ops/cloudflare-workers
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
cloudflare-workers/nix-cache/README.md
Abel Luck 8501f0ac3a add docs
2026-02-26 13:58:40 +01:00

949 B
Raw Blame History

nix-cache

Serves a Nix binary cache from Cloudflare R2 with JWT-based authentication. Only users with a valid Keycloak token and membership in the nix-cache-users group can read from the cache.

Nix clients authenticate via netrc (Basic auth), while other clients can use Bearer tokens directly. JWTs are verified locally using cached JWKS public keys.

Development

npm install    # install dependencies
npm test       # run vitest (uses miniflare locally)
npm run dev    # start wrangler dev server on localhost:8787

Cloudflare Setup

  1. Create an A record on the subdomain you want this Worker to run on which points to 192.0.2.1
  2. Edit wrangler.jsonc:
    • route should be the subdomain followed by /*
    • bucket_name should be the name of the R2 bucket you'll use
  3. Run npx wrangler login to login to Wrangler
  4. Run npm run deploy
  5. Upload an index.html to your bucket if you want a landing page