diff --git a/machines/storage01/_configuration.nix b/machines/storage01/_configuration.nix index 6b9d643..648505a 100644 --- a/machines/storage01/_configuration.nix +++ b/machines/storage01/_configuration.nix @@ -12,6 +12,7 @@ let # List of services to enable enabledServices = [ + "atticd" "forgejo" "garage" "peertube" diff --git a/machines/storage01/atticd.nix b/machines/storage01/atticd.nix new file mode 100644 index 0000000..3a738ae --- /dev/null +++ b/machines/storage01/atticd.nix @@ -0,0 +1,68 @@ +{ config, ... }: + +let host = "cachix.dgnum.eu"; + +in { + services = { + atticd = { + enable = true; + + credentialsFile = config.age.secrets."atticd-credentials_file".path; + + settings = { + listen = "127.0.0.1:9090"; + api-endpoint = "https://${host}/"; + + allowed-hosts = [ host ]; + + chunking = { + # The minimum NAR size to trigger chunking + # + # If 0, chunking is disabled entirely for newly-uploaded NARs. + # If 1, all NARs are chunked. + nar-size-threshold = 64 * 1024; # 64 KiB + + # The preferred minimum size of a chunk, in bytes + min-size = 16 * 1024; # 16 KiB + + # The preferred average size of a chunk, in bytes + avg-size = 64 * 1024; # 64 KiB + + # The preferred maximum size of a chunk, in bytes + max-size = 256 * 1024; # 256 KiB + }; + + database.url = "postgresql://atticd?host=/run/postgresql"; + + storage = { + type = "s3"; + region = "garage"; + bucket = "cachix-dgnum"; + endpoint = "https://s3.dgnum.eu"; + }; + }; + }; + + nginx = { + enable = true; + + virtualHosts.${host} = { + enableACME = true; + forceSSL = true; + + locations."/".proxyPass = "http://127.0.0.1:9090"; + }; + }; + + postgresql = { + enable = true; + + ensureDatabases = [ "atticd" ]; + + ensureUsers = [{ + name = "atticd"; + ensurePermissions = { "DATABASE \"atticd\"" = "ALL PRIVILEGES"; }; + }]; + }; + }; +} diff --git a/machines/storage01/secrets/atticd-credentials_file b/machines/storage01/secrets/atticd-credentials_file new file mode 100644 index 0000000..3d1fabf Binary files /dev/null and b/machines/storage01/secrets/atticd-credentials_file differ diff --git a/machines/storage01/secrets/secrets.nix b/machines/storage01/secrets/secrets.nix index f7e51d5..f9aa867 100644 --- a/machines/storage01/secrets/secrets.nix +++ b/machines/storage01/secrets/secrets.nix @@ -1,9 +1,9 @@ let lib = import ../../../lib { }; publicKeys = lib.getNodeKeys "storage01"; -in -lib.setDefault { inherit publicKeys; } [ +in lib.setDefault { inherit publicKeys; } [ + "atticd-credentials_file" "forgejo-database_password_file" "garage-environment_file" "peertube-secrets_file" diff --git a/modules/default.nix b/modules/default.nix index bdeaa13..5941f7e 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -45,5 +45,6 @@ "dgn-ssh" ]) ++ [ "${sources.agenix}/modules/age.nix" + "${sources.attic}/nixos/atticd.nix" ]; } diff --git a/npins/sources.json b/npins/sources.json index a95511f..820fee9 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -14,6 +14,18 @@ "url": "https://api.github.com/repos/ryantm/agenix/tarball/0.14.0", "hash": "1j65lrj46w5iw8bal3adn3n0hdavwp9gdfdvmbqwcg1cn2wwx3zy" }, + "attic": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "zhaofengli", + "repo": "attic" + }, + "branch": "main", + "revision": "b43d12082e34bceb26038bdad0438fd68804cfcd", + "url": "https://github.com/zhaofengli/attic/archive/b43d12082e34bceb26038bdad0438fd68804cfcd.tar.gz", + "hash": "0dfc4i32hl4qkcpm23kzrarswznaapbgbdx41ci2l6hn92z0vd4d" + }, "disko": { "type": "GitRelease", "repository": {