# Caddy config for the cargoxx binary cache. # # The router does PAT (port forwarding) so the *external* world reaches # us at the standard 80/443 but the *internal* ports are different. # `http_port` and `https_port` below must match the internal ports the # router forwards to. Override via runner/.env: # # CADDY_HTTP_PORT=8080 # CADDY_HTTPS_PORT=8443 # # (Those env vars are picked up by compose.yml to publish the ports # AND injected into this Caddyfile via the {$VAR:default} substitution # below — Caddy expands env vars natively.) { # Internal ports — must equal whatever the router forwards 80/443 to. http_port {$CADDY_HTTP_PORT:8080} https_port {$CADDY_HTTPS_PORT:8443} # ACME's HTTP-01 challenge probe still arrives at host:80 → router # → :8080; Caddy answers it on the internal port. Auto cert works # as long as the PAT maps 80 → CADDY_HTTP_PORT and 443 → CADDY_HTTPS_PORT. email vorontsov@amadey.xyz } cache.cargoxx.amadey.xyz { root * /srv/cache file_server # narinfo / nar are immutable per content hash → cache aggressively. @cache_immutable path *.narinfo *.nar.xz *.nar header @cache_immutable Cache-Control "public, immutable, max-age=31536000" # Substituter probe; short cache so new entries land quickly. @cache_info path /nix-cache-info header @cache_info Cache-Control "public, max-age=300" log { output file /data/access.log { roll_size 50MiB roll_keep 5 } } }