feat(binary-cache): Add some hints on how to configure the cache

README.md

@@ -9,6 +9,23 @@ You're expected to read this document before commiting to the repo.
 
 Some documentation for the development tools are provided in the aforementioned file.
 
+# Using the binary cache
+
+Add the following module to your configuration (and pin this repo using your favorite tool: npins, lon, etc...):
+```
+{ lib, ... }:
+let
+  dgnum-infra = PINNED_PATH_TO_INFRA;
+in {
+  nix.settings = (import dgnum-infra).mkCacheSettings {
+    caches = [
+      "infra"
+    ];
+  };
+}
+```
+
+
 # Adding a new machine
 
 The first step is to create a minimal viable NixOS host, using tha means necessary.

default.nix

@@ -76,6 +76,8 @@ in
 
   dns = import ./meta/dns.nix;
 
+  mkCacheSettings = import ./machines/storage01/tvix-store/cache-settings.nix;
+
   shells = {
     default = pkgs.mkShell {
       name = "dgnum-infra";

machines/storage01/tvix-cache/cache-settings.nix

@@ -0,0 +1,14 @@
+let
+  cache-info = {
+    infra = {
+      public-key = "infra.tvix-store.dgnum.eu-1:8CAY64o3rKjyw2uA5mzr/aTzstnc+Uj4g8OC6ClG1m8=";
+      url = "https://tvix-store.dgnum.eu/infra";
+    };
+  };
+in
+
+{ caches }:
+{
+  trusted-substituters = builtins.map (cache: cache-info.${cache}.url) caches;
+  trusted-public-keys = builtins.map (cache: cache-info.${cache}.public-key) caches;
+}

machines/storage01/tvix-cache/default.nix

@@ -1,9 +1,13 @@
 { pkgs, config, ... }:
 let
-  settingsFormat = pkgs.formats.toml { };
-
-  dataDir = "/data/slow/tvix-store";
 
+  # How to add a cache:
+  #  - Add the relevant services (likely only a pathinfoservice) to the
+  #    composition config (store-config.composition).
+  #  - Add an endpoint (store-config.endpoints).
+  #  - Append a proxy configuration to nginx in order to make the store
+  #    accessible.
+  #  - Update cache-info.nix so users can add the cache to their configuration
   store-config = {
     composition = {
       blobservices.default = {
@@ -54,6 +58,13 @@ let
       };
     };
   };
+
+  settingsFormat = pkgs.formats.toml { };
+
+  webHost = "tvix-store.dgnum.eu";
+
+  dataDir = "/data/slow/tvix-store";
+
   systemdHardening = {
     PrivateDevices = true;
     PrivateTmp = true;
@@ -70,10 +81,12 @@ let
     RuntimeDirectoryMode = "0750";
     StateDirectoryMode = "0750";
   };
+
   toml = {
     composition = settingsFormat.generate "composition.toml" store-config.composition;
     endpoints = settingsFormat.generate "endpoints.toml" store-config.endpoints;
   };
+
   package = pkgs.callPackage ./package { };
 in
 {
@@ -83,7 +96,7 @@ in
     "nginx"
   ];
 
-  services.nginx.virtualHosts."tvix-store.dgnum.eu" = {
+  services.nginx.virtualHosts.${webHost} = {
     enableACME = true;
     forceSSL = true;
     locations = {
@@ -105,14 +118,12 @@ in
           auth_basic_user_file ${config.age.secrets."nginx-tvix-store-password-ci".path};
         '';
       };
-      "/.well-known/nix-signing-keys/" = {
-        alias = "${./pubkeys}/";
-        extraConfig = "autoindex on;";
-      };
     };
   };
+
   # TODO add tvix-store cli here
   # environment.systemPackages = [ ];
+
   users.users.tvix-store = {
     isSystemUser = true;
     group = "tvix-store";

machines/storage01/tvix-cache/pubkeys/infra

@@ -1 +0,0 @@
-infra.tvix-store.dgnum.eu-1:8CAY64o3rKjyw2uA5mzr/aTzstnc+Uj4g8OC6ClG1m8=