Binary Cache: Difference between revisions
imported>Tfc m add note about where the pubkey comes from |
imported>Tfc Incorporate musicmatze |
||
| Line 5: | Line 5: | ||
This tutorial assumes: | This tutorial assumes: | ||
* NixOS | * NixOS on the serving machine | ||
* You want to serve the nix store via port 80 and already have an nginx service running | * You want to serve the nix store via port 80 and already have an nginx service running (See here how to configure nginx [https://nixos.wiki/wiki/Nginx]) | ||
* The store is served with signing activated | * The store is served with signing activated | ||
* Firewall rules (port 80) are already set up | * Firewall rules (port 80) are already set up (See firewall settings in NixOS manual[https://nixos.org/nixos/manual/index.html#sec-firewall]) | ||
* The hostname "binarycache.mydomain.com" points to the server | * The hostname "binarycache.mydomain.com" points to the server (see <code>networking.hostName</code>[https://nixos.org/nixos/manual/options.html#opt-networking.hostName]) | ||
This tutorial explains the following steps one by one in the following: | |||
# Generate a private/public keypair | # Generate a private/public keypair for signing packages | ||
#* This step is not mandatory, but we are going to serve signed nix packages | #* This step is not mandatory, but we are going to serve signed nix packages | ||
# Activate <code>nix-serve</code> | # Activate <code>nix-serve</code> | ||
| Line 65: | Line 65: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Add HTTPS settings to this config if possible. The tutorial will simply continue with unsecure HTTP. | Add HTTPS settings to this config if possible. The tutorial will simply continue with unsecure HTTP. (See NixOS manual on how to set up HTTPS with letsencrypt[https://nixos.org/nixos/manual/index.html#module-security-acme-nginx]) | ||
=== 4. Rebuild the NixOS config and test === | === 4. Rebuild the NixOS config and test === | ||