Radish alpha
r
radicle-infra
rad:z254T5p17bdFPmzfDojsdjo4HjpoZ
Radicle Infrastructure as Code (NixOS, OpenTofu, …)
Radicle
Git
Commits db90b20
os/mixin/radicle/httpd: Improve caching
Lorenz Leutgeb committed 2 days ago
commit db90b20d56396130f9d9dd3730ff39c186e66bb5
parent 02dc4de
1 file changed +72 -2
modified os/mixin/radicle.nix
@@ -3,7 +3,9 @@
  pkgs,

  lib,

  ...
- 
}: {
+ 
}: let
+ 
  enableCache = config.networking.hostName == "iris" || config.networking.hostName == "seed";
+ 
in {

  networking.firewall.allowedTCPPorts = [

    8776 # radicle-node

    58776 # radicle-node
@@ -59,13 +61,81 @@


    httpd = {

      enable = true;
- 
      nginx = {
+ 
      nginx = let
+ 
        proxyPass = "http://${config.services.radicle.httpd.listenAddress}:${toString config.services.radicle.httpd.listenPort}";
+ 
        recommendedProxySettings = true;
+ 
        cache = header:
+ 
          lib.mkForce {
+ 
            inherit proxyPass recommendedProxySettings;
+ 
            extraConfig = ''
+ 
              proxy_cache radicle;
+ 
              add_header Cache-Control "${header}";
+ 
            '';
+ 
          };
+ 
      in {

        enableACME = true;

        forceSSL = true;

        serverName = config.networking.fqdn;
+
+ 
        locations = lib.mkIf enableCache {
+ 
          "/" = lib.mkForce {
+ 
            inherit proxyPass recommendedProxySettings;
+ 
            extraConfig = ''
+ 
              proxy_cache radicle;
+ 
            '';
+ 
          };
+
+ 
          # Repository policy and scope. Does not change often,
+ 
          # we can wait two minutes.
+ 
          "^~ /api/v1/node/policies/repos/" = cache "public, max-age=120";
+
+ 
          # Data about a node, like alias and SSH key. Changes rarely.
+ 
          "^~ /api/v1/nodes/z6Mk.+(?!/)/" = cache "public, max-age=600";
+
+ 
          # General information about the repository, reports contents of
+ 
          # from the identity document and looks at some refs.
+ 
          # Should be relatively quick (especially refs).
+ 
          "~ /api/v1/repos/rad:.+(?!/)" = cache "public, max-age=30";
+
+ 
          # Job COBs are not cached, so are very slow to load.
+ 
          # Even though we would like to have them always refresh,
+ 
          # cache them for a bit for overall speed.
+ 
          "~ \"/api/v1/repos/rad:.+/jobs/([0-9a-f]{40}|[0-9a-f]{64})\"" = cache "public, max-age=60";
+
+ 
          # Explorer likes to request this *a lot*. Debounce server side.
+ 
          "~ /api/v1/repos/rad:.+/remotes" = cache "public, max-age=120";
+
+ 
          # Reports the number of repositories seeded, not so critical.
+ 
          "/api/v1/stats" = cache "public, max-age=600";
+
+ 
          # Reads from a commit. Responses never change.
+ 
          "^~ \"/raw/rad:.+/([0-9a-f]{40}|[0-9a-f]{64})\"" = cache "public, max-age=604800, immutable";
+ 
        };

      };

    };

  };
+ 
  services.nginx = lib.mkIf enableCache {
+ 
    # https://blog.nginx.org/blog/nginx-caching-guide
+ 
    # https://docs.nginx.com/nginx/admin-guide/content-cache/content-caching/
+ 
    appendHttpConfig = ''
+ 
      proxy_cache_path /var/cache/nginx/radicle
+ 
        inactive=24h
+ 
        keys_zone=radicle:10m
+ 
        max_size=4g
+ 
        use_temp_path=off
+ 
        levels=1:2
+ 
        ;
+ 
    '';
+ 
  };
+
+ 
  fileSystems."/var/cache/nginx/radicle" = {
+ 
    fsType = "tmpfs";
+ 
    options = [
+ 
      "owner=${config.services.nginx.user}"
+ 
      "group=${config.services.nginx.group}"
+ 
    ];
+ 
  };
+ 


  systemd.services.radicle-node.serviceConfig.SocketBindAllow = ["tcp:58776"];

}