atticd: init

agenix/hosts/attic/atticd/environment.age

@@ -0,0 +1,16 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBMTEJS
+VlZKUHpKODJTWWo4d2kvZVFUQmcvZ2pBcHZ2cVhEcTRkQVhTZ1gwCmxHREdibjBh
+dXkzQXVWdU5zSXdleVZZWXI3QWF2NnMzd2h3TXRKZ2tOb2MKLT4gc3NoLWVkMjU1
+MTkgc1ZmNkNBIEIyb21xU3dwWHRKNFRFaHJ0S2tTTzYrZW5NYkYrVXlhczc5REV2
+Vjd0Q3cKcVozUzdvakZCM0h4QTgvU2ZScDZWbGYzWGFGQStkMmdVaG80T1FWU0lO
+VQotPiBcTlVaYS1ncmVhc2UgM3toQTFGTyB1IE5jJ3RfMlBHIE9TV219YnFhCklQ
+dWZUMVBFTWhDZgotLS0gYlZKZUl1SVZiemMxZnVVamRuQjZTNnY4azJRRS91QmhM
+ZUs5UTg4SG81MArjrMCURh6yHWzvioUQpgOvKqzL0zq+jFCdy0W4HCUnQGipes36
+D8nJgDtvlZpQNPGT4n3NjWv8xQtg94k1qJ1XcTy+aK8lWvbpFnhJaOME5fQtDNPf
+fH52kmKQ4kvAkHqAJ4EAa4J5dc2Oq3V2da0ch4/qPESbY4MO2+RF+6KiATYL5WU/
+kEqFVk6dOfWDYJ2Fzjw7+5m2TaI9W+hUnVPKNKIVC+8i0RuwreBK6FXbO725D/yd
+d3neXqil0n3S+sPoE/wq7IbjE0TTz63G1IUPYhG1B1eJSZI1glMtFaUu1AJpX3gY
+pPJIGTHx/y1dZtM8OAgyXd3AZaJc55Za5JVN4p3rkxHyuwKyYPltLnNSNkr6aPkc
+GG/p79MaQO/Ns9RLrhpPwCXT4jcsrwZD3mDs
+-----END AGE ENCRYPTED FILE-----

agenix/hosts/attic/config.nix

@@ -7,5 +7,9 @@
     tailscale-authkey = {
       file = ./tailscale/authkey.age;
     };
+
+    atticd-environment = {
+      file = ./atticd/environment.age;
+    };
   };
 }

flake.nix

@@ -17,6 +17,11 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
+    attic = {
+      url = "github:zhaofengli/attic";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
     neovim-nightly-overlay = {
       url = "github:nix-community/neovim-nightly-overlay";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -48,6 +53,7 @@
         inherit (inputs) nixpkgs;
         inherit (inputs) home-manager;
         inherit (inputs) ragenix;
+        inherit (inputs) attic;
         inherit inputs;
       };
 

home/programs/ssh/shared/builder.nix

@@ -1,10 +1,15 @@
-let
-  secret-sail = import ../../../../secret/hosts/sail.nix;
-in
 {
   matchBlocks = {
     "builder-sail" = {
-      hostname = "100.113.242.85";
+      hostname = "sail-ts.kempkens.io";
+      port = 22;
+      user = "root";
+      identityFile = "~/.ssh/Hetzner.pub";
+      identitiesOnly = true;
+    };
+
+    "builder-attic" = {
+      hostname = "100.76.233.31";
       port = 22;
       user = "root";
       identityFile = "~/.ssh/Hetzner.pub";

home/programs/ssh/shared/private.nix

@@ -57,5 +57,14 @@
       identityFile = "~/.ssh/Hetzner.pub";
       identitiesOnly = true;
     };
+
+    "attic" = {
+      hostname = "100.76.233.31";
+      port = 22;
+      user = "daniel";
+      forwardAgent = true;
+      identityFile = "~/.ssh/Hetzner.pub";
+      identitiesOnly = true;
+    };
   };
 }

secrets.nix

@@ -48,4 +48,6 @@ in
   "agenix/hosts/attic/user/danielPassword.age".publicKeys = attic;
 
   "agenix/hosts/attic/tailscale/authkey.age".publicKeys = attic;
+
+  "agenix/hosts/attic/atticd/environment.age".publicKeys = attic;
 }

system/flakes/attic.nix

@@ -1,4 +1,4 @@
-{ nixpkgs, home-manager, ragenix, inputs, ... }:
+{ nixpkgs, home-manager, ragenix, attic, inputs, ... }:
 
 let
   overlay-neovim = inputs.neovim-nightly-overlay.overlay;
@@ -26,6 +26,8 @@ in
 
       ragenix.nixosModules.default
 
+      attic.nixosModules.atticd
+
       {
         nixpkgs = nixpkgsConfig;
         nix.nixPath = [ "nixpkgs=${nixpkgs}" ];

system/hosts/Styx.nix

@@ -40,6 +40,12 @@
         systems = [ "x86_64-linux" "aarch64-linux" ];
         maxJobs = 1;
       }
+
+      {
+        hostName = "builder-attic";
+        systems = [ "x86_64-linux" "aarch64-linux" ];
+        maxJobs = 1;
+      }
     ];
 
     gc = {

system/hosts/attic.nix

@@ -1,6 +1,7 @@
 args@{ pkgs, config, lib, ... }:
 
 let
+  secret = import ../../secret/hosts/attic.nix;
   ssh-keys = import ../shared/ssh-keys.nix;
 in
 {
@@ -11,6 +12,8 @@ in
 
     ../nixos/git.nix
 
+    (import ../nixos/atticd.nix (args // { inherit secret; }))
+
     ../nixos/tailscale.nix
   ];
 

system/nixos/atticd.nix

@@ -0,0 +1,32 @@
+{ config, secret, ... }:
+
+{
+  services.atticd = {
+    enable = true;
+
+    credentialsFile = config.age.secrets.atticd-environment.path;
+
+    settings = {
+      listen = "127.0.0.1:8080";
+
+      storage = {
+        type = "s3";
+        region = "eu-central-1";
+        bucket = "attic-cache";
+        endpoint = "https://${secret.cloudflare.account-id}.r2.cloudflarestorage.com/attic-cache";
+      };
+
+      chunking = {
+        nar-size-threshold = 64 * 1024; # 64 KiB
+        min-size = 16 * 1024; # 16 KiB
+        avg-size = 64 * 1024; # 64 KiB
+        max-size = 256 * 1024; # 256 KiB
+      };
+
+      garbage-collection = {
+        interval = "12 hours";
+        default-retention-period = "3 months";
+      };
+    };
+  };
+}