feat(ops/modules): configure builderball cache setup

Configures an experimental setup for a builderball-based public cache. This cache only includes the two build machines (whitby & nevsky), for the time period where both of them exist simultaneously. The idea is this: All participating hosts run a harmonia binary cache locally (whitby already does). They then run builderball instances pointing at each other's harmonia caches (through dedicated public hostnames). When a request comes in, the first matching cache address is returned and Nix will substitute from there. Change-Id: Ia7d5357fd5e04f77b460205544fa24e82b100230 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12975 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2025-01-12 16:44:11 +03:00 · 2025-01-12 16:44:11 +03:00 · c948a26d7d
commit c948a26d7d
parent 6733b26ba5
9 changed files with 214 additions and 11 deletions
--- a/ops/modules/www/self-cache.tvl.fyi.nix
+++ b/ops/modules/www/self-cache.tvl.fyi.nix
@ -0,0 +1,26 @@
+# per-host addresses for publicly reachable caches, for use with builderball
+# TODO(tazjin): merge with the public cache module; but needs ACME fixes
+{ config, lib, ... }:
+
+{
+  imports = [
+    ./base.nix
+  ];
+
+  config = lib.mkIf config.services.depot.harmonia.enable {
+    services.nginx.virtualHosts."${config.networking.hostName}.cache.tvl.fyi" = {
+      enableACME = true;
+      forceSSL = true;
+
+      extraConfig = ''
+        location = /cache-key.pub {
+          alias /run/agenix/nix-cache-pub;
+        }
+
+        location / {
+          proxy_pass http://${config.services.depot.harmonia.settings.bind};
+        }
+      '';
+    };
+  };
+}