Add attic cache (#117)

* add attic

* change formatter to nixfmt-rfc-style

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* update lock

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* initial format

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* move back to postgres

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* fix attic

* fix signing key

* formatting

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

---------

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

systems/palatine-hill/configuration.nix

@@ -92,6 +92,8 @@
   };
 
   environment.systemPackages = with pkgs; [
+    attic-client
+    attic
     docker-compose
     jellyfin-ffmpeg
   ];
@@ -117,9 +119,27 @@
            superuser_map      /^(.*)$   \1
       '';
 
+      ensureDatabases = [ "atticd" ];
+      ensureUsers = [
+        {
+          name = "atticd";
+          ensureDBOwnership = true;
+        }
+      ];
+
+      # initialScript = config.sops.secrets."postgres/init".path;
+
       upgrade = {
         enable = true;
-        stopServices = [ "hydra" ];
+        stopServices = [
+          "hydra-evaluator"
+          "hydra-init"
+          "hydra-notify"
+          "hydra-queue-runner"
+          "hydra-send-stats"
+          "hydra-server"
+          "atticd"
+        ];
       };
     };
 
@@ -138,6 +158,64 @@
       enable = true;
       secretKeyFile = config.sops.secrets."nix-serve/secret-key".path;
     };
+    atticd = {
+      enable = true;
+
+      credentialsFile = config.sops.secrets."attic/secret-key".path;
+
+      settings = {
+        listen = "[::]:8183";
+        allowed-hosts = [ "attic.alicehuston.xyz" ];
+        api-endpoint = "https://attic.alicehuston.xyz";
+        compression.type = "none"; # let ZFS do the compressing
+        database = {
+          url = "postgres://atticd?host=/run/postgresql";
+          # disable postgres, using SOPS fails at below :(
+          # https://github.com/zhaofengli/attic/blob/main/nixos/atticd.nix#L57
+          # url = "sqlite:///ZFS/ZFS-primary/attic/server.db?mode=rwc";
+          heartbeat = true;
+        };
+        storage = {
+          type = "local";
+          path = "/ZFS/ZFS-primary/attic/storage";
+        };
+
+        # Warning: If you change any of the values here, it will be
+        # difficult to reuse existing chunks for newly-uploaded NARs
+        # since the cutpoints will be different. As a result, the
+        # deduplication ratio will suffer for a while after the change.
+        chunking = {
+          # The minimum NAR size to trigger chunking
+          #
+          # If 0, chunking is disabled entirely for newly-uploaded NARs.
+          # If 1, all NARs are chunked.
+          nar-size-threshold = 64 * 1024; # 64 KiB
+
+          # The preferred minimum size of a chunk, in bytes
+          min-size = 16 * 1024; # 16 KiB
+
+          # The preferred average size of a chunk, in bytes
+          avg-size = 64 * 1024; # 64 KiB
+
+          # The preferred maximum size of a chunk, in bytes
+          max-size = 256 * 1024; # 256 KiB
+        };
+      };
+    };
+  };
+
+  # borrowing from https://github.com/Shawn8901/nix-configuration/blob/4b8d1d44f47aec60feb58ca7b7ab5ed000506e90/modules/nixos/private/hydra.nix
+  # configured default webstore for this on root user separately
+  systemd.services.attic-watch-store = {
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network-online.target" ];
+    requires = [ "network-online.target" ];
+    description = "Upload all store content to binary catch";
+    serviceConfig = {
+      User = "root";
+      Restart = "always";
+      ExecStart = "${pkgs.attic}/bin/attic watch-store cache-nix-dot";
+    };
   };
 
   sops = {
@@ -145,6 +223,9 @@
     secrets = {
       "hydra/environment".owner = "hydra";
       "nix-serve/secret-key".owner = "root";
+      "attic/secret-key".owner = "root";
+      "attic/database-url".owner = "root";
+      "postgres/init".owner = "postgres";
     };
   };