{ pkgs, lib, ... }: { fileSystems."/nvme" = { device = "/dev/nvme0n1"; fsType = "ext4"; }; security.acme.acceptTerms = true; security.acme.defaults.email = "experiments@lahfa.xyz"; services.tvix-binary-cache = { enable = true; enableNginx = true; nginx = { clientMaxBodySize = "50G"; host = "binary-cache"; }; caches = { forkos = { grpcListenAddress = "[::1]:5000"; narBridgeListenAddress = "[::1]:8000"; tvix-daemon-composition.pathinfoservices = { sled = { type = "sled"; is_temporary = false; path = "/var/lib/tvix-daemon-forkos/pathinfos.sled"; }; default = lib.mkForce { type = "nix"; url = "nix+https://bagel-cache.s3-web.delroth.net"; blobservice = "default"; directoryservice = "objectstore"; }; }; }; cno = { grpcListenAddress = "[::1]:5001"; narBridgeListenAddress = "[::1]:8001"; tvix-daemon-composition.pathinfoservices = { sled = { type = "sled"; is_temporary = false; path = "/var/lib/tvix-daemon-cno/pathinfos.sled"; }; default = lib.mkForce { type = "nix"; url = "nix+https://cache.nixos.org?trusted-public-keys=cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="; blobservice = "default"; directoryservice = "objectstore"; }; }; }; }; }; fileSystems."/var/lib/tvix-castore" = { device = "/nvme"; options = [ "bind" ]; }; services.nginx.virtualHosts.binary-cache = { enableACME = true; forceSSL = true; default = true; serverName = "tvix.store"; serverAliases = [ "cache.nixos.sh" ]; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; environment.systemPackages = with pkgs; [ broot tree iotop glances htop ]; }