binary-cache: configure params with cloudinit

Configure the domain and storage account name with cloud-init.
This allows keeping the same NixOS image across multiple deployments of
this image, serving another bucket at another domain.

hosts/binary-cache/configuration.nix

@@ -28,12 +28,10 @@
       RestartSec = 2;
       DynamicUser = true;
       RuntimeDirectory = "rclone-http";
-      # FUTUREWORK: set AZURE_STORAGE_ACCOUNT_NAME and storage container name through EnvironmentFile
       ExecStart =
         "${pkgs.rclone}/bin/rclone "
         + "serve http "
         + "--azureblob-env-auth "
-        + "--azureblob-account ghafbinarycache "
         + "--read-only "
         + "--addr unix://%t/rclone-http/socket "
         + ":azureblob:binary-cache-v1";
@@ -54,7 +52,7 @@
       }
 
       # Proxy a subset of requests to rclone.
-      ghaf-binary-cache.northeurope.cloudapp.azure.com {
+      https://{$SITE_ADDRESS} {
         handle /nix-cache-info {
           reverse_proxy unix///run/rclone-http/socket
         }

terraform/jenkins/binary_cache.tf

@@ -53,6 +53,22 @@ module "binary_cache_vm" {
     mounts = [
       ["/dev/disk/by-label/caddy", "/var/lib/caddy"]
     ]
+    # TODO: this should be EnvironmentFile, so we don't need to restart
+    write_files = [
+      {
+        content = "[Service]\nEnvironment=AZURE_STORAGE_ACCOUNT_NAME=ghafbinarycache",
+        "path" = "/run/systemd/system/rclone-http.service.d/cloud-init.conf"
+      },
+      {
+        content = "[Service]\nEnvironment=SITE_ADDRESS=ghaf-binary-cache.northeurope.cloudapp.azure.com",
+        "path" = "/run/systemd/system/caddy.service.d/cloud-init.conf"
+      },
+    ],
+    runcmd = [
+      "systemctl daemon-reload", # pick up drop-ins
+      "systemctl restart caddy.service",
+      "systemctl restart rclone-http.service"
+    ]
   })])
 
   subnet_id = azurerm_subnet.binary_cache.id