dotfiles/system/nixos/atticd.nix

{ pkgs, config, secret, ... }:

let
  fqdn = "attic.cache.daniel.sx";
in
{
  environment.systemPackages = [ pkgs.attic-client ];

  services.atticd = {
    enable = true;

    credentialsFile = config.age.secrets.atticd-environment.path;

    settings = {
      listen = "127.0.0.1:8080";
      database.url = "postgresql:///attic?host=/run/postgresql";

      allowed-hosts = [ "${fqdn}" ];
      api-endpoint = "https://${fqdn}/";

      storage = {
        type = "s3";
        region = "auto";
        bucket = "attic-cache";
        endpoint = "https://${secret.cloudflare.account-id}.r2.cloudflarestorage.com";
      };

      chunking = {
        nar-size-threshold = 64 * 1024; # 64 KiB
        min-size = 16 * 1024; # 16 KiB
        avg-size = 64 * 1024; # 64 KiB
        max-size = 256 * 1024; # 256 KiB
      };

      garbage-collection = {
        interval = "24 hours";
        default-retention-period = "6 weeks";
      };
    };
  };

  systemd.services.atticd.serviceConfig = {
    Restart = "on-failure";
  };

  services.postgresql = {
    ensureDatabases = [ "attic" ];

    ensureUsers = [
      {
        name = "atticd";
        ensurePermissions = {
          "DATABASE attic" = "ALL PRIVILEGES";
        };
      }
    ];
  };

  services.nginx.virtualHosts."${fqdn}" = {
    quic = true;
    http3 = true;

    onlySSL = true;
    useACMEHost = "daniel.sx";

    extraConfig = ''
      client_max_body_size 0;

      proxy_read_timeout 300s;
      proxy_send_timeout 300s;
    '';

    locations."/" = {
      recommendedProxySettings = true;
      proxyPass = "http://127.0.0.1:8080";
    };
  };
}
Introduce pre-commit-hooks.nix 2023-07-16 22:17:50 +00:00			`{ pkgs, config, secret, ... }:`
atticd: init 2023-04-04 15:20:09 +00:00
attic: nginx+attic cli 2023-04-04 20:30:12 +00:00			`let`
			`fqdn = "attic.cache.daniel.sx";`
			`in`
atticd: init 2023-04-04 15:20:09 +00:00			`{`
attic: nginx+attic cli 2023-04-04 20:43:16 +00:00			`environment.systemPackages = [ pkgs.attic-client ];`
attic: nginx+attic cli 2023-04-04 20:30:12 +00:00
atticd: init 2023-04-04 15:20:09 +00:00			`services.atticd = {`
			`enable = true;`

			`credentialsFile = config.age.secrets.atticd-environment.path;`

			`settings = {`
			`listen = "127.0.0.1:8080";`
postgres: use socket in more cases 2023-07-24 21:39:40 +00:00			`database.url = "postgresql:///attic?host=/run/postgresql";`
atticd: init 2023-04-04 15:20:09 +00:00
attic: nginx+attic cli 2023-04-04 20:30:12 +00:00			`allowed-hosts = [ "${fqdn}" ];`
			`api-endpoint = "https://${fqdn}/";`

atticd: init 2023-04-04 15:20:09 +00:00			`storage = {`
			`type = "s3";`
attic: update atticd config 2023-04-05 08:42:21 +00:00			`region = "auto";`
atticd: init 2023-04-04 15:20:09 +00:00			`bucket = "attic-cache";`
atticd: fixup 2023-04-04 15:22:37 +00:00			`endpoint = "https://${secret.cloudflare.account-id}.r2.cloudflarestorage.com";`
atticd: init 2023-04-04 15:20:09 +00:00			`};`

			`chunking = {`
			`nar-size-threshold = 64 * 1024; # 64 KiB`
			`min-size = 16 * 1024; # 16 KiB`
			`avg-size = 64 * 1024; # 64 KiB`
			`max-size = 256 * 1024; # 256 KiB`
			`};`

			`garbage-collection = {`
atticd: Keep data in cache for 6 weeks 2023-09-15 22:34:44 +00:00			`interval = "24 hours";`
			`default-retention-period = "6 weeks";`
atticd: init 2023-04-04 15:20:09 +00:00			`};`
			`};`
			`};`
attic: nginx+attic cli 2023-04-04 20:30:12 +00:00
Update deps 2023-12-09 12:02:15 +00:00			`systemd.services.atticd.serviceConfig = {`
			`Restart = "on-failure";`
			`};`

postgres: use socket in more cases 2023-07-24 21:39:40 +00:00			`services.postgresql = {`
			`ensureDatabases = [ "attic" ];`

			`ensureUsers = [`
			`{`
			`name = "atticd";`
			`ensurePermissions = {`
			`"DATABASE attic" = "ALL PRIVILEGES";`
			`};`
			`}`
			`];`
			`};`

attic: nginx+attic cli 2023-04-04 20:30:12 +00:00			`services.nginx.virtualHosts."${fqdn}" = {`
			`quic = true;`
			`http3 = true;`

			`onlySSL = true;`
tanker: init system and consolidate attic and sail 2023-06-21 12:21:40 +00:00			`useACMEHost = "daniel.sx";`
attic: nginx+attic cli 2023-04-04 20:30:12 +00:00
atticd: Disable body size checks in nginx 2023-04-05 10:28:15 +00:00			`extraConfig = ''`
			`client_max_body_size 0;`
Update deps 2023-08-20 23:08:23 +00:00
			`proxy_read_timeout 300s;`
			`proxy_send_timeout 300s;`
atticd: Disable body size checks in nginx 2023-04-05 10:28:15 +00:00			`'';`

attic: nginx+attic cli 2023-04-04 20:30:12 +00:00			`locations."/" = {`
			`recommendedProxySettings = true;`
			`proxyPass = "http://127.0.0.1:8080";`
			`};`
			`};`
atticd: init 2023-04-04 15:20:09 +00:00			`}`