portable-binary-cache/binary-cache/tvix-cache.nix

73 lines
1.9 KiB
Nix

{ pkgs, lib, ... }: {
fileSystems."/nvme" = {
device = "/dev/nvme0n1";
fsType = "ext4";
};
security.acme.acceptTerms = true;
security.acme.defaults.email = "experiments@lahfa.xyz";
services.tvix-binary-cache = {
enable = true;
enableNginx = true;
nginx = {
clientMaxBodySize = "50G";
host = "binary-cache";
};
caches = {
forkos = {
grpcListenAddress = "[::1]:5000";
narBridgeListenAddress = "[::1]:8000";
tvix-daemon-composition.pathinfoservices = {
sled = {
type = "sled";
is_temporary = false;
path = "/var/lib/tvix-daemon-forkos/pathinfos.sled";
};
default = lib.mkForce {
type = "nix";
url = "nix+https://bagel-cache.s3-web.delroth.net";
blobservice = "default";
directoryservice = "objectstore";
};
};
};
cno = {
grpcListenAddress = "[::1]:5001";
narBridgeListenAddress = "[::1]:8001";
tvix-daemon-composition.pathinfoservices = {
sled = {
type = "sled";
is_temporary = false;
path = "/var/lib/tvix-daemon-cno/pathinfos.sled";
};
default = lib.mkForce {
type = "nix";
url = "nix+https://cache.nixos.org?trusted-public-keys=cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=";
blobservice = "default";
directoryservice = "objectstore";
};
};
};
};
};
fileSystems."/var/lib/tvix-castore" = {
device = "/nvme";
options = [ "bind" ];
};
services.nginx.virtualHosts.binary-cache = {
enableACME = true;
forceSSL = true;
default = true;
serverName = "tvix.store";
serverAliases = [
"cache.nixos.sh"
];
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
environment.systemPackages = with pkgs; [ broot tree iotop glances htop ];
}