{ pkgs, lib, ... }: { fileSystems."/nvme" = { device = "/dev/nvme0n1"; fsType = "ext4"; }; security.acme.acceptTerms = true; security.acme.defaults.email = "experiments@lahfa.xyz"; services.tvix-binary-cache = { enable = true; enableNginx = true; nginx = { clientMaxBodySize = "50G"; host = "binary-cache"; }; castoreDir = "/nvme"; caches = { forkos = { grpcListenAddress = "[::1]:5000"; narBridgeListenAddress = "[::1]:8000"; tvix-daemon-composition.pathinfoservices = { sled = { type = "sled"; is_temporary = false; path = "/var/lib/tvix-daemon-forkos/pathinfos.sled"; }; nix = { type = "nix"; base_url = "https://bagel-cache.s3-web.delroth.net"; blob_service = "default"; directory_service = "objectstore"; }; default = lib.mkForce { type = "cache"; near = "sled"; far = "nix"; }; }; }; cno = { grpcListenAddress = "[::1]:5001"; narBridgeListenAddress = "[::1]:8001"; tvix-daemon-composition.pathinfoservices = { sled = { type = "sled"; is_temporary = false; path = "/var/lib/tvix-daemon-cno/pathinfos.sled"; }; nix = { type = "nix"; base_url = "https://cache.nixos.org?trusted-public-keys=cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="; blob_service = "default"; directory_service = "objectstore"; }; default = lib.mkForce { type = "cache"; near = "sled"; far = "nix"; }; }; }; }; }; services.nginx.virtualHosts.binary-cache = { enableACME = true; forceSSL = true; default = true; serverName = "tvix.store"; serverAliases = [ "cache.nixos.sh" ]; locations."/".proxyPass = "http://[::1]:5000"; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; environment.systemPackages = with pkgs; [ broot tree iotop glances htop ]; }