nrabulinski/settei
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

hosts/kazuki/attic: separate subdomain per cache

Browse source
This commit is contained in:
Nikodem Rabuliński 2024-02-11 15:45:10 +01:00
parent b88c927563
commit 298e70e838
1 changed files with 18 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

22
hosts/kazuki/attic.nix
View file

@ -30,8 +30,7 @@ in {
avg-size = 0; avg-size = 0;
max-size = 0; max-size = 0;
}; };
api-endpoint = "https://cache.nrab.lol/"; api-endpoint = "https://attic.nrab.lol/";
allowed-hosts = ["cache.nrab.lol"];
}; };
}; };
@ -67,7 +66,7 @@ in {
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts."cache.nrab.lol" = { virtualHosts."attic.nrab.lol" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
@ -75,6 +74,16 @@ in {
}; };
extraConfig = '' extraConfig = ''
client_max_body_size 8G; client_max_body_size 8G;
'';
};
virtualHosts."cache.nrab.lol" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
locations."/" = {
proxyPass = "http://attic/public$request_uri";
};
extraConfig = ''
proxy_cache nixstore; proxy_cache nixstore;
proxy_cache_use_stale error timeout http_500 http_502; proxy_cache_use_stale error timeout http_500 http_502;
proxy_cache_lock on; proxy_cache_lock on;
@ -92,9 +101,14 @@ in {
''; '';
}; };
security.acme.certs."cache.nrab.lol" = { security.acme.certs."attic.nrab.lol" = {
dnsProvider = "cloudflare"; dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.nrab-lol-cf.path; credentialsFile = config.age.secrets.nrab-lol-cf.path;
webroot = null; webroot = null;
}; };
security.acme.certs."cache.nrab.lol" = {
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.nrab-lol-cf.path;
};
} }