From 298e70e83874132bc199d060d79b520156544afe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= <nikodem@rabulinski.com>
Date: Sun, 11 Feb 2024 15:45:10 +0100
Subject: [PATCH] hosts/kazuki/attic: separate subdomain per cache

---
 hosts/kazuki/attic.nix | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/hosts/kazuki/attic.nix b/hosts/kazuki/attic.nix
index 0fa0331..25ce398 100644
--- a/hosts/kazuki/attic.nix
+++ b/hosts/kazuki/attic.nix
@@ -30,8 +30,7 @@ in {
         avg-size = 0;
         max-size = 0;
       };
-      api-endpoint = "https://cache.nrab.lol/";
-      allowed-hosts = ["cache.nrab.lol"];
+      api-endpoint = "https://attic.nrab.lol/";
     };
   };
 
@@ -67,7 +66,7 @@ in {
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     recommendedTlsSettings = true;
-    virtualHosts."cache.nrab.lol" = {
+    virtualHosts."attic.nrab.lol" = {
       forceSSL = true;
       enableACME = true;
       locations."/" = {
@@ -75,6 +74,16 @@ in {
       };
       extraConfig = ''
         client_max_body_size 8G;
+      '';
+    };
+    virtualHosts."cache.nrab.lol" = {
+      forceSSL = true;
+      enableACME = true;
+      acmeRoot = null;
+      locations."/" = {
+        proxyPass = "http://attic/public$request_uri";
+      };
+      extraConfig = ''
         proxy_cache nixstore;
         proxy_cache_use_stale error timeout http_500 http_502;
         proxy_cache_lock on;
@@ -92,9 +101,14 @@ in {
     '';
   };
 
-  security.acme.certs."cache.nrab.lol" = {
+  security.acme.certs."attic.nrab.lol" = {
     dnsProvider = "cloudflare";
     credentialsFile = config.age.secrets.nrab-lol-cf.path;
     webroot = null;
   };
+
+  security.acme.certs."cache.nrab.lol" = {
+    dnsProvider = "cloudflare";
+    credentialsFile = config.age.secrets.nrab-lol-cf.path;
+  };
 }