about summary refs log tree commit diff
path: root/ops/machines
diff options
context:
space:
mode:
Diffstat (limited to 'ops/machines')
-rw-r--r--ops/machines/volgasprint-cache/default.nix153
1 files changed, 0 insertions, 153 deletions
diff --git a/ops/machines/volgasprint-cache/default.nix b/ops/machines/volgasprint-cache/default.nix
deleted file mode 100644
index 88f2f2863dde..000000000000
--- a/ops/machines/volgasprint-cache/default.nix
+++ /dev/null
@@ -1,153 +0,0 @@
-# temporary machine for local binary cache proxy during VolgaSprint
-
-{ depot, lib, pkgs, ... }: # readTree options
-{ config, ... }: # passed by module system
-
-let
-  mod = name: depot.path.origSrc + ("/ops/modules/" + name);
-in
-{
-  imports = [
-    (mod "tvl-users.nix")
-  ];
-
-  boot = {
-    kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
-    initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ];
-    loader = {
-      grub.enable = false;
-      generic-extlinux-compatible.enable = true;
-    };
-  };
-
-  depot.auto-deploy = {
-    enable = true;
-    interval = "hourly";
-  };
-
-  fileSystems = {
-    "/" = {
-      device = "/dev/disk/by-label/NIXOS_SD";
-      fsType = "ext4";
-      options = [ "noatime" ];
-    };
-    "/var/public-nix-cache" = {
-      device = "/dev/sda1";
-      fsType = "ext4";
-    };
-  };
-
-  networking = {
-    firewall = {
-      enable = true;
-      allowedTCPPorts = [ 80 443 8098 ];
-    };
-
-    hostName = "volgacache";
-    domain = "volgasprint.org";
-
-    wireless = {
-      enable = true;
-      networks.VolgaSprint.psk = "nixos-unstable";
-      interfaces = [ "wlan0" ];
-    };
-
-    wg-quick.interfaces = {
-      wg0 = {
-        address = [ "10.10.10.2/24" "fd42::1/128" ];
-        dns = [ "1.1.1.1" ];
-        privateKeyFile = "/etc/wireguard_private_key";
-
-        peers = [
-          {
-            publicKey = "2MZzEGJzA3HrwkHf91TaKJEHwCNyVvsTLWoIYHrCxhY=";
-            presharedKeyFile = "/etc/wireguard_preshared_key";
-            allowedIPs = [ "0.0.0.0/0" "::/0" ];
-            endpoint = "195.201.63.240:8098";
-            persistentKeepalive = 15;
-          }
-        ];
-      };
-    };
-  };
-
-  services.openssh.enable = true;
-
-  services.nginx = {
-    enable = true;
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-
-    appendHttpConfig = ''
-      proxy_cache_path /tmp/pkgcache levels=1:2 keys_zone=cachecache:100m max_size=20g inactive=365d use_temp_path=off;
-
-      # Cache only success status codes; in particular we don't want to cache 404s.
-      # See https://serverfault.com/a/690258/128321
-      map $status $cache_header {
-      200     "public";
-      302     "public";
-      default "no-cache";
-      }
-      access_log /var/log/nginx/access.log;
-    '';
-
-    virtualHosts."cache.volgasprint.org" = {
-      sslCertificate = "/etc/ssl/cache.volgasprint.org/key.pem";
-      sslCertificateKey = "/etc/ssl/cache.volgasprint.org/key.pem";
-      sslTrustedCertificate = "/etc/ssl/cache.volgasprint.org/chain.pem";
-
-      locations."/" = {
-        root = "/var/public-nix-cache";
-        extraConfig = ''
-          expires max;
-          add_header Cache-Control $cache_header always;
-          # Ask the upstream server if a file isn't available locally
-          error_page 404 = @fallback;
-        '';
-      };
-
-      extraConfig = ''
-        # Using a variable for the upstream endpoint to ensure that it is
-        # resolved at runtime as opposed to once when the config file is loaded
-        # and then cached forever (we don't want that):
-        # see https://tenzer.dk/nginx-with-dynamic-upstreams/
-        # This fixes errors like
-        #   nginx: [emerg] host not found in upstream "upstream.example.com"
-        # when the upstream host is not reachable for a short time when
-        # nginx is started.
-        resolver 80.67.169.12; # fdn dns
-        set $upstream_endpoint http://cache.nixos.org;
-      '';
-
-      locations."@fallback" = {
-        proxyPass = "$upstream_endpoint";
-        extraConfig = ''
-          proxy_cache cachecache;
-          proxy_cache_valid  200 302  60d;
-          expires max;
-          add_header Cache-Control $cache_header always;
-        '';
-      };
-
-      # We always want to copy cache.nixos.org's nix-cache-info file,
-      # and ignore our own, because `nix-push` by default generates one
-      # without `Priority` field, and thus that file by default has priority
-      # 50 (compared to cache.nixos.org's `Priority: 40`), which will make
-      # download clients prefer `cache.nixos.org` over our binary cache.
-      locations."= /nix-cache-info" = {
-        # Note: This is duplicated with the `@fallback` above,
-        # would be nicer if we could redirect to the @fallback instead.
-        proxyPass = "$upstream_endpoint";
-        extraConfig = ''
-          proxy_cache cachecache;
-          proxy_cache_valid  200 302  60d;
-          expires max;
-          add_header Cache-Control $cache_header always;
-        '';
-      };
-    };
-  };
-
-  hardware.enableRedistributableFirmware = true;
-  system.stateVersion = "23.11";
-}