From ef9f84430e5252cdfa1bdd0430c8aef53113e176 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Thu, 28 Sep 2023 17:20:16 +0200 Subject: [PATCH] feat(storage01): Deploy atticd on cachix.dgnum.eu --- machines/storage01/_configuration.nix | 1 + machines/storage01/atticd.nix | 68 ++++++++++++++++++ .../storage01/secrets/atticd-credentials_file | Bin 0 -> 1507 bytes machines/storage01/secrets/secrets.nix | 4 +- modules/default.nix | 1 + npins/sources.json | 12 ++++ 6 files changed, 84 insertions(+), 2 deletions(-) create mode 100644 machines/storage01/atticd.nix create mode 100644 machines/storage01/secrets/atticd-credentials_file diff --git a/machines/storage01/_configuration.nix b/machines/storage01/_configuration.nix index 6b9d643..648505a 100644 --- a/machines/storage01/_configuration.nix +++ b/machines/storage01/_configuration.nix @@ -12,6 +12,7 @@ let # List of services to enable enabledServices = [ + "atticd" "forgejo" "garage" "peertube" diff --git a/machines/storage01/atticd.nix b/machines/storage01/atticd.nix new file mode 100644 index 0000000..3a738ae --- /dev/null +++ b/machines/storage01/atticd.nix @@ -0,0 +1,68 @@ +{ config, ... }: + +let host = "cachix.dgnum.eu"; + +in { + services = { + atticd = { + enable = true; + + credentialsFile = config.age.secrets."atticd-credentials_file".path; + + settings = { + listen = "127.0.0.1:9090"; + api-endpoint = "https://${host}/"; + + allowed-hosts = [ host ]; + + chunking = { + # The minimum NAR size to trigger chunking + # + # If 0, chunking is disabled entirely for newly-uploaded NARs. + # If 1, all NARs are chunked. + nar-size-threshold = 64 * 1024; # 64 KiB + + # The preferred minimum size of a chunk, in bytes + min-size = 16 * 1024; # 16 KiB + + # The preferred average size of a chunk, in bytes + avg-size = 64 * 1024; # 64 KiB + + # The preferred maximum size of a chunk, in bytes + max-size = 256 * 1024; # 256 KiB + }; + + database.url = "postgresql://atticd?host=/run/postgresql"; + + storage = { + type = "s3"; + region = "garage"; + bucket = "cachix-dgnum"; + endpoint = "https://s3.dgnum.eu"; + }; + }; + }; + + nginx = { + enable = true; + + virtualHosts.${host} = { + enableACME = true; + forceSSL = true; + + locations."/".proxyPass = "http://127.0.0.1:9090"; + }; + }; + + postgresql = { + enable = true; + + ensureDatabases = [ "atticd" ]; + + ensureUsers = [{ + name = "atticd"; + ensurePermissions = { "DATABASE \"atticd\"" = "ALL PRIVILEGES"; }; + }]; + }; + }; +} diff --git a/machines/storage01/secrets/atticd-credentials_file b/machines/storage01/secrets/atticd-credentials_file new file mode 100644 index 0000000000000000000000000000000000000000..3d1fabf3aff24c987ff8608334088466926fe5c7 GIT binary patch literal 1507 zcmZA0?Tgz400!_)n6T*P3(SG1(s@&qdZtN}rkPBav`Le+O`4`@n}Wl%O_R21k|t@= zc2mbbxevo3hwMb0^CmK;gDJx1%g)K*HW1vHI6XJ#5E)Kkc)Cp{i06lWxxe7Y^YA>X zu1#rH!yP$(+qRyzT^$S{VCvb3=NVI46Gl-8kGPEOm%<3&A9;#4s1LeimzOoFLRd1B zkPE}m6h>rC(uF4B^zzBLl?SkzoMyeC%V;1LOT%Ebl<{0_7-q|8;On-4gh5XQJzlZG zMq4LwdJnnsx&W*bq^(1fNIda2RK2U4x>Ko`}#f(RksFJpLv2vb?g zZTZDeQ4~(fbX$VSl6sH#V{!}<8$}m0wN5QW9ZAWg0h6j~c-b&wa!G|u2_t$0R-u!; zh`2Em%MQIbTBYK=7OkOe!2$C~&9Tg-p!pJKgi68$8l=?hlVucFgF#RCLN;57(iPw7 z`Nct9Wkkj@4aHZ@Hk=8-P7fT?!)}x$=FftX5wYsF*=IDL}0DYJivP>~o@5wPkbrUcHg8J>Y zZ@&Z#La`x6Xge3{wt1>r57<)N)m7Z<Irf>s4s9*vz23gBvkGr?N}r0vmK&ID&goW8jx#K&a9Ez-2S>WuWN4?6$TN=v@sROKY@uTZx-qT>oqmFq_yjyQXe4LrNv6)Ht$MfW z*J{$z4i%V$8^wZ2w|uBa_wy+n5E_1-C!zQV71|aX4)`MG24lyn*m+=TYAV8&e9)-| zSOsg82aJ*KGjbP(mU2>IAlh)%8F!0#h6%MI3w-bQr{-Te*Iv}{Tao#FXEtB@WbcT2;$>^+mHMKGyeP;;<{hH_SfLklZcmr zw;X;aKNtOH>zxn0H+jeD`I!s9zx(l?32DvwozrWwtK6gAn+xCHw{Xv6r_cI3Q+qCK ze@!?+{={-Wul?fcriWfwm*bASJ-_