feat(deertopia): Binary cache

- Provides a container whose traffic is routed through Mullvad VPN. - An option `sydnix.deertopia.mullvad.container.modules` is provided to "hook into" the container's NixOS config.
2025-03-10 12:50:36 -06:00
parent 720c39f2c1
commit 1ff3d14dd3
4 changed files with 31 additions and 2 deletions
--- a/modules/nixos/deertopia/cache.nix
+++ b/modules/nixos/deertopia/cache.nix
@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+
+let cfg = config.sydnix.deertopia.cache;
+in {
+  options.sydnix.deertopia.cache.enable =
+    lib.mkEnableOption "Deertopia's binary cache";
+
+  config = lib.mkIf cfg.enable {
+    sydnix.sops.secrets.deertopia-cache-key.mode = "0600";
+
+    services.nix-serve = {
+      enable = true;
+      secretKeyFile = config.sops.secrets.deertopia-cache-key.path;
+    };
+
+    sydnix.deertopia.nginx.vhosts."cache".vhost = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/".proxyPass =
+        let port = builtins.toString config.services.nix-serve.port;
+        in "http://127.0.0.1:${port}";
+    };
+  };
+}
+