From 31bf6bc06293580451775f5d0d0c8bd6c70ad387 Mon Sep 17 00:00:00 2001
From: RGBCube <git@rgbcu.be>
Date: Wed, 26 Feb 2025 02:34:56 +0300
Subject: [PATCH] fix: make cache serve s3

---
 hosts/best/cache.nix             | 18 ++++++++++++++++++
 hosts/best/garage/default.nix    |  4 ++--
 hosts/best/nix-serve/default.nix | 27 ---------------------------
 hosts/best/nix-serve/key.age     |  8 --------
 secrets.nix                      |  2 --
 5 files changed, 20 insertions(+), 39 deletions(-)
 create mode 100644 hosts/best/cache.nix
 delete mode 100644 hosts/best/nix-serve/default.nix
 delete mode 100644 hosts/best/nix-serve/key.age

diff --git a/hosts/best/cache.nix b/hosts/best/cache.nix
new file mode 100644
index 0000000..a44dafa
--- /dev/null
+++ b/hosts/best/cache.nix
@@ -0,0 +1,18 @@
+{ self, config, lib, ... }: let
+  inherit (config.networking) domain;
+  inherit (lib) merge;
+
+  fqdn = "cache.${domain}";
+in {
+  imports = [(self + /modules/nginx.nix)];
+
+  services.nginx.virtualHosts.${fqdn} = merge config.services.nginx.sslTemplate {
+    locations."/" = {
+      extraConfig = /* nginx */ ''
+        proxy_set_header Host "hercules.${config.services.garage.settings.s3_api.root_domain}";
+      '';
+
+      proxyPass = "http://${config.services.garage.settings.s3_api.api_bind_addr}";
+    };
+  };
+}
diff --git a/hosts/best/garage/default.nix b/hosts/best/garage/default.nix
index 55b3bf1..a771b64 100644
--- a/hosts/best/garage/default.nix
+++ b/hosts/best/garage/default.nix
@@ -3,8 +3,8 @@
   inherit (lib) enabled merge;
 
   fqdn    = "s3.${domain}";
-  portS3  = 8004;
-  portRpc = 8005;
+  portS3  = 8003;
+  portRpc = 8004;
 in {
   imports = [(self + /modules/nginx.nix)];
 
diff --git a/hosts/best/nix-serve/default.nix b/hosts/best/nix-serve/default.nix
deleted file mode 100644
index 8288029..0000000
--- a/hosts/best/nix-serve/default.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ self, config, lib, pkgs, ... }: let
-  inherit (config.networking) domain;
-  inherit (lib) enabled merge;
-
-  fqdn = "cache.${domain}";
-  port = 8003;
-in {
-  imports = [(self + /modules/nginx.nix)];
-
-  secrets.nixServeKey = {
-    file  = ./key.age;
-    owner = "nix-serve";
-  };
-
-  services.nix-serve = enabled {
-    package       = pkgs.nix-serve-ng;
-    secretKeyFile = config.secrets.nixServeKey.path;
-
-    # Not ::1 because nix-serve doesn't like that.
-    bindAddress = "127.0.0.1";
-    inherit port;
-  };
-
-  services.nginx.virtualHosts.${fqdn} = merge config.services.nginx.sslTemplate {
-    locations."/".proxyPass = "http://127.0.0.1:${toString port}";
-  };
-}
diff --git a/hosts/best/nix-serve/key.age b/hosts/best/nix-serve/key.age
deleted file mode 100644
index 478b5c6..0000000
--- a/hosts/best/nix-serve/key.age
+++ /dev/null
@@ -1,8 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 8y3T6w +fPOWUbuD+JGfimuJnNa0wBpQyxC2nXGLGFdxAhfwns
-bonLQGaN8rp0KmZHW9efsPyCQ8eujuxEB9p7Ewdp4Bo
--> ssh-ed25519 CzqbPQ 91liBCRmtq4YGG8Zz6+ObSEDlGVmA8Jn+NPQzTLQoGY
-Gurxg2Tp1sdpz7xESiZCVw5BAuMI5vYH/UtdrFH9vd0
---- MJVivHhiqkVMke+mib2EZiFeZFX/BnFuEUctH+fdwd4
-8k
-Ôh}p©®lðz¾!I{­xÃz@SíZy/‘ôC3JÞQ:t¯ñ»NS&CXw·`%ÕûE	{£f'Oä<Äq‹ï\‚;yù‚Sï“¨—AöùÒ!‚Û_Ù<pñJ „@#‰Û·É(Õ63(«/G·ØgãIvÄ%ýºœ†
\ No newline at end of file
diff --git a/secrets.nix b/secrets.nix
index 70f1dc1..b57a206 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -12,8 +12,6 @@ in {
   "hosts/best/hercules/secrets.age".publicKeys      = [ best ] ++ admins;
   "hosts/best/hercules/token.age".publicKeys        = [ best ] ++ admins;
 
-  "hosts/best/nix-serve/key.age".publicKeys     = [ best ] ++ admins;
-
   # cube
   "hosts/cube/id.age".publicKeys                      = [ cube ] ++ admins;
   "hosts/cube/password.rgb.age".publicKeys            = [ cube ] ++ admins;