dotfiles/system/nixos/atticd.nix

76 lines
1.5 KiB
Nix
Raw Normal View History

2023-07-16 22:17:50 +00:00
{ pkgs, config, secret, ... }:
2023-04-04 15:20:09 +00:00
2023-04-04 20:30:12 +00:00
let
fqdn = "attic.cache.daniel.sx";
in
2023-04-04 15:20:09 +00:00
{
2023-04-04 20:43:16 +00:00
environment.systemPackages = [ pkgs.attic-client ];
2023-04-04 20:30:12 +00:00
2023-04-04 15:20:09 +00:00
services.atticd = {
enable = true;
credentialsFile = config.age.secrets.atticd-environment.path;
settings = {
listen = "127.0.0.1:8080";
2023-07-24 21:39:40 +00:00
database.url = "postgresql:///attic?host=/run/postgresql";
2023-04-04 15:20:09 +00:00
2023-04-04 20:30:12 +00:00
allowed-hosts = [ "${fqdn}" ];
api-endpoint = "https://${fqdn}/";
2023-04-04 15:20:09 +00:00
storage = {
type = "s3";
2023-04-05 08:42:21 +00:00
region = "auto";
2023-04-04 15:20:09 +00:00
bucket = "attic-cache";
2023-04-04 15:22:37 +00:00
endpoint = "https://${secret.cloudflare.account-id}.r2.cloudflarestorage.com";
2023-04-04 15:20:09 +00:00
};
chunking = {
nar-size-threshold = 64 * 1024; # 64 KiB
min-size = 16 * 1024; # 16 KiB
avg-size = 64 * 1024; # 64 KiB
max-size = 256 * 1024; # 256 KiB
};
garbage-collection = {
2023-09-15 22:34:44 +00:00
interval = "24 hours";
default-retention-period = "6 weeks";
2023-04-04 15:20:09 +00:00
};
};
};
2023-04-04 20:30:12 +00:00
2023-12-09 12:02:15 +00:00
systemd.services.atticd.serviceConfig = {
Restart = "on-failure";
};
2023-07-24 21:39:40 +00:00
services.postgresql = {
ensureDatabases = [ "attic" ];
ensureUsers = [
{
name = "atticd";
}
];
};
2023-04-04 20:30:12 +00:00
services.nginx.virtualHosts."${fqdn}" = {
quic = true;
http3 = true;
onlySSL = true;
useACMEHost = "daniel.sx";
2023-04-04 20:30:12 +00:00
extraConfig = ''
client_max_body_size 0;
2023-08-20 23:08:23 +00:00
proxy_read_timeout 300s;
proxy_send_timeout 300s;
'';
2023-04-04 20:30:12 +00:00
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8080";
};
};
2023-04-04 15:20:09 +00:00
}