nrabulinski/settei
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

hosts/kazuki: attic cache

Browse source
This commit is contained in:
Nikodem Rabuliński 2024-02-06 17:29:48 +01:00
parent 2cb3562526
commit 3a9c6f7950
8 changed files with 189 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

76
flake.lock generated
View file

@ -27,6 +27,32 @@
"type": "github" "type": "github"
} }
}, },
"attic": {
"inputs": {
"crane": [
"crane"
],
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1705617092,
"narHash": "sha256-n9PK4O4X4S1JkwpkMuYm1wHZYJzRqif8g3RuVIPD+rY=",
"owner": "zhaofengli",
"repo": "attic",
"rev": "fbe252a5c21febbe920c025560cbd63b20e24f3b",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "attic",
"type": "github"
}
},
"blobs": { "blobs": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -178,6 +204,22 @@
} }
}, },
"flake-compat": { "flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1668681692, "lastModified": 1668681692,
@ -251,6 +293,21 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakelib": { "flakelib": {
"inputs": { "inputs": {
"fl-config": "fl-config", "fl-config": "fl-config",
@ -312,7 +369,7 @@
"mailserver": { "mailserver": {
"inputs": { "inputs": {
"blobs": "blobs", "blobs": "blobs",
"flake-compat": "flake-compat", "flake-compat": "flake-compat_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
@ -432,6 +489,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": {
"locked": {
"lastModified": 1702780907,
"narHash": "sha256-blbrBBXjjZt6OKTcYX1jpe9SRof2P9ZYWPzq22tzXAA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1690753480, "lastModified": 1690753480,
@ -525,6 +598,7 @@
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"attic": "attic",
"conduit-src": "conduit-src", "conduit-src": "conduit-src",
"crane": "crane", "crane": "crane",
"darwin": "darwin", "darwin": "darwin",

5
flake.nix
View file

@ -113,6 +113,11 @@
niko-nur = { niko-nur = {
url = "github:nrabulinski/nur-packages"; url = "github:nrabulinski/nur-packages";
}; };
attic = {
url = "github:zhaofengli/attic";
inputs.nixpkgs.follows = "nixpkgs";
inputs.crane.follows = "crane";
};
}; };
nixConfig = { nixConfig = {

2
hosts/default.nix
View file

@ -2,7 +2,6 @@
config, config,
self, self,
inputs, inputs,
lib,
... ...
}: { }: {
imports = [ imports = [
@ -32,6 +31,7 @@
inputs.mailserver.nixosModules.default inputs.mailserver.nixosModules.default
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
inputs.nvidia-patch.nixosModules.nvidia-patch inputs.nvidia-patch.nixosModules.nvidia-patch
inputs.attic.nixosModules.atticd
self.nixosModules.settei self.nixosModules.settei
self.nixosModules.common self.nixosModules.common
sharedOptions sharedOptions

84
hosts/kazuki/attic.nix Normal file
View file

@ -0,0 +1,84 @@
{
config,
lib,
...
}: let
atticPort = 9476;
in {
age.secrets.attic-creds = {
file = ../../secrets/attic-creds.age;
owner = config.services.atticd.user;
};
age.secrets.nrab-lol-cf = {
file = ../../secrets/nrab-lol-cf.age;
owner = config.services.nginx.user;
};
services.atticd = {
enable = true;
credentialsFile = config.age.secrets.attic-creds.path;
settings = {
listen = "[::]:${toString atticPort}";
storage = {
type = "local";
path = "/storage-box/attic";
};
compression.type = "zstd";
chunking = {
nar-size-threshold = 64 * 1024;
min-size = 16 * 1024;
avg-size = 64 * 1024;
max-size = 256 * 1024;
};
api-endpoint = "https://cache.nrab.lol/";
allowed-hosts = ["cache.nrab.lol"];
};
};
users = {
users.atticd = {
isSystemUser = true;
group = "atticd";
home = "/var/lib/atticd";
createHome = true;
};
groups.atticd = {};
};
systemd.services.atticd = {
after = ["storage\\x2dbox.mount"];
serviceConfig.DynamicUser = lib.mkForce false;
};
security.acme = {
acceptTerms = true;
defaults.email = "nikodem@rabulinski.com";
};
users.users.nginx.extraGroups = ["acme"];
networking.firewall.allowedTCPPorts = [80 443];
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"cache.nrab.lol" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://attic";
};
};
};
upstreams."attic".servers = {
"localhost:${toString atticPort}" = {};
};
};
security.acme.certs."cache.nrab.lol" = {
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.nrab-lol-cf.path;
webroot = null;
};
}

1
hosts/kazuki/default.nix
View file

@ -13,6 +13,7 @@
./mail.nix ./mail.nix
./vault.nix ./vault.nix
./storage.nix ./storage.nix
./attic.nix
]; ];
nixpkgs.hostPlatform = "aarch64-linux"; nixpkgs.hostPlatform = "aarch64-linux";

8
secrets/attic-creds.age Normal file
View file

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 84j9mw L1Lee3U0LWtn6zx0M5pA+VpiRtx903AYyVPmeaciumA
dfEtGwEhEtBGnltkRFT2KMUl/tC1b8bYCLKtut0S75g
-> ssh-ed25519 GKhvwg Ybp7LvImp228BXqj9IfahYkdCZdO5NgPGol+GacnfQM
hSU9nhgpeOgRDQHDpO9mFPdu52R6y2/lfYCI01/3ypA
--- YnhUF2kfu+Va5YyMjZcySvd4dSbvz5CMIAkbX+2iUQ4
'ÁÝQìþß ~ ʲ"#Ñ…~,ýT¹6!™G~×Ö7Sô}Èê¿ñ˜-¹E +Ì\
)¶˜,2Žf¨. ¼|M9 zs'³ žJ"'6_º[.rqÝ<71>8¤Ý|yü>æ]c"º„wÍH<C38D> ÙöÏ›E´ùËî„Îc®†NiÓýž×þ—ú7ã 0 <>ñ

7
secrets/nrab-lol-cf.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 84j9mw QEsw7uvxEdZ/2Bab/bGd9/Ap5psN7p5RudFZJFZQ3kM
UZCthc92ptbwxxe8nFnhvdedkpt6Y/nJf8GI0qdQRcc
-> ssh-ed25519 GKhvwg BIAW4Jad+tcsVXR6ibhWvvuvXCNQ1seZR1HGym11Mz8
9NHhqlljWYoH8t1s4vvgzUjfL5lxVPVEY/pDiDP9h1I
--- dyefPpAwwsQ4xLsUBr3L5VYBhhdVKOYaCrabI042cCk
_ÁèŽóofVžÅ!Ë€v^Çå>'˜`šëqW'C§êEØ{jÅñ³7ªñ_ç)|t6{»}ÑpÐûœÃÒ»úÌ#Ž°ŸG—óS·ÑîØíÉ>QÏ£"C

8
secrets/secrets.nix
View file

@ -47,4 +47,12 @@ in {
keys.system.kazuki keys.system.kazuki
keys.other.bootstrap keys.other.bootstrap
]; ];
"nrab-lol-cf.age".publicKeys = [
keys.system.kazuki
keys.other.bootstrap
];
"attic-creds.age".publicKeys = [
keys.system.kazuki
keys.other.bootstrap
];
} }