From 9ae4ed5ce906ae1bd2592bb82b70e1f903af69f5 Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Sun, 21 Apr 2024 23:43:28 +0200
Subject: [PATCH] cluster/services/attic: also use the garage bucket for the
 binary cache

---
 cluster/services/attic/binary-cache.nix | 65 +++++++++++++++++--------
 1 file changed, 45 insertions(+), 20 deletions(-)

diff --git a/cluster/services/attic/binary-cache.nix b/cluster/services/attic/binary-cache.nix
index b1e4ecf..90d949f 100644
--- a/cluster/services/attic/binary-cache.nix
+++ b/cluster/services/attic/binary-cache.nix
@@ -1,4 +1,4 @@
-{ config, depot, ... }:
+{ config, cluster, depot, ... }:
 with depot.lib.nginx;
 let
   addrSplit' = builtins.split ":" config.services.minio.listenAddress;
@@ -8,6 +8,10 @@ let
   port = builtins.head (builtins.tail addrSplit);
 in
 {
+  links.garageNixStoreInternalRedirect = {
+    protocol = "http";
+    path = "/nix-store";
+  };
   services.nginx.upstreams = {
       nar-serve.extraConfig = ''
       random;
@@ -15,7 +19,10 @@ in
       server ${config.links.nar-serve-nixos-org.tuple} fail_timeout=0;
     '';
     nix-store.servers = {
-      "${config.links.atticServer.tuple}" = {
+      "${cluster.config.hostLinks.${config.networking.hostName}.garageWeb.tuple}" = {
+        fail_timeout = 0;
+      };
+      "${config.links.garageNixStoreInternalRedirect.tuple}" = {
         fail_timeout = 0;
       };
       "${host}:${port}" = {
@@ -27,28 +34,46 @@ in
   services.nginx.appendHttpConfig = ''
     proxy_cache_path /var/cache/nginx/nixstore levels=1:2 keys_zone=nixstore:10m max_size=10g inactive=24h use_temp_path=off;
   '';
-  services.nginx.virtualHosts."cache.${depot.lib.meta.domain}" = vhosts.basic // {
-    locations = {
-      "= /".return = "302 /404";
-      "/" = {
-        proxyPass = "http://nix-store/nix-store$request_uri";
-        extraConfig = ''
-          proxy_next_upstream error http_500 http_404;
-        '';
+  services.nginx.virtualHosts = {
+    "cache.${depot.lib.meta.domain}" = vhosts.basic // {
+      locations = {
+        "= /".return = "302 /404";
+        "/" = {
+          proxyPass = "http://nix-store/nix-store$request_uri";
+          extraConfig = ''
+            proxy_next_upstream error http_500 http_502 http_404;
+          '';
+        };
+        "/nix/store" = {
+          proxyPass = "http://nar-serve";
+          extraConfig = ''
+            proxy_next_upstream error http_500 http_404;
+          '';
+        };
       };
-      "/nix/store" = {
-        proxyPass = "http://nar-serve";
+      extraConfig = ''
+        proxy_cache nixstore;
+        proxy_cache_use_stale error timeout http_500 http_502;
+        proxy_cache_lock on;
+        proxy_cache_key $request_uri;
+        proxy_cache_valid 200 24h;
+      '';
+    };
+    "garage-nix-store.internal.${depot.lib.meta.domain}" = {
+      serverName = "127.0.0.1";
+      listen = [
+        {
+          addr = "127.0.0.1";
+          inherit (config.links.garageNixStoreInternalRedirect) port;
+        }
+      ];
+      locations."~ ^${config.links.garageNixStoreInternalRedirect.path}/(.*)" = {
+        proxyPass = with cluster.config.links.garageWeb; "${protocol}://nix-store.${hostname}/$1";
+        recommendedProxySettings = false;
         extraConfig = ''
-          proxy_next_upstream error http_500 http_404;
+          proxy_set_header Host "nix-store.${cluster.config.links.garageWeb.hostname}";
         '';
       };
     };
-    extraConfig = ''
-      proxy_cache nixstore;
-      proxy_cache_use_stale error timeout http_500 http_502;
-      proxy_cache_lock on;
-      proxy_cache_key $request_uri;
-      proxy_cache_valid 200 24h;
-    '';
   };
 }