From 50e8b3e75491478c52cece2be134993b56d166f7 Mon Sep 17 00:00:00 2001 From: Arian van Putten Date: Tue, 10 Jun 2025 14:20:09 +0200 Subject: [PATCH 1/5] Cache NAR files for upto a year NAR files are immutable. There is no harm in caching them for longer than the default 24 hours. It might save us on bandwidth cost to S3 and lower costs? --- terraform/cache.tf | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/terraform/cache.tf b/terraform/cache.tf index 7a804820..e340edbe 100644 --- a/terraform/cache.tf +++ b/terraform/cache.tf @@ -174,6 +174,13 @@ resource "fastly_service_vcl" "cache" { type = "REQUEST" } + condition { + name = "is-nar" + priority = 10 + statement = "req.url ~ \"^/nar/$\"" + type = "CACHE" + } + domain { name = "cache.nixos.org" } @@ -239,6 +246,12 @@ resource "fastly_service_vcl" "cache" { status = 404 } + cache_setting { + name = "cache-nar" + cache_condition = "is-nar" + ttl = 31557600 # the maximum. 1 year + } + # Authenticate Fastly<->S3 requests. See Fastly documentation: # https://docs.fastly.com/en/guides/amazon-s3#using-an-amazon-s3-private-bucket snippet { From e953303192c4b05f05c4565f2a95487a80b514e7 Mon Sep 17 00:00:00 2001 From: Arian van Putten Date: Tue, 10 Jun 2025 14:38:05 +0200 Subject: [PATCH 2/5] Fix regex --- terraform/cache.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/cache.tf b/terraform/cache.tf index e340edbe..2325e709 100644 --- a/terraform/cache.tf +++ b/terraform/cache.tf @@ -177,7 +177,7 @@ resource "fastly_service_vcl" "cache" { condition { name = "is-nar" priority = 10 - statement = "req.url ~ \"^/nar/$\"" + statement = "req.url ~ \"^/nar/\"" type = "CACHE" } From 9077b7819bb54947924a175762ecf580605ee031 Mon Sep 17 00:00:00 2001 From: Arian van Putten Date: Tue, 10 Jun 2025 15:13:34 +0200 Subject: [PATCH 3/5] Explicitly cache 404s --- terraform/cache.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/terraform/cache.tf b/terraform/cache.tf index 2325e709..59255582 100644 --- a/terraform/cache.tf +++ b/terraform/cache.tf @@ -246,6 +246,12 @@ resource "fastly_service_vcl" "cache" { status = 404 } + cache_setting { + name = "cache-404" + cache_condition = "is-404" + ttl = 86400 # 1 day + } + cache_setting { name = "cache-nar" cache_condition = "is-nar" From b5390fc9e41dd820d07dca2f2927d216f45028ca Mon Sep 17 00:00:00 2001 From: Arian van Putten Date: Fri, 13 Jun 2025 00:05:45 +0200 Subject: [PATCH 4/5] stage changes instead of instantly applying This allows us to test them in staging environment (I think?) --- terraform/cache.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/terraform/cache.tf b/terraform/cache.tf index 59255582..0f679b27 100644 --- a/terraform/cache.tf +++ b/terraform/cache.tf @@ -137,6 +137,12 @@ resource "fastly_service_vcl" "cache" { name = local.cache_domain default_ttl = 86400 + # https://registry.terraform.io/providers/fastly/fastly/latest/docs/resources/service_vcl#activation-and-staging + # activate should not be set to true when stage is also set to true. While this combination will not cause any harm to the service, + # there is no logical reason to both stage and activate every set of applied changes. + activate = false # set to true to deploy + stage = true # set to false to remove staging environment + backend { address = "s3.amazonaws.com" auto_loadbalance = false From 8a2324c4881c35f11e71703ce3bc02270274c6b7 Mon Sep 17 00:00:00 2001 From: Arian van Putten Date: Fri, 13 Jun 2025 00:25:48 +0200 Subject: [PATCH 5/5] Fix formatting --- terraform/cache.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/cache.tf b/terraform/cache.tf index 0f679b27..62ef0264 100644 --- a/terraform/cache.tf +++ b/terraform/cache.tf @@ -140,8 +140,8 @@ resource "fastly_service_vcl" "cache" { # https://registry.terraform.io/providers/fastly/fastly/latest/docs/resources/service_vcl#activation-and-staging # activate should not be set to true when stage is also set to true. While this combination will not cause any harm to the service, # there is no logical reason to both stage and activate every set of applied changes. - activate = false # set to true to deploy - stage = true # set to false to remove staging environment + activate = false # set to true to deploy + stage = true # set to false to remove staging environment backend { address = "s3.amazonaws.com"