.github
.vscode
docs
hydra
keys
lib
modules
pkgs
systems
artemision
palatine-hill
attic
default.nix
sync-attic.bash
docker
haproxy
configuration.nix
default.nix
firewall.nix
gitea.nix
hardware-changes.nix
hardware.nix
hydra.nix
loki.nix
minio.nix
networking.nix
nextcloud.nix
postgresql.nix
secrets.yaml
vars.nix
zfs.nix
users
utils
.envrc
.gitconfig
.gitignore
.sops.yaml
CONTRIBUTING.md
README.md
checks.nix
flake.lock
flake.nix
shell.nix
statix.toml
treefmt.toml
125 lines
3.5 KiB
Nix
125 lines
3.5 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
{
|
|
environment.systemPackages = with pkgs; [
|
|
attic-client
|
|
];
|
|
|
|
services = {
|
|
atticd = {
|
|
enable = true;
|
|
|
|
environmentFile = config.sops.secrets."attic/secret-key".path;
|
|
|
|
settings = {
|
|
listen = "[::]:8183";
|
|
allowed-hosts = [ "attic.alicehuston.xyz" ];
|
|
api-endpoint = "https://attic.alicehuston.xyz";
|
|
compression.type = "none"; # let ZFS do the compressing
|
|
database = {
|
|
url = "postgres://atticd?host=/run/postgresql";
|
|
# disable postgres, using SOPS fails at below :(
|
|
# https://github.com/zhaofengli/attic/blob/main/nixos/atticd.nix#L57
|
|
# url = "sqlite:///ZFS/ZFS-primary/attic/server.db?mode=rwc";
|
|
heartbeat = true;
|
|
};
|
|
storage = {
|
|
type = "s3";
|
|
region = "us-east-1";
|
|
bucket = "cache-nix-dot";
|
|
endpoint = "https://minio.alicehuston.xyz";
|
|
};
|
|
|
|
# Warning: If you change any of the values here, it will be
|
|
# difficult to reuse existing chunks for newly-uploaded NARs
|
|
# since the cutpoints will be different. As a result, the
|
|
# deduplication ratio will suffer for a while after the change.
|
|
chunking = {
|
|
# The minimum NAR size to trigger chunking
|
|
#
|
|
# If 0, chunking is disabled entirely for newly-uploaded NARs.
|
|
# If 1, all NARs are chunked.
|
|
nar-size-threshold = 64 * 1024; # 64 KiB
|
|
|
|
# The preferred minimum size of a chunk, in bytes
|
|
min-size = 16 * 1024; # 16 KiB
|
|
|
|
# The preferred average size of a chunk, in bytes
|
|
avg-size = 64 * 1024; # 64 KiB
|
|
|
|
# The preferred maximum size of a chunk, in bytes
|
|
max-size = 256 * 1024; # 256 KiB
|
|
};
|
|
};
|
|
};
|
|
|
|
};
|
|
|
|
# borrowing from https://github.com/Shawn8901/nix-configuration/blob/4b8d1d44f47aec60feb58ca7b7ab5ed000506e90/modules/nixos/private/hydra.nix
|
|
# configured default webstore for this on root user separately
|
|
# systemd = {
|
|
# services = {
|
|
# attic-watch-store = {
|
|
# wantedBy = [ "multi-user.target" ];
|
|
# after = [
|
|
# "network-online.target"
|
|
# "docker.service"
|
|
# "atticd.service"
|
|
# ];
|
|
# requires = [
|
|
# "network-online.target"
|
|
# "docker.service"
|
|
# "atticd.service"
|
|
# ];
|
|
# description = "Upload all store content to binary cache";
|
|
# serviceConfig = {
|
|
# User = "root";
|
|
# Restart = "always";
|
|
# ExecStart = "${pkgs.attic-client}/bin/attic watch-store cache-nix-dot";
|
|
# };
|
|
# };
|
|
# attic-sync-hydra = {
|
|
# after = [
|
|
# "network-online.target"
|
|
# "docker.service"
|
|
# "atticd.service"
|
|
# ];
|
|
# requires = [
|
|
# "network-online.target"
|
|
# "docker.service"
|
|
# "atticd.service"
|
|
# ];
|
|
# description = "Force resync of hydra derivations with attic";
|
|
# serviceConfig = {
|
|
# Type = "oneshot";
|
|
# User = "root";
|
|
# ExecStart = "${config.nix.package}/bin/nix ${./sync-attic.bash}";
|
|
# };
|
|
# };
|
|
# };
|
|
|
|
# timers = {
|
|
# attic-sync-hydra = {
|
|
# wantedBy = [ "timers.target" ];
|
|
# timerConfig = {
|
|
# OnBootSec = 600;
|
|
# OnUnitActiveSec = 86400;
|
|
# Unit = "attic-sync-hydra.service";
|
|
# };
|
|
# };
|
|
# };
|
|
# };
|
|
|
|
sops = {
|
|
secrets = {
|
|
"attic/secret-key".owner = "root";
|
|
"attic/database-url".owner = "root";
|
|
};
|
|
};
|
|
}
|