runner: Caddyfile for cache HTTPS frontend + README

This commit is contained in:
2026-05-18 20:27:48 +00:00
parent bbae941a36
commit fcecc1e5b0
2 changed files with 39 additions and 13 deletions

View File

@@ -61,22 +61,20 @@ Self-hosted Gitea Actions runner that validates package PRs.
The `cache/` directory is gitignored. Both keys live alongside
`compose.yml`; the named volume binds use `${PWD}/cache/...`.
5. **(optional) Front the store with nginx** so substituters can read it:
5. **(optional) Front the store with Caddy** so substituters can read it.
A ready-to-edit `Caddyfile.example` ships in this directory — copy
into `/etc/caddy/Caddyfile` (or `import` it) and reload:
```nginx
# /etc/nginx/sites-available/cargoxx-cache
server {
listen 443 ssl;
server_name cache.cargoxx.<your-domain>;
root /path/to/cargoxx-pkgs/runner/cache/store;
autoindex off;
location / { try_files $uri =404; }
}
```sh
sudo install -m644 Caddyfile.example /etc/caddy/conf.d/cargoxx-cache
sudo systemctl reload caddy
```
Consumers later need `substituters = https://cache.cargoxx.<your-domain>`
and `trusted-public-keys = <contents of cache.pub>` in their nix
config (bake this into the cargoxx wrapper once ready).
Caddy auto-provisions a Let's Encrypt cert. Consumers later need
`substituters = https://cache.cargoxx.<your-domain>` and
`trusted-public-keys = <contents of cache.pub>` in their nix config
— those go into the cargoxx wrapper (`cargoxx`'s own `flake.nix`),
so any user installing the bundled cargoxx picks them up.
6. **Start the runner**: