From c84bdde75837d0ac319fa1f3b41ca053aacebed1 Mon Sep 17 00:00:00 2001
From: Daniel Kempkens <daniel+git@kempkens.io>
Date: Tue, 4 Apr 2023 17:20:09 +0200
Subject: [PATCH] atticd: init

---
 agenix/hosts/attic/atticd/environment.age |  16 +++++++++++
 agenix/hosts/attic/config.nix             |   4 +++
 flake.nix                                 |   6 ++++
 home/programs/ssh/shared/builder.nix      |  13 ++++++---
 home/programs/ssh/shared/private.nix      |   9 ++++++
 secret/hosts/attic.nix                    | Bin 0 -> 101 bytes
 secrets.nix                               |   2 ++
 system/flakes/attic.nix                   |   4 ++-
 system/hosts/Styx.nix                     |   6 ++++
 system/hosts/attic.nix                    |   3 ++
 system/nixos/atticd.nix                   |  32 ++++++++++++++++++++++
 11 files changed, 90 insertions(+), 5 deletions(-)
 create mode 100644 agenix/hosts/attic/atticd/environment.age
 create mode 100644 secret/hosts/attic.nix
 create mode 100644 system/nixos/atticd.nix

diff --git a/agenix/hosts/attic/atticd/environment.age b/agenix/hosts/attic/atticd/environment.age
new file mode 100644
index 0000000..b3a3e09
--- /dev/null
+++ b/agenix/hosts/attic/atticd/environment.age
@@ -0,0 +1,16 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBMTEJS
+VlZKUHpKODJTWWo4d2kvZVFUQmcvZ2pBcHZ2cVhEcTRkQVhTZ1gwCmxHREdibjBh
+dXkzQXVWdU5zSXdleVZZWXI3QWF2NnMzd2h3TXRKZ2tOb2MKLT4gc3NoLWVkMjU1
+MTkgc1ZmNkNBIEIyb21xU3dwWHRKNFRFaHJ0S2tTTzYrZW5NYkYrVXlhczc5REV2
+Vjd0Q3cKcVozUzdvakZCM0h4QTgvU2ZScDZWbGYzWGFGQStkMmdVaG80T1FWU0lO
+VQotPiBcTlVaYS1ncmVhc2UgM3toQTFGTyB1IE5jJ3RfMlBHIE9TV219YnFhCklQ
+dWZUMVBFTWhDZgotLS0gYlZKZUl1SVZiemMxZnVVamRuQjZTNnY4azJRRS91QmhM
+ZUs5UTg4SG81MArjrMCURh6yHWzvioUQpgOvKqzL0zq+jFCdy0W4HCUnQGipes36
+D8nJgDtvlZpQNPGT4n3NjWv8xQtg94k1qJ1XcTy+aK8lWvbpFnhJaOME5fQtDNPf
+fH52kmKQ4kvAkHqAJ4EAa4J5dc2Oq3V2da0ch4/qPESbY4MO2+RF+6KiATYL5WU/
+kEqFVk6dOfWDYJ2Fzjw7+5m2TaI9W+hUnVPKNKIVC+8i0RuwreBK6FXbO725D/yd
+d3neXqil0n3S+sPoE/wq7IbjE0TTz63G1IUPYhG1B1eJSZI1glMtFaUu1AJpX3gY
+pPJIGTHx/y1dZtM8OAgyXd3AZaJc55Za5JVN4p3rkxHyuwKyYPltLnNSNkr6aPkc
+GG/p79MaQO/Ns9RLrhpPwCXT4jcsrwZD3mDs
+-----END AGE ENCRYPTED FILE-----
diff --git a/agenix/hosts/attic/config.nix b/agenix/hosts/attic/config.nix
index 882429d..87e9990 100644
--- a/agenix/hosts/attic/config.nix
+++ b/agenix/hosts/attic/config.nix
@@ -7,5 +7,9 @@
     tailscale-authkey = {
       file = ./tailscale/authkey.age;
     };
+
+    atticd-environment = {
+      file = ./atticd/environment.age;
+    };
   };
 }
diff --git a/flake.nix b/flake.nix
index ebd93ef..01b867b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -17,6 +17,11 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    attic = {
+      url = "github:zhaofengli/attic";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     neovim-nightly-overlay = {
       url = "github:nix-community/neovim-nightly-overlay";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -48,6 +53,7 @@
         inherit (inputs) nixpkgs;
         inherit (inputs) home-manager;
         inherit (inputs) ragenix;
+        inherit (inputs) attic;
         inherit inputs;
       };
 
diff --git a/home/programs/ssh/shared/builder.nix b/home/programs/ssh/shared/builder.nix
index c5a538c..4e3788a 100644
--- a/home/programs/ssh/shared/builder.nix
+++ b/home/programs/ssh/shared/builder.nix
@@ -1,10 +1,15 @@
-let
-  secret-sail = import ../../../../secret/hosts/sail.nix;
-in
 {
   matchBlocks = {
     "builder-sail" = {
-      hostname = "100.113.242.85";
+      hostname = "sail-ts.kempkens.io";
+      port = 22;
+      user = "root";
+      identityFile = "~/.ssh/Hetzner.pub";
+      identitiesOnly = true;
+    };
+
+    "builder-attic" = {
+      hostname = "100.76.233.31";
       port = 22;
       user = "root";
       identityFile = "~/.ssh/Hetzner.pub";
diff --git a/home/programs/ssh/shared/private.nix b/home/programs/ssh/shared/private.nix
index cf22bb2..d9acd1f 100644
--- a/home/programs/ssh/shared/private.nix
+++ b/home/programs/ssh/shared/private.nix
@@ -57,5 +57,14 @@
       identityFile = "~/.ssh/Hetzner.pub";
       identitiesOnly = true;
     };
+
+    "attic" = {
+      hostname = "100.76.233.31";
+      port = 22;
+      user = "daniel";
+      forwardAgent = true;
+      identityFile = "~/.ssh/Hetzner.pub";
+      identitiesOnly = true;
+    };
   };
 }
diff --git a/secret/hosts/attic.nix b/secret/hosts/attic.nix
new file mode 100644
index 0000000000000000000000000000000000000000..8b13619275e406e1bccb51ce63c80a33b183a630
GIT binary patch
literal 101
zcmV-r0Gj^*M@dveQdv+`05(mL<Ob7eWlMkYuF>gGvT#q`BX=abPzv4F$iZkD!+!HN
zp{N#6WNDpqed$tCc-4ycz^DrQ`9NtA^w{_ywzdx&gQY1!wsF}^Z(hF!#Y;uBC!+Jj
HYITMea^5jT

literal 0
HcmV?d00001

diff --git a/secrets.nix b/secrets.nix
index f4a2825..b478588 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -48,4 +48,6 @@ in
   "agenix/hosts/attic/user/danielPassword.age".publicKeys = attic;
 
   "agenix/hosts/attic/tailscale/authkey.age".publicKeys = attic;
+
+  "agenix/hosts/attic/atticd/environment.age".publicKeys = attic;
 }
diff --git a/system/flakes/attic.nix b/system/flakes/attic.nix
index a1dbbe4..0751e8e 100644
--- a/system/flakes/attic.nix
+++ b/system/flakes/attic.nix
@@ -1,4 +1,4 @@
-{ nixpkgs, home-manager, ragenix, inputs, ... }:
+{ nixpkgs, home-manager, ragenix, attic, inputs, ... }:
 
 let
   overlay-neovim = inputs.neovim-nightly-overlay.overlay;
@@ -26,6 +26,8 @@ in
 
       ragenix.nixosModules.default
 
+      attic.nixosModules.atticd
+
       {
         nixpkgs = nixpkgsConfig;
         nix.nixPath = [ "nixpkgs=${nixpkgs}" ];
diff --git a/system/hosts/Styx.nix b/system/hosts/Styx.nix
index d854a92..196ab2c 100644
--- a/system/hosts/Styx.nix
+++ b/system/hosts/Styx.nix
@@ -40,6 +40,12 @@
         systems = [ "x86_64-linux" "aarch64-linux" ];
         maxJobs = 1;
       }
+
+      {
+        hostName = "builder-attic";
+        systems = [ "x86_64-linux" "aarch64-linux" ];
+        maxJobs = 1;
+      }
     ];
 
     gc = {
diff --git a/system/hosts/attic.nix b/system/hosts/attic.nix
index cc1b813..6e21182 100644
--- a/system/hosts/attic.nix
+++ b/system/hosts/attic.nix
@@ -1,6 +1,7 @@
 args@{ pkgs, config, lib, ... }:
 
 let
+  secret = import ../../secret/hosts/attic.nix;
   ssh-keys = import ../shared/ssh-keys.nix;
 in
 {
@@ -11,6 +12,8 @@ in
 
     ../nixos/git.nix
 
+    (import ../nixos/atticd.nix (args // { inherit secret; }))
+
     ../nixos/tailscale.nix
   ];
 
diff --git a/system/nixos/atticd.nix b/system/nixos/atticd.nix
new file mode 100644
index 0000000..fbf3ee3
--- /dev/null
+++ b/system/nixos/atticd.nix
@@ -0,0 +1,32 @@
+{ config, secret, ... }:
+
+{
+  services.atticd = {
+    enable = true;
+
+    credentialsFile = config.age.secrets.atticd-environment.path;
+
+    settings = {
+      listen = "127.0.0.1:8080";
+
+      storage = {
+        type = "s3";
+        region = "eu-central-1";
+        bucket = "attic-cache";
+        endpoint = "https://${secret.cloudflare.account-id}.r2.cloudflarestorage.com/attic-cache";
+      };
+
+      chunking = {
+        nar-size-threshold = 64 * 1024; # 64 KiB
+        min-size = 16 * 1024; # 16 KiB
+        avg-size = 64 * 1024; # 64 KiB
+        max-size = 256 * 1024; # 256 KiB
+      };
+
+      garbage-collection = {
+        interval = "12 hours";
+        default-retention-period = "3 months";
+      };
+    };
+  };
+}