.enableServer {
+      users.nix-serve = { group = "nix-serve"; isSystemUser = true; };
+      groups.nix-serve = { };
+    };
+
+    services.nginx = mkIf cfg.enableServer {
+      enable = true;
+      recommendedProxySettings = true;
+      virtualHosts = {
+        # ... existing hosts config etc. ...
+        "${cfg.host}" = {
+          locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
+        };
+      };
+    };
+  };
+}