darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

make the cache internal-only

Browse source
This commit is contained in:
Charlotte 🦝 Delenk 2022-03-02 21:36:11 +01:00
parent 78cfc13b2b
commit 3ea92074e8
Signed by: darkkirb
GPG key ID: AB2BD8DAF2E37122
1 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
config/services/nix-cache.nix
View file

@ -1,4 +1,11 @@
{ ... }: { { lib, config, pkgs, ... }:
let
listenIPs = (import ../../utils/getInternalIP.nix config).listenIPs;
listenStatements = lib.concatStringsSep "\n" (builtins.map (ip: "listen ${ip}:443 http3;") listenIPs) + ''
add_header Alt-Svc 'h3=":443"';
'';
in
{
imports = [ imports = [
(import ../../modules/gateway-st.nix { (import ../../modules/gateway-st.nix {
name = "nix-cache"; name = "nix-cache";
@ -6,6 +13,7 @@
}) })
]; ];
services.nginx.virtualHosts."cache.int.chir.rs" = { services.nginx.virtualHosts."cache.int.chir.rs" = {
listenAddresses = listenIPs;
sslCertificate = "/var/lib/acme/int.chir.rs/cert.pem"; sslCertificate = "/var/lib/acme/int.chir.rs/cert.pem";
sslCertificateKey = "/var/lib/acme/int.chir.rs/key.pem"; sslCertificateKey = "/var/lib/acme/int.chir.rs/key.pem";
locations."/" = { locations."/" = {