27 lines
949 B
Markdown
27 lines
949 B
Markdown
# nix-cache
|
|
|
|
Serves a Nix binary cache from Cloudflare R2 with JWT-based authentication.
|
|
Only users with a valid Keycloak token and membership in the `nix-cache-users`
|
|
group can read from the cache.
|
|
|
|
Nix clients authenticate via netrc (Basic auth), while other clients can use
|
|
Bearer tokens directly. JWTs are verified locally using cached JWKS public keys.
|
|
|
|
## Development
|
|
|
|
```bash
|
|
npm install # install dependencies
|
|
npm test # run vitest (uses miniflare locally)
|
|
npm run dev # start wrangler dev server on localhost:8787
|
|
```
|
|
|
|
## Cloudflare Setup
|
|
|
|
1. Create an A record on the subdomain you want this Worker to run on which
|
|
points to `192.0.2.1`
|
|
2. Edit `wrangler.jsonc`:
|
|
- `route` should be the subdomain followed by `/*`
|
|
- `bucket_name` should be the name of the R2 bucket you'll use
|
|
3. Run `npx wrangler login` to login to Wrangler
|
|
4. Run `npm run deploy`
|
|
5. Upload an `index.html` to your bucket if you want a landing page
|