feat(storage01): Deploy atticd on cachix.dgnum.eu

machines/storage01/_configuration.nix

@@ -12,6 +12,7 @@ let
 
   # List of services to enable
   enabledServices = [
+    "atticd"
     "forgejo"
     "garage"
     "peertube"

machines/storage01/atticd.nix

@@ -0,0 +1,68 @@
+{ config, ... }:
+
+let host = "cachix.dgnum.eu";
+
+in {
+  services = {
+    atticd = {
+      enable = true;
+
+      credentialsFile = config.age.secrets."atticd-credentials_file".path;
+
+      settings = {
+        listen = "127.0.0.1:9090";
+        api-endpoint = "https://${host}/";
+
+        allowed-hosts = [ host ];
+
+        chunking = {
+          # The minimum NAR size to trigger chunking
+          #
+          # If 0, chunking is disabled entirely for newly-uploaded NARs.
+          # If 1, all NARs are chunked.
+          nar-size-threshold = 64 * 1024; # 64 KiB
+
+          # The preferred minimum size of a chunk, in bytes
+          min-size = 16 * 1024; # 16 KiB
+
+          # The preferred average size of a chunk, in bytes
+          avg-size = 64 * 1024; # 64 KiB
+
+          # The preferred maximum size of a chunk, in bytes
+          max-size = 256 * 1024; # 256 KiB
+        };
+
+        database.url = "postgresql://atticd?host=/run/postgresql";
+
+        storage = {
+          type = "s3";
+          region = "garage";
+          bucket = "cachix-dgnum";
+          endpoint = "https://s3.dgnum.eu";
+        };
+      };
+    };
+
+    nginx = {
+      enable = true;
+
+      virtualHosts.${host} = {
+        enableACME = true;
+        forceSSL = true;
+
+        locations."/".proxyPass = "http://127.0.0.1:9090";
+      };
+    };
+
+    postgresql = {
+      enable = true;
+
+      ensureDatabases = [ "atticd" ];
+
+      ensureUsers = [{
+        name = "atticd";
+        ensurePermissions = { "DATABASE \"atticd\"" = "ALL PRIVILEGES"; };
+      }];
+    };
+  };
+}

machines/storage01/secrets/secrets.nix

@@ -1,9 +1,9 @@
 let
   lib = import ../../../lib { };
   publicKeys = lib.getNodeKeys "storage01";
-in
 
-lib.setDefault { inherit publicKeys; } [
+in lib.setDefault { inherit publicKeys; } [
+  "atticd-credentials_file"
   "forgejo-database_password_file"
   "garage-environment_file"
   "peertube-secrets_file"

modules/default.nix

@@ -45,5 +45,6 @@
     "dgn-ssh"
   ]) ++ [
     "${sources.agenix}/modules/age.nix"
+    "${sources.attic}/nixos/atticd.nix"
   ];
 }

npins/sources.json

@@ -14,6 +14,18 @@
       "url": "https://api.github.com/repos/ryantm/agenix/tarball/0.14.0",
       "hash": "1j65lrj46w5iw8bal3adn3n0hdavwp9gdfdvmbqwcg1cn2wwx3zy"
     },
+    "attic": {
+      "type": "Git",
+      "repository": {
+        "type": "GitHub",
+        "owner": "zhaofengli",
+        "repo": "attic"
+      },
+      "branch": "main",
+      "revision": "b43d12082e34bceb26038bdad0438fd68804cfcd",
+      "url": "https://github.com/zhaofengli/attic/archive/b43d12082e34bceb26038bdad0438fd68804cfcd.tar.gz",
+      "hash": "0dfc4i32hl4qkcpm23kzrarswznaapbgbdx41ci2l6hn92z0vd4d"
+    },
     "disko": {
       "type": "GitRelease",
       "repository": {