portable-binary-cache/binary-cache/tvix-cache.nix

80 lines
2.1 KiB
Nix

{ pkgs, lib, ... }: {
fileSystems."/nvme" = {
device = "/dev/nvme0n1";
fsType = "ext4";
};
security.acme.acceptTerms = true;
security.acme.defaults.email = "experiments@lahfa.xyz";
services.tvix-binary-cache = {
enable = true;
enableNginx = true;
nginx = {
clientMaxBodySize = "50G";
host = "binary-cache";
};
castoreDir = "/nvme";
caches = {
forkos = {
grpcListenAddress = "[::1]:5000";
narBridgeListenAddress = "[::1]:8000";
tvix-daemon-composition.pathinfoservices = {
sled = {
type = "sled";
is_temporary = false;
path = "/var/lib/tvix-daemon-forkos/pathinfos.sled";
};
nix = {
type = "nix";
base_url = "https://bagel-cache.s3-web.delroth.net";
blob_service = "default";
directory_service = "objectstore";
};
default = lib.mkForce {
type = "cache";
near = "sled";
far = "nix";
};
};
};
cno = {
grpcListenAddress = "[::1]:5001";
narBridgeListenAddress = "[::1]:8001";
tvix-daemon-composition.pathinfoservices = {
sled = {
type = "sled";
is_temporary = false;
path = "/var/lib/tvix-daemon-cno/pathinfos.sled";
};
nix = {
type = "nix";
base_url = "https://cache.nixos.org?trusted-public-keys=cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=";
blob_service = "default";
directory_service = "objectstore";
};
default = lib.mkForce {
type = "cache";
near = "sled";
far = "nix";
};
};
};
};
};
services.nginx.virtualHosts.binary-cache = {
enableACME = true;
forceSSL = true;
default = true;
serverName = "tvix.store";
serverAliases = [
"cache.nixos.sh"
];
locations."/".proxyPass = "http://[::1]:5000";
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
environment.systemPackages = with pkgs; [ broot tree iotop glances htop ];
}