From 02878b1cf0393eb525cc517eb13e89a31e0b312b Mon Sep 17 00:00:00 2001
From: Skyler Grey <minion@freshlybakedca.ke>
Date: Thu, 18 Sep 2025 20:25:22 +0000
Subject: [PATCH] feat(cache): setup nix-serve
Change-Id: uwzzxnxzzrwrwkxtknqpzmptlmstowku

Nix-serve is [a cache server](https://github.com/edolstra/nix-serve)
that sets up your nix store to be served as a binary cache. As we're
not going to be using cachix anymore as we are on tangled, we need to do
this to have a cache
---
 packetmix/systems/midnight/cache.nix   | 15 +++++++++++++++
 packetmix/systems/midnight/secrets.nix |  7 +++++++
 packetmix/systems/teal/cache.nix       | 18 ++++++++++++++++++
 3 files changed, 40 insertions(+)
 create mode 100644 packetmix/systems/midnight/cache.nix
 create mode 100644 packetmix/systems/midnight/secrets.nix
 create mode 100644 packetmix/systems/teal/cache.nix

diff --git a/packetmix/systems/midnight/cache.nix b/packetmix/systems/midnight/cache.nix
new file mode 100644
index 00000000..d3bded82
--- /dev/null
+++ b/packetmix/systems/midnight/cache.nix
@@ -0,0 +1,15 @@
+# SPDX-FileCopyrightText: 2025 FreshlyBakedCake
+#
+# SPDX-License-Identifier: MIT
+
+{
+  networking.firewall.allowedTCPPorts = [ 1025 ];
+
+  services.nix-serve = {
+    enable = true;
+    secretKeyFile = "/secrets/cache/signer.key";
+
+    bindAddress = "0.0.0.0";
+    port = 1025;
+  };
+}
diff --git a/packetmix/systems/midnight/secrets.nix b/packetmix/systems/midnight/secrets.nix
new file mode 100644
index 00000000..1d934f04
--- /dev/null
+++ b/packetmix/systems/midnight/secrets.nix
@@ -0,0 +1,7 @@
+# SPDX-FileCopyrightText: 2025 FreshlyBakedCake
+#
+# SPDX-License-Identifier: MIT
+
+{
+  clicks.storage.impermanence.persist.directories = [ "/secrets" ];
+}
diff --git a/packetmix/systems/teal/cache.nix b/packetmix/systems/teal/cache.nix
new file mode 100644
index 00000000..d2614eb3
--- /dev/null
+++ b/packetmix/systems/teal/cache.nix
@@ -0,0 +1,18 @@
+# SPDX-FileCopyrightText: 2025 FreshlyBakedCake
+#
+# SPDX-License-Identifier: MIT
+
+{
+  services.nginx.enable = true;
+  services.nginx.virtualHosts."cache.freshlybakedca.ke" = {
+    addSSL = true;
+    enableACME = true;
+    acmeRoot = null;
+
+    locations."/" = {
+      proxyPass = "http://midnight:1025";
+      recommendedProxySettings = true;
+      proxyWebsockets = true;
+    };
+  };
+}
-- 
2.43.0