History

Abel Luck b052c3f8d8 allow public access to / and /index.html		2026-02-26 16:22:35 +01:00
..
.vscode	scaffold project	2026-02-26 10:16:34 +01:00
src	allow public access to / and /index.html	2026-02-26 16:22:35 +01:00
test	nix-cache: redirect http to https	2026-02-26 14:45:11 +01:00
.editorconfig	scaffold project	2026-02-26 10:16:34 +01:00
.gitignore	scaffold project	2026-02-26 10:16:34 +01:00
.prettierrc	scaffold project	2026-02-26 10:16:34 +01:00
AGENTS.md	scaffold project	2026-02-26 10:16:34 +01:00
package-lock.json	implement cache proxy with authentication	2026-02-26 11:30:30 +01:00
package.json	implement cache proxy with authentication	2026-02-26 11:30:30 +01:00
README.md	add docs	2026-02-26 13:58:40 +01:00
tsconfig.json	scaffold project	2026-02-26 10:16:34 +01:00
vitest.config.mts	scaffold project	2026-02-26 10:16:34 +01:00
worker-configuration.d.ts	scaffold project	2026-02-26 10:16:34 +01:00
wrangler.jsonc	implement cache proxy with authentication	2026-02-26 11:30:30 +01:00

README.md

nix-cache

Serves a Nix binary cache from Cloudflare R2 with JWT-based authentication. Only users with a valid Keycloak token and membership in the nix-cache-users group can read from the cache.

Nix clients authenticate via netrc (Basic auth), while other clients can use Bearer tokens directly. JWTs are verified locally using cached JWKS public keys.

Development

npm install    # install dependencies
npm test       # run vitest (uses miniflare locally)
npm run dev    # start wrangler dev server on localhost:8787

Cloudflare Setup

Create an A record on the subdomain you want this Worker to run on which points to 192.0.2.1
Edit wrangler.jsonc:
- route should be the subdomain followed by /*
- bucket_name should be the name of the R2 bucket you'll use
Run npx wrangler login to login to Wrangler
Run npm run deploy
Upload an index.html to your bucket if you want a landing page