From 93f89cfcdf013de43fe28f00b65190ece9059afd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= <nikodem@rabulinski.com>
Date: Sat, 4 Jan 2025 22:48:32 +0100
Subject: [PATCH] hosts/kazuki: move attic to services

---
 hosts/kazuki/attic.nix   | 115 ------------------------------------
 hosts/kazuki/default.nix |   1 -
 services/attic.nix       | 122 +++++++++++++++++++++++++++++++++++++++
 services/default.nix     |   2 +-
 4 files changed, 123 insertions(+), 117 deletions(-)
 delete mode 100644 hosts/kazuki/attic.nix
 create mode 100644 services/attic.nix

diff --git a/hosts/kazuki/attic.nix b/hosts/kazuki/attic.nix
deleted file mode 100644
index 87cd289..0000000
--- a/hosts/kazuki/attic.nix
+++ /dev/null
@@ -1,115 +0,0 @@
-{ config, lib, ... }:
-let
-  atticPort = 9476;
-in
-{
-  age.secrets.attic-creds = {
-    file = ../../secrets/attic-creds.age;
-    owner = config.services.atticd.user;
-  };
-  age.secrets.nrab-lol-cf = {
-    file = ../../secrets/nrab-lol-cf.age;
-    owner = config.services.nginx.user;
-  };
-
-  services.atticd = {
-    enable = true;
-    environmentFile = config.age.secrets.attic-creds.path;
-    settings = {
-      listen = "[::]:${toString atticPort}";
-      storage = {
-        type = "local";
-        path = "/storage-box";
-      };
-      compression.type = "none";
-      chunking = {
-        nar-size-threshold = 0;
-        min-size = 0;
-        avg-size = 0;
-        max-size = 0;
-      };
-      api-endpoint = "https://attic.nrab.lol/";
-    };
-  };
-
-  users = {
-    users.atticd = {
-      uid = 990;
-      isSystemUser = true;
-      group = "atticd";
-      home = "/var/lib/atticd";
-      createHome = true;
-    };
-    groups.atticd = {
-      gid = 988;
-    };
-  };
-
-  systemd.services.atticd = {
-    after = [ "storage\\x2dbox.mount" ];
-    serviceConfig.DynamicUser = lib.mkForce false;
-  };
-
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "nikodem@rabulinski.com";
-  };
-
-  users.users.nginx.extraGroups = [ "acme" ];
-  networking.firewall.allowedTCPPorts = [
-    80
-    443
-  ];
-
-  services.nginx = {
-    enable = true;
-    recommendedProxySettings = true;
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedTlsSettings = true;
-    virtualHosts."attic.nrab.lol" = {
-      forceSSL = true;
-      enableACME = true;
-      acmeRoot = null;
-      locations."/" = {
-        proxyPass = "http://attic";
-      };
-      extraConfig = ''
-        client_max_body_size 24G;
-      '';
-    };
-    virtualHosts."cache.nrab.lol" = {
-      forceSSL = true;
-      enableACME = true;
-      acmeRoot = null;
-      locations."/" = {
-        proxyPass = "http://attic/public$request_uri";
-      };
-      extraConfig = ''
-        proxy_cache nixstore;
-        proxy_cache_use_stale error timeout http_500 http_502;
-        proxy_cache_lock on;
-        proxy_cache_key $request_uri;
-        proxy_cache_valid 200 24h;
-      '';
-    };
-
-    upstreams."attic".servers = {
-      "localhost:${toString atticPort}" = { };
-    };
-
-    appendHttpConfig = ''
-      proxy_cache_path /var/cache/nginx/nixstore levels=1:2 keys_zone=nixstore:10m max_size=10g inactive=24h use_temp_path=off;
-    '';
-  };
-
-  security.acme.certs."attic.nrab.lol" = {
-    dnsProvider = "cloudflare";
-    credentialsFile = config.age.secrets.nrab-lol-cf.path;
-  };
-
-  security.acme.certs."cache.nrab.lol" = {
-    dnsProvider = "cloudflare";
-    credentialsFile = config.age.secrets.nrab-lol-cf.path;
-  };
-}
diff --git a/hosts/kazuki/default.nix b/hosts/kazuki/default.nix
index 1b099f7..df92f1c 100644
--- a/hosts/kazuki/default.nix
+++ b/hosts/kazuki/default.nix
@@ -13,7 +13,6 @@
         ./mail.nix
         ./vault.nix
         ./storage.nix
-        ./attic.nix
         ./ntfy.nix
         ./zitadel.nix
         ./forgejo.nix
diff --git a/services/attic.nix b/services/attic.nix
new file mode 100644
index 0000000..91d675f
--- /dev/null
+++ b/services/attic.nix
@@ -0,0 +1,122 @@
+{
+  services.attic =
+    let
+      atticPort = 9476;
+    in
+    {
+      host = "kazuki";
+      ports = [ atticPort ];
+      config =
+        { config, ... }:
+        {
+          age.secrets.attic-creds = {
+            file = ../secrets/attic-creds.age;
+            owner = config.services.atticd.user;
+          };
+          age.secrets.nrab-lol-cf = {
+            file = ../secrets/nrab-lol-cf.age;
+            owner = config.services.nginx.user;
+          };
+
+          services.atticd = {
+            enable = true;
+            environmentFile = config.age.secrets.attic-creds.path;
+            settings = {
+              listen = "[::]:${toString atticPort}";
+              storage = {
+                type = "local";
+                path = "/storage-box";
+              };
+              compression.type = "none";
+              chunking = {
+                nar-size-threshold = 0;
+                min-size = 0;
+                avg-size = 0;
+                max-size = 0;
+              };
+              api-endpoint = "https://attic.nrab.lol/";
+            };
+          };
+
+          users = {
+            users.atticd = {
+              uid = 990;
+              isSystemUser = true;
+              group = "atticd";
+              home = "/var/lib/atticd";
+              createHome = true;
+            };
+            groups.atticd = {
+              gid = 988;
+            };
+          };
+
+          systemd.services.atticd = {
+            after = [ "storage\\x2dbox.mount" ];
+          };
+
+          security.acme = {
+            acceptTerms = true;
+            defaults.email = "nikodem@rabulinski.com";
+          };
+
+          users.users.nginx.extraGroups = [ "acme" ];
+          networking.firewall.allowedTCPPorts = [
+            80
+            443
+          ];
+
+          services.nginx = {
+            enable = true;
+            recommendedProxySettings = true;
+            recommendedGzipSettings = true;
+            recommendedOptimisation = true;
+            recommendedTlsSettings = true;
+            virtualHosts."attic.nrab.lol" = {
+              forceSSL = true;
+              enableACME = true;
+              acmeRoot = null;
+              locations."/" = {
+                proxyPass = "http://attic";
+              };
+              extraConfig = ''
+                client_max_body_size 24G;
+              '';
+            };
+            virtualHosts."cache.nrab.lol" = {
+              forceSSL = true;
+              enableACME = true;
+              acmeRoot = null;
+              locations."/" = {
+                proxyPass = "http://attic/public$request_uri";
+              };
+              extraConfig = ''
+                proxy_cache nixstore;
+                proxy_cache_use_stale error timeout http_500 http_502;
+                proxy_cache_lock on;
+                proxy_cache_key $request_uri;
+                proxy_cache_valid 200 24h;
+              '';
+            };
+
+            upstreams."attic".servers = {
+              "localhost:${toString atticPort}" = { };
+            };
+
+            appendHttpConfig = ''
+              proxy_cache_path /var/cache/nginx/nixstore levels=1:2 keys_zone=nixstore:10m max_size=10g inactive=24h use_temp_path=off;
+            '';
+          };
+
+          security.acme.certs."attic.nrab.lol" = {
+            dnsProvider = "cloudflare";
+            credentialsFile = config.age.secrets.nrab-lol-cf.path;
+          };
+
+          security.acme.certs."cache.nrab.lol" = {
+            dnsProvider = "cloudflare";
+            credentialsFile = config.age.secrets.nrab-lol-cf.path;
+          };
+        };
+    };
+}
diff --git a/services/default.nix b/services/default.nix
index 1f0f2c2..d588ede 100644
--- a/services/default.nix
+++ b/services/default.nix
@@ -1,5 +1,5 @@
 {
   imports = [
-
+    ./attic.nix
   ];
 }