RGBCube/ncc
1
Fork 0
mirror of https://github.com/RGBCube/ncc synced 2025-07-27 10:07:44 +00:00
Code Issues Activity

feat: serve the local store and fallback to the s3 bucket if it 404's

Browse source
This commit is contained in:
RGBCube 2025-02-27 19:02:15 +03:00
parent 34d9e30529
commit 2efa94d35e
Signed by: RGBCube
SSH key fingerprint: SHA256:CzqbPcfwt+GxFYNnFVCqoN5Itn4YFrshg1TrnACpA5M
6 changed files with 50 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -7,8 +7,8 @@
!hosts/ !hosts/
!hosts/best/ !hosts/best/
!hosts/best/cache/
!hosts/best/garage/ !hosts/best/garage/
!hosts/best/nix-serve/
!hosts/best/hercules/ !hosts/best/hercules/
!hosts/cube/ !hosts/cube/

18
hosts/best/cache.nix
View file

@ -1,18 +0,0 @@
{ self, config, lib, ... }: let
inherit (config.networking) domain;
inherit (lib) merge;
fqdn = "cache.${domain}";
in {
imports = [(self + /modules/nginx.nix)];
services.nginx.virtualHosts.${fqdn} = merge config.services.nginx.sslTemplate {
locations."/" = {
extraConfig = /* nginx */ ''
proxy_set_header Host "hercules.${config.services.garage.settings.s3_web.root_domain}";
'';
proxyPass = "http://${config.services.garage.settings.s3_web.bind_addr}";
};
};
}

43
hosts/best/cache/default.nix vendored Normal file
View file

@ -0,0 +1,43 @@
{ self, config, lib, pkgs, ... }: let
inherit (config.networking) domain;
inherit (lib) enabled merge;
fqdn = "cache.${domain}";
portNixServe = 8006;
in {
imports = [(self + /modules/nginx.nix)];
secrets.nixServeKey = {
file = ./key.age;
owner = "nix-serve";
};
services.nix-serve = enabled {
package = pkgs.nix-serve-ng;
secretKeyFile = config.secrets.nixServeKey.path;
# Not ::1 because nix-serve doesn't like that.
bindAddress = "127.0.0.1";
port = portNixServe;
};
services.nginx.virtualHosts.${fqdn} = merge config.services.nginx.sslTemplate {
extraConfig = /* nginx */ ''
proxy_intercept_errors on;
error_page 404 = @fallback;
'';
locations."= /".return = "301 https://${domain}/404";
locations."/".proxyPass = "http://127.0.0.1:${toString portNixServe}";
locations."@fallback" = {
extraConfig = /* nginx */ ''
proxy_set_header Host "hercules.${config.services.garage.settings.s3_web.root_domain}";
'';
proxyPass = "http://${config.services.garage.settings.s3_web.bind_addr}";
};
};
}

BIN
hosts/best/cache/key.age vendored Normal file
View file

Binary file not shown.

4
rebuild.nu
View file

@ -22,6 +22,10 @@ def main --wrapped [
} }
if $host != (hostname) { if $host != (hostname) {
ssh -q -tt $host $"
rm -rf ncc
"
git ls-files git ls-files
| sync --files-from - ./ ($host + ":ncc") | sync --files-from - ./ ($host + ":ncc")

2
secrets.nix
View file

@ -5,6 +5,8 @@ in {
"hosts/best/id.age".publicKeys = [ best ] ++ admins; "hosts/best/id.age".publicKeys = [ best ] ++ admins;
"hosts/best/password.the.age".publicKeys = [ best ] ++ admins; "hosts/best/password.the.age".publicKeys = [ best ] ++ admins;
"hosts/best/cache/key.age".publicKeys = [ best ] ++ admins;
"hosts/best/garage/environment.age".publicKeys = [ best ] ++ admins; "hosts/best/garage/environment.age".publicKeys = [ best ] ++ admins;
"hosts/best/hercules/caches.age".publicKeys = [ best ] ++ admins; "hosts/best/hercules/caches.age".publicKeys = [ best ] ++ admins;