feat(storage01): Deploy atticd on cachix.dgnum.eu

2023-09-28 17:20:16 +02:00 · 2023-09-28 17:20:16 +02:00 · ef9f84430e
commit ef9f84430e
parent 18b6744ef1
6 changed files with 84 additions and 2 deletions
--- a/machines/storage01/_configuration.nix
+++ b/machines/storage01/_configuration.nix
@ -12,6 +12,7 @@ let

  # List of services to enable
  enabledServices = [
+    "atticd"
    "forgejo"
    "garage"
    "peertube"
--- a/machines/storage01/atticd.nix
+++ b/machines/storage01/atticd.nix
@ -0,0 +1,68 @@
+{ config, ... }:
+
+let host = "cachix.dgnum.eu";
+
+in {
+  services = {
+    atticd = {
+      enable = true;
+
+      credentialsFile = config.age.secrets."atticd-credentials_file".path;
+
+      settings = {
+        listen = "127.0.0.1:9090";
+        api-endpoint = "https://${host}/";
+
+        allowed-hosts = [ host ];
+
+        chunking = {
+          # The minimum NAR size to trigger chunking
+          #
+          # If 0, chunking is disabled entirely for newly-uploaded NARs.
+          # If 1, all NARs are chunked.
+          nar-size-threshold = 64 * 1024; # 64 KiB
+
+          # The preferred minimum size of a chunk, in bytes
+          min-size = 16 * 1024; # 16 KiB
+
+          # The preferred average size of a chunk, in bytes
+          avg-size = 64 * 1024; # 64 KiB
+
+          # The preferred maximum size of a chunk, in bytes
+          max-size = 256 * 1024; # 256 KiB
+        };
+
+        database.url = "postgresql://atticd?host=/run/postgresql";
+
+        storage = {
+          type = "s3";
+          region = "garage";
+          bucket = "cachix-dgnum";
+          endpoint = "https://s3.dgnum.eu";
+        };
+      };
+    };
+
+    nginx = {
+      enable = true;
+
+      virtualHosts.${host} = {
+        enableACME = true;
+        forceSSL = true;
+
+        locations."/".proxyPass = "http://127.0.0.1:9090";
+      };
+    };
+
+    postgresql = {
+      enable = true;
+
+      ensureDatabases = [ "atticd" ];
+
+      ensureUsers = [{
+        name = "atticd";
+        ensurePermissions = { "DATABASE \"atticd\"" = "ALL PRIVILEGES"; };
+      }];
+    };
+  };
+}
--- a/machines/storage01/secrets/atticd-credentials_file
+++ b/machines/storage01/secrets/atticd-credentials_file
--- a/machines/storage01/secrets/secrets.nix
+++ b/machines/storage01/secrets/secrets.nix
@ -1,9 +1,9 @@
 let
  lib = import ../../../lib { };
  publicKeys = lib.getNodeKeys "storage01";
-in

-lib.setDefault { inherit publicKeys; } [
+in lib.setDefault { inherit publicKeys; } [
+  "atticd-credentials_file"
  "forgejo-database_password_file"
  "garage-environment_file"
  "peertube-secrets_file"
--- a/modules/default.nix
+++ b/modules/default.nix
@ -45,5 +45,6 @@
    "dgn-ssh"
  ]) ++ [
    "${sources.agenix}/modules/age.nix"
+    "${sources.attic}/nixos/atticd.nix"
  ];
 }
--- a/npins/sources.json
+++ b/npins/sources.json
@ -14,6 +14,18 @@
      "url": "https://api.github.com/repos/ryantm/agenix/tarball/0.14.0",
      "hash": "1j65lrj46w5iw8bal3adn3n0hdavwp9gdfdvmbqwcg1cn2wwx3zy"
    },
+    "attic": {
+      "type": "Git",
+      "repository": {
+        "type": "GitHub",
+        "owner": "zhaofengli",
+        "repo": "attic"
+      },
+      "branch": "main",
+      "revision": "b43d12082e34bceb26038bdad0438fd68804cfcd",
+      "url": "https://github.com/zhaofengli/attic/archive/b43d12082e34bceb26038bdad0438fd68804cfcd.tar.gz",
+      "hash": "0dfc4i32hl4qkcpm23kzrarswznaapbgbdx41ci2l6hn92z0vd4d"
+    },
    "disko": {
      "type": "GitRelease",
      "repository": {