nix-dotfiles/systems/palatine-hill/attic/default.nix

{
  config,
  lib,
  pkgs,
  ...
}:

{
  environment.systemPackages = with pkgs; [
    attic-client
  ];

  services = {
    atticd = {
      enable = true;

      environmentFile = config.sops.secrets."attic/secret-key".path;

      settings = {
        listen = "[::]:8183";
        allowed-hosts = [ "attic.nayeonie.com" ];
        api-endpoint = "https://attic.nayeonie.com/";
        compression.type = "none"; # let ZFS do the compressing
        database = {
          url = "postgres://atticd?host=/run/postgresql";
          # disable postgres, using SOPS fails at below :(
          # https://github.com/zhaofengli/attic/blob/main/nixos/atticd.nix#L57
          # url = "sqlite:///ZFS/ZFS-primary/attic/server.db?mode=rwc";
          heartbeat = true;
        };
        storage = {
          type = "s3";
          region = "us-east-1";
          bucket = "cache-nix-dot";
          endpoint = "https://minio.nayeonie.com";
        };

        # Warning: If you change any of the values here, it will be
        # difficult to reuse existing chunks for newly-uploaded NARs
        # since the cutpoints will be different. As a result, the
        # deduplication ratio will suffer for a while after the change.
        chunking = {
          # The minimum NAR size to trigger chunking
          #
          # If 0, chunking is disabled entirely for newly-uploaded NARs.
          # If 1, all NARs are chunked.
          nar-size-threshold = 64 * 1024; # 64 KiB

          # The preferred minimum size of a chunk, in bytes
          min-size = 16 * 1024; # 16 KiB

          # The preferred average size of a chunk, in bytes
          avg-size = 64 * 1024; # 64 KiB

          # The preferred maximum size of a chunk, in bytes
          max-size = 256 * 1024; # 256 KiB
        };
      };
    };

  };

  # borrowing from https://github.com/Shawn8901/nix-configuration/blob/4b8d1d44f47aec60feb58ca7b7ab5ed000506e90/modules/nixos/private/hydra.nix
  # configured default webstore for this on root user separately
  systemd = {
    services = {
      attic-watch-store = {
        wantedBy = [ "multi-user.target" ];
        after = [
          "network-online.target"
          "docker.service"
          "atticd.service"
        ];
        requires = [
          "network-online.target"
          "docker.service"
          "atticd.service"
        ];
        description = "Upload all store content to binary cache";
        serviceConfig = {
          User = "root";
          Restart = "always";
          ExecStart = "${pkgs.attic-client}/bin/attic watch-store cache-nix-dot";
        };
      };
      attic-sync-hydra = {
        after = [
          "network-online.target"
          "docker.service"
          "atticd.service"
        ];
        requires = [
          "network-online.target"
          "docker.service"
          "atticd.service"
        ];
        description = "Force resync of hydra derivations with attic";
        serviceConfig = {
          Type = "oneshot";
          User = "root";
          ExecStart = "${config.nix.package}/bin/nix ${./sync-attic.bash}";
        };
      };
    };

    timers = {
      attic-sync-hydra = {
        wantedBy = [ "timers.target" ];
        timerConfig = {
          OnBootSec = 600;
          OnUnitActiveSec = 86400;
          Unit = "attic-sync-hydra.service";
        };
      };
    };
  };

  sops = {
    secrets = {
      "attic/secret-key".owner = "root";
      "attic/database-url".owner = "root";
    };
  };
}
add attic-sync-hydra service. refactor attic to its own module Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-06-22 12:36:23 -04:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}:`

			`{`
			`environment.systemPackages = with pkgs; [`
			`attic-client`
			`];`

			`services = {`
			`atticd = {`
			`enable = true;`

update flake, fix breaking changes 2024-10-20 19:06:35 -04:00			`environmentFile = config.sops.secrets."attic/secret-key".path;`
add attic-sync-hydra service. refactor attic to its own module Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-06-22 12:36:23 -04:00
			`settings = {`
			`listen = "[::]:8183";`
move minio and attic to nayeonie.com Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2025-02-13 23:57:16 -05:00			`allowed-hosts = [ "attic.nayeonie.com" ];`
			`api-endpoint = "https://attic.nayeonie.com/";`
add attic-sync-hydra service. refactor attic to its own module Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-06-22 12:36:23 -04:00			`compression.type = "none"; # let ZFS do the compressing`
			`database = {`
			`url = "postgres://atticd?host=/run/postgresql";`
			`# disable postgres, using SOPS fails at below :(`
			`# https://github.com/zhaofengli/attic/blob/main/nixos/atticd.nix#L57`
			`# url = "sqlite:///ZFS/ZFS-primary/attic/server.db?mode=rwc";`
			`heartbeat = true;`
			`};`
			`storage = {`
move attic to minio Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-06-24 20:50:10 -04:00			`type = "s3";`
			`region = "us-east-1";`
			`bucket = "cache-nix-dot";`
move minio and attic to nayeonie.com Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2025-02-13 23:57:16 -05:00			`endpoint = "https://minio.nayeonie.com";`
add attic-sync-hydra service. refactor attic to its own module Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-06-22 12:36:23 -04:00			`};`

			`# Warning: If you change any of the values here, it will be`
			`# difficult to reuse existing chunks for newly-uploaded NARs`
			`# since the cutpoints will be different. As a result, the`
			`# deduplication ratio will suffer for a while after the change.`
			`chunking = {`
			`# The minimum NAR size to trigger chunking`
			`#`
			`# If 0, chunking is disabled entirely for newly-uploaded NARs.`
			`# If 1, all NARs are chunked.`
			`nar-size-threshold = 64 * 1024; # 64 KiB`

			`# The preferred minimum size of a chunk, in bytes`
			`min-size = 16 * 1024; # 16 KiB`

			`# The preferred average size of a chunk, in bytes`
			`avg-size = 64 * 1024; # 64 KiB`

			`# The preferred maximum size of a chunk, in bytes`
			`max-size = 256 * 1024; # 256 KiB`
			`};`
			`};`
			`};`

			`};`

			`# borrowing from https://github.com/Shawn8901/nix-configuration/blob/4b8d1d44f47aec60feb58ca7b7ab5ed000506e90/modules/nixos/private/hydra.nix`
			`# configured default webstore for this on root user separately`
re-enable attic sync 2025-03-29 16:36:10 -04:00			`systemd = {`
			`services = {`
			`attic-watch-store = {`
			`wantedBy = [ "multi-user.target" ];`
			`after = [`
			`"network-online.target"`
			`"docker.service"`
			`"atticd.service"`
			`];`
			`requires = [`
			`"network-online.target"`
			`"docker.service"`
			`"atticd.service"`
			`];`
			`description = "Upload all store content to binary cache";`
			`serviceConfig = {`
			`User = "root";`
			`Restart = "always";`
			`ExecStart = "${pkgs.attic-client}/bin/attic watch-store cache-nix-dot";`
			`};`
			`};`
			`attic-sync-hydra = {`
			`after = [`
			`"network-online.target"`
			`"docker.service"`
			`"atticd.service"`
			`];`
			`requires = [`
			`"network-online.target"`
			`"docker.service"`
			`"atticd.service"`
			`];`
			`description = "Force resync of hydra derivations with attic";`
			`serviceConfig = {`
			`Type = "oneshot";`
			`User = "root";`
			`ExecStart = "${config.nix.package}/bin/nix ${./sync-attic.bash}";`
			`};`
			`};`
			`};`
add attic-sync-hydra service. refactor attic to its own module Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-06-22 12:36:23 -04:00
re-enable attic sync 2025-03-29 16:36:10 -04:00			`timers = {`
			`attic-sync-hydra = {`
			`wantedBy = [ "timers.target" ];`
			`timerConfig = {`
			`OnBootSec = 600;`
			`OnUnitActiveSec = 86400;`
			`Unit = "attic-sync-hydra.service";`
			`};`
			`};`
			`};`
			`};`
add attic-sync-hydra service. refactor attic to its own module Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-06-22 12:36:23 -04:00
			`sops = {`
			`secrets = {`
			`"attic/secret-key".owner = "root";`
			`"attic/database-url".owner = "root";`
			`};`
			`};`
			`}`