runner: Caddyfile for cache HTTPS frontend + README
This commit is contained in:
@@ -61,22 +61,20 @@ Self-hosted Gitea Actions runner that validates package PRs.
|
||||
The `cache/` directory is gitignored. Both keys live alongside
|
||||
`compose.yml`; the named volume binds use `${PWD}/cache/...`.
|
||||
|
||||
5. **(optional) Front the store with nginx** so substituters can read it:
|
||||
5. **(optional) Front the store with Caddy** so substituters can read it.
|
||||
A ready-to-edit `Caddyfile.example` ships in this directory — copy
|
||||
into `/etc/caddy/Caddyfile` (or `import` it) and reload:
|
||||
|
||||
```nginx
|
||||
# /etc/nginx/sites-available/cargoxx-cache
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name cache.cargoxx.<your-domain>;
|
||||
root /path/to/cargoxx-pkgs/runner/cache/store;
|
||||
autoindex off;
|
||||
location / { try_files $uri =404; }
|
||||
}
|
||||
```sh
|
||||
sudo install -m644 Caddyfile.example /etc/caddy/conf.d/cargoxx-cache
|
||||
sudo systemctl reload caddy
|
||||
```
|
||||
|
||||
Consumers later need `substituters = https://cache.cargoxx.<your-domain>`
|
||||
and `trusted-public-keys = <contents of cache.pub>` in their nix
|
||||
config (bake this into the cargoxx wrapper once ready).
|
||||
Caddy auto-provisions a Let's Encrypt cert. Consumers later need
|
||||
`substituters = https://cache.cargoxx.<your-domain>` and
|
||||
`trusted-public-keys = <contents of cache.pub>` in their nix config
|
||||
— those go into the cargoxx wrapper (`cargoxx`'s own `flake.nix`),
|
||||
so any user installing the bundled cargoxx picks them up.
|
||||
|
||||
6. **Start the runner**:
|
||||
|
||||
|
||||
Reference in New Issue
Block a user