hosts/kazuki: move attic to services

2025-01-04 22:48:32 +01:00 · 2025-01-04 22:48:32 +01:00 · 93f89cfcdf
commit 93f89cfcdf
parent 68445b2146
4 changed files with 123 additions and 117 deletions
--- a/hosts/kazuki/attic.nix
+++ b/hosts/kazuki/attic.nix
@ -1,115 +0,0 @@
-{ config, lib, ... }:
-let
-  atticPort = 9476;
-in
-{
-  age.secrets.attic-creds = {
-    file = ../../secrets/attic-creds.age;
-    owner = config.services.atticd.user;
-  };
-  age.secrets.nrab-lol-cf = {
-    file = ../../secrets/nrab-lol-cf.age;
-    owner = config.services.nginx.user;
-  };
-
-  services.atticd = {
-    enable = true;
-    environmentFile = config.age.secrets.attic-creds.path;
-    settings = {
-      listen = "[::]:${toString atticPort}";
-      storage = {
-        type = "local";
-        path = "/storage-box";
-      };
-      compression.type = "none";
-      chunking = {
-        nar-size-threshold = 0;
-        min-size = 0;
-        avg-size = 0;
-        max-size = 0;
-      };
-      api-endpoint = "https://attic.nrab.lol/";
-    };
-  };
-
-  users = {
-    users.atticd = {
-      uid = 990;
-      isSystemUser = true;
-      group = "atticd";
-      home = "/var/lib/atticd";
-      createHome = true;
-    };
-    groups.atticd = {
-      gid = 988;
-    };
-  };
-
-  systemd.services.atticd = {
-    after = [ "storage\\x2dbox.mount" ];
-    serviceConfig.DynamicUser = lib.mkForce false;
-  };
-
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "nikodem@rabulinski.com";
-  };
-
-  users.users.nginx.extraGroups = [ "acme" ];
-  networking.firewall.allowedTCPPorts = [
-    80
-    443
-  ];
-
-  services.nginx = {
-    enable = true;
-    recommendedProxySettings = true;
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedTlsSettings = true;
-    virtualHosts."attic.nrab.lol" = {
-      forceSSL = true;
-      enableACME = true;
-      acmeRoot = null;
-      locations."/" = {
-        proxyPass = "http://attic";
-      };
-      extraConfig = ''
-        client_max_body_size 24G;
-      '';
-    };
-    virtualHosts."cache.nrab.lol" = {
-      forceSSL = true;
-      enableACME = true;
-      acmeRoot = null;
-      locations."/" = {
-        proxyPass = "http://attic/public$request_uri";
-      };
-      extraConfig = ''
-        proxy_cache nixstore;
-        proxy_cache_use_stale error timeout http_500 http_502;
-        proxy_cache_lock on;
-        proxy_cache_key $request_uri;
-        proxy_cache_valid 200 24h;
-      '';
-    };
-
-    upstreams."attic".servers = {
-      "localhost:${toString atticPort}" = { };
-    };
-
-    appendHttpConfig = ''
-      proxy_cache_path /var/cache/nginx/nixstore levels=1:2 keys_zone=nixstore:10m max_size=10g inactive=24h use_temp_path=off;
-    '';
-  };
-
-  security.acme.certs."attic.nrab.lol" = {
-    dnsProvider = "cloudflare";
-    credentialsFile = config.age.secrets.nrab-lol-cf.path;
-  };
-
-  security.acme.certs."cache.nrab.lol" = {
-    dnsProvider = "cloudflare";
-    credentialsFile = config.age.secrets.nrab-lol-cf.path;
-  };
-}
--- a/hosts/kazuki/default.nix
+++ b/hosts/kazuki/default.nix
@ -13,7 +13,6 @@
        ./mail.nix
        ./vault.nix
        ./storage.nix
-        ./attic.nix
        ./ntfy.nix
        ./zitadel.nix
        ./forgejo.nix