1
0
Fork 0

atticd: init

This commit is contained in:
Daniel Kempkens 2023-04-04 17:20:09 +02:00
parent f809dc9c84
commit c84bdde758
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
11 changed files with 90 additions and 5 deletions

View file

@ -0,0 +1,16 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBMTEJS
VlZKUHpKODJTWWo4d2kvZVFUQmcvZ2pBcHZ2cVhEcTRkQVhTZ1gwCmxHREdibjBh
dXkzQXVWdU5zSXdleVZZWXI3QWF2NnMzd2h3TXRKZ2tOb2MKLT4gc3NoLWVkMjU1
MTkgc1ZmNkNBIEIyb21xU3dwWHRKNFRFaHJ0S2tTTzYrZW5NYkYrVXlhczc5REV2
Vjd0Q3cKcVozUzdvakZCM0h4QTgvU2ZScDZWbGYzWGFGQStkMmdVaG80T1FWU0lO
VQotPiBcTlVaYS1ncmVhc2UgM3toQTFGTyB1IE5jJ3RfMlBHIE9TV219YnFhCklQ
dWZUMVBFTWhDZgotLS0gYlZKZUl1SVZiemMxZnVVamRuQjZTNnY4azJRRS91QmhM
ZUs5UTg4SG81MArjrMCURh6yHWzvioUQpgOvKqzL0zq+jFCdy0W4HCUnQGipes36
D8nJgDtvlZpQNPGT4n3NjWv8xQtg94k1qJ1XcTy+aK8lWvbpFnhJaOME5fQtDNPf
fH52kmKQ4kvAkHqAJ4EAa4J5dc2Oq3V2da0ch4/qPESbY4MO2+RF+6KiATYL5WU/
kEqFVk6dOfWDYJ2Fzjw7+5m2TaI9W+hUnVPKNKIVC+8i0RuwreBK6FXbO725D/yd
d3neXqil0n3S+sPoE/wq7IbjE0TTz63G1IUPYhG1B1eJSZI1glMtFaUu1AJpX3gY
pPJIGTHx/y1dZtM8OAgyXd3AZaJc55Za5JVN4p3rkxHyuwKyYPltLnNSNkr6aPkc
GG/p79MaQO/Ns9RLrhpPwCXT4jcsrwZD3mDs
-----END AGE ENCRYPTED FILE-----

View file

@ -7,5 +7,9 @@
tailscale-authkey = { tailscale-authkey = {
file = ./tailscale/authkey.age; file = ./tailscale/authkey.age;
}; };
atticd-environment = {
file = ./atticd/environment.age;
};
}; };
} }

View file

@ -17,6 +17,11 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
attic = {
url = "github:zhaofengli/attic";
inputs.nixpkgs.follows = "nixpkgs";
};
neovim-nightly-overlay = { neovim-nightly-overlay = {
url = "github:nix-community/neovim-nightly-overlay"; url = "github:nix-community/neovim-nightly-overlay";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -48,6 +53,7 @@
inherit (inputs) nixpkgs; inherit (inputs) nixpkgs;
inherit (inputs) home-manager; inherit (inputs) home-manager;
inherit (inputs) ragenix; inherit (inputs) ragenix;
inherit (inputs) attic;
inherit inputs; inherit inputs;
}; };

View file

@ -1,10 +1,15 @@
let
secret-sail = import ../../../../secret/hosts/sail.nix;
in
{ {
matchBlocks = { matchBlocks = {
"builder-sail" = { "builder-sail" = {
hostname = "100.113.242.85"; hostname = "sail-ts.kempkens.io";
port = 22;
user = "root";
identityFile = "~/.ssh/Hetzner.pub";
identitiesOnly = true;
};
"builder-attic" = {
hostname = "100.76.233.31";
port = 22; port = 22;
user = "root"; user = "root";
identityFile = "~/.ssh/Hetzner.pub"; identityFile = "~/.ssh/Hetzner.pub";

View file

@ -57,5 +57,14 @@
identityFile = "~/.ssh/Hetzner.pub"; identityFile = "~/.ssh/Hetzner.pub";
identitiesOnly = true; identitiesOnly = true;
}; };
"attic" = {
hostname = "100.76.233.31";
port = 22;
user = "daniel";
forwardAgent = true;
identityFile = "~/.ssh/Hetzner.pub";
identitiesOnly = true;
};
}; };
} }

BIN
secret/hosts/attic.nix Normal file

Binary file not shown.

View file

@ -48,4 +48,6 @@ in
"agenix/hosts/attic/user/danielPassword.age".publicKeys = attic; "agenix/hosts/attic/user/danielPassword.age".publicKeys = attic;
"agenix/hosts/attic/tailscale/authkey.age".publicKeys = attic; "agenix/hosts/attic/tailscale/authkey.age".publicKeys = attic;
"agenix/hosts/attic/atticd/environment.age".publicKeys = attic;
} }

View file

@ -1,4 +1,4 @@
{ nixpkgs, home-manager, ragenix, inputs, ... }: { nixpkgs, home-manager, ragenix, attic, inputs, ... }:
let let
overlay-neovim = inputs.neovim-nightly-overlay.overlay; overlay-neovim = inputs.neovim-nightly-overlay.overlay;
@ -26,6 +26,8 @@ in
ragenix.nixosModules.default ragenix.nixosModules.default
attic.nixosModules.atticd
{ {
nixpkgs = nixpkgsConfig; nixpkgs = nixpkgsConfig;
nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; nix.nixPath = [ "nixpkgs=${nixpkgs}" ];

View file

@ -40,6 +40,12 @@
systems = [ "x86_64-linux" "aarch64-linux" ]; systems = [ "x86_64-linux" "aarch64-linux" ];
maxJobs = 1; maxJobs = 1;
} }
{
hostName = "builder-attic";
systems = [ "x86_64-linux" "aarch64-linux" ];
maxJobs = 1;
}
]; ];
gc = { gc = {

View file

@ -1,6 +1,7 @@
args@{ pkgs, config, lib, ... }: args@{ pkgs, config, lib, ... }:
let let
secret = import ../../secret/hosts/attic.nix;
ssh-keys = import ../shared/ssh-keys.nix; ssh-keys = import ../shared/ssh-keys.nix;
in in
{ {
@ -11,6 +12,8 @@ in
../nixos/git.nix ../nixos/git.nix
(import ../nixos/atticd.nix (args // { inherit secret; }))
../nixos/tailscale.nix ../nixos/tailscale.nix
]; ];

32
system/nixos/atticd.nix Normal file
View file

@ -0,0 +1,32 @@
{ config, secret, ... }:
{
services.atticd = {
enable = true;
credentialsFile = config.age.secrets.atticd-environment.path;
settings = {
listen = "127.0.0.1:8080";
storage = {
type = "s3";
region = "eu-central-1";
bucket = "attic-cache";
endpoint = "https://${secret.cloudflare.account-id}.r2.cloudflarestorage.com/attic-cache";
};
chunking = {
nar-size-threshold = 64 * 1024; # 64 KiB
min-size = 16 * 1024; # 16 KiB
avg-size = 64 * 1024; # 64 KiB
max-size = 256 * 1024; # 256 KiB
};
garbage-collection = {
interval = "12 hours";
default-retention-period = "3 months";
};
};
};
}