{ config, nixpkgs, ... }: let host = "cachix.dgnum.eu"; in { services = { atticd = { enable = true; credentialsFile = config.age.secrets."atticd-credentials_file".path; settings = { listen = "127.0.0.1:9090"; api-endpoint = "https://${host}/"; allowed-hosts = [ host ]; chunking = { # The minimum NAR size to trigger chunking # # If 0, chunking is disabled entirely for newly-uploaded NARs. # If 1, all NARs are chunked. nar-size-threshold = 0; # 64 KiB # The preferred minimum size of a chunk, in bytes min-size = 16 * 1024; # 16 KiB # The preferred average size of a chunk, in bytes avg-size = 64 * 1024; # 64 KiB # The preferred maximum size of a chunk, in bytes max-size = 256 * 1024; # 256 KiB }; database.url = "postgresql://atticd?host=/run/postgresql"; storage = { type = "s3"; region = "garage"; bucket = "attic-dgnum"; endpoint = "https://s3.dgnum.eu"; }; }; useFlakeCompatOverlay = false; package = nixpkgs.unstable.attic-server; }; nginx = { enable = true; virtualHosts.${host} = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:9090"; extraConfig = '' client_max_body_size 10G; ''; }; }; }; postgresql = { enable = true; ensureDatabases = [ "atticd" ]; ensureUsers = [ { name = "atticd"; ensureDBOwnership = true; } ]; }; }; systemd.services.atticd.environment.RUST_LOG = "warn"; }