atticd: init
This commit is contained in:
parent
f809dc9c84
commit
c84bdde758
11 changed files with 90 additions and 5 deletions
16
agenix/hosts/attic/atticd/environment.age
Normal file
16
agenix/hosts/attic/atticd/environment.age
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBMTEJS
|
||||||
|
VlZKUHpKODJTWWo4d2kvZVFUQmcvZ2pBcHZ2cVhEcTRkQVhTZ1gwCmxHREdibjBh
|
||||||
|
dXkzQXVWdU5zSXdleVZZWXI3QWF2NnMzd2h3TXRKZ2tOb2MKLT4gc3NoLWVkMjU1
|
||||||
|
MTkgc1ZmNkNBIEIyb21xU3dwWHRKNFRFaHJ0S2tTTzYrZW5NYkYrVXlhczc5REV2
|
||||||
|
Vjd0Q3cKcVozUzdvakZCM0h4QTgvU2ZScDZWbGYzWGFGQStkMmdVaG80T1FWU0lO
|
||||||
|
VQotPiBcTlVaYS1ncmVhc2UgM3toQTFGTyB1IE5jJ3RfMlBHIE9TV219YnFhCklQ
|
||||||
|
dWZUMVBFTWhDZgotLS0gYlZKZUl1SVZiemMxZnVVamRuQjZTNnY4azJRRS91QmhM
|
||||||
|
ZUs5UTg4SG81MArjrMCURh6yHWzvioUQpgOvKqzL0zq+jFCdy0W4HCUnQGipes36
|
||||||
|
D8nJgDtvlZpQNPGT4n3NjWv8xQtg94k1qJ1XcTy+aK8lWvbpFnhJaOME5fQtDNPf
|
||||||
|
fH52kmKQ4kvAkHqAJ4EAa4J5dc2Oq3V2da0ch4/qPESbY4MO2+RF+6KiATYL5WU/
|
||||||
|
kEqFVk6dOfWDYJ2Fzjw7+5m2TaI9W+hUnVPKNKIVC+8i0RuwreBK6FXbO725D/yd
|
||||||
|
d3neXqil0n3S+sPoE/wq7IbjE0TTz63G1IUPYhG1B1eJSZI1glMtFaUu1AJpX3gY
|
||||||
|
pPJIGTHx/y1dZtM8OAgyXd3AZaJc55Za5JVN4p3rkxHyuwKyYPltLnNSNkr6aPkc
|
||||||
|
GG/p79MaQO/Ns9RLrhpPwCXT4jcsrwZD3mDs
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
|
@ -7,5 +7,9 @@
|
||||||
tailscale-authkey = {
|
tailscale-authkey = {
|
||||||
file = ./tailscale/authkey.age;
|
file = ./tailscale/authkey.age;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
atticd-environment = {
|
||||||
|
file = ./atticd/environment.age;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,6 +17,11 @@
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
attic = {
|
||||||
|
url = "github:zhaofengli/attic";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
|
|
||||||
neovim-nightly-overlay = {
|
neovim-nightly-overlay = {
|
||||||
url = "github:nix-community/neovim-nightly-overlay";
|
url = "github:nix-community/neovim-nightly-overlay";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
@ -48,6 +53,7 @@
|
||||||
inherit (inputs) nixpkgs;
|
inherit (inputs) nixpkgs;
|
||||||
inherit (inputs) home-manager;
|
inherit (inputs) home-manager;
|
||||||
inherit (inputs) ragenix;
|
inherit (inputs) ragenix;
|
||||||
|
inherit (inputs) attic;
|
||||||
inherit inputs;
|
inherit inputs;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,10 +1,15 @@
|
||||||
let
|
|
||||||
secret-sail = import ../../../../secret/hosts/sail.nix;
|
|
||||||
in
|
|
||||||
{
|
{
|
||||||
matchBlocks = {
|
matchBlocks = {
|
||||||
"builder-sail" = {
|
"builder-sail" = {
|
||||||
hostname = "100.113.242.85";
|
hostname = "sail-ts.kempkens.io";
|
||||||
|
port = 22;
|
||||||
|
user = "root";
|
||||||
|
identityFile = "~/.ssh/Hetzner.pub";
|
||||||
|
identitiesOnly = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
"builder-attic" = {
|
||||||
|
hostname = "100.76.233.31";
|
||||||
port = 22;
|
port = 22;
|
||||||
user = "root";
|
user = "root";
|
||||||
identityFile = "~/.ssh/Hetzner.pub";
|
identityFile = "~/.ssh/Hetzner.pub";
|
||||||
|
|
|
@ -57,5 +57,14 @@
|
||||||
identityFile = "~/.ssh/Hetzner.pub";
|
identityFile = "~/.ssh/Hetzner.pub";
|
||||||
identitiesOnly = true;
|
identitiesOnly = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
"attic" = {
|
||||||
|
hostname = "100.76.233.31";
|
||||||
|
port = 22;
|
||||||
|
user = "daniel";
|
||||||
|
forwardAgent = true;
|
||||||
|
identityFile = "~/.ssh/Hetzner.pub";
|
||||||
|
identitiesOnly = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
BIN
secret/hosts/attic.nix
Normal file
BIN
secret/hosts/attic.nix
Normal file
Binary file not shown.
|
@ -48,4 +48,6 @@ in
|
||||||
"agenix/hosts/attic/user/danielPassword.age".publicKeys = attic;
|
"agenix/hosts/attic/user/danielPassword.age".publicKeys = attic;
|
||||||
|
|
||||||
"agenix/hosts/attic/tailscale/authkey.age".publicKeys = attic;
|
"agenix/hosts/attic/tailscale/authkey.age".publicKeys = attic;
|
||||||
|
|
||||||
|
"agenix/hosts/attic/atticd/environment.age".publicKeys = attic;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ nixpkgs, home-manager, ragenix, inputs, ... }:
|
{ nixpkgs, home-manager, ragenix, attic, inputs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
overlay-neovim = inputs.neovim-nightly-overlay.overlay;
|
overlay-neovim = inputs.neovim-nightly-overlay.overlay;
|
||||||
|
@ -26,6 +26,8 @@ in
|
||||||
|
|
||||||
ragenix.nixosModules.default
|
ragenix.nixosModules.default
|
||||||
|
|
||||||
|
attic.nixosModules.atticd
|
||||||
|
|
||||||
{
|
{
|
||||||
nixpkgs = nixpkgsConfig;
|
nixpkgs = nixpkgsConfig;
|
||||||
nix.nixPath = [ "nixpkgs=${nixpkgs}" ];
|
nix.nixPath = [ "nixpkgs=${nixpkgs}" ];
|
||||||
|
|
|
@ -40,6 +40,12 @@
|
||||||
systems = [ "x86_64-linux" "aarch64-linux" ];
|
systems = [ "x86_64-linux" "aarch64-linux" ];
|
||||||
maxJobs = 1;
|
maxJobs = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
hostName = "builder-attic";
|
||||||
|
systems = [ "x86_64-linux" "aarch64-linux" ];
|
||||||
|
maxJobs = 1;
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
gc = {
|
gc = {
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
args@{ pkgs, config, lib, ... }:
|
args@{ pkgs, config, lib, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
|
secret = import ../../secret/hosts/attic.nix;
|
||||||
ssh-keys = import ../shared/ssh-keys.nix;
|
ssh-keys = import ../shared/ssh-keys.nix;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
@ -11,6 +12,8 @@ in
|
||||||
|
|
||||||
../nixos/git.nix
|
../nixos/git.nix
|
||||||
|
|
||||||
|
(import ../nixos/atticd.nix (args // { inherit secret; }))
|
||||||
|
|
||||||
../nixos/tailscale.nix
|
../nixos/tailscale.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
32
system/nixos/atticd.nix
Normal file
32
system/nixos/atticd.nix
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
{ config, secret, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.atticd = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
credentialsFile = config.age.secrets.atticd-environment.path;
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
listen = "127.0.0.1:8080";
|
||||||
|
|
||||||
|
storage = {
|
||||||
|
type = "s3";
|
||||||
|
region = "eu-central-1";
|
||||||
|
bucket = "attic-cache";
|
||||||
|
endpoint = "https://${secret.cloudflare.account-id}.r2.cloudflarestorage.com/attic-cache";
|
||||||
|
};
|
||||||
|
|
||||||
|
chunking = {
|
||||||
|
nar-size-threshold = 64 * 1024; # 64 KiB
|
||||||
|
min-size = 16 * 1024; # 16 KiB
|
||||||
|
avg-size = 64 * 1024; # 64 KiB
|
||||||
|
max-size = 256 * 1024; # 256 KiB
|
||||||
|
};
|
||||||
|
|
||||||
|
garbage-collection = {
|
||||||
|
interval = "12 hours";
|
||||||
|
default-retention-period = "3 months";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue