# Caddy snippet that serves the cargoxx binary cache over HTTPS. # Append to /etc/caddy/Caddyfile (or include via `import`) and reload: # sudo systemctl reload caddy # # Caddy handles cert provisioning + renewal via ACME automatically. # Adjust the domain + the `root` path if the runner lives elsewhere. # # The cache is read-only here — writes happen exclusively from the # runner job container (`nix copy --to file:///srv/cargoxx-cache/store`). cache.cargoxx.amadey.xyz { root * /home/mozart/cargoxx-pkgs/runner/cache/store file_server browse=false # narinfo / nar are immutable per content hash → cache aggressively. @cache_immutable path *.narinfo *.nar.xz *.nar header @cache_immutable Cache-Control "public, immutable, max-age=31536000" # Substituter probe — short cache, must reflect new entries quickly. @cache_info path /nix-cache-info header @cache_info Cache-Control "public, max-age=300" # Logs go to /var/log/caddy/cargoxx-cache.{access,error}.log by # default; uncomment to override. # log { # output file /var/log/caddy/cargoxx-cache.log # } }