Add module for atticd
This commit is contained in:
parent
8cc10f0d17
commit
ab5a4e34c5
|
@ -20,6 +20,7 @@ in
|
|||
pkgs.exercism
|
||||
pkgs.git
|
||||
pkgs.nix-tree
|
||||
pkgs.unstable.attic-client
|
||||
unlock-luks
|
||||
];
|
||||
shellAliases = {
|
||||
|
|
|
@ -47,6 +47,7 @@ inputs.nixpkgs.lib.nixosSystem {
|
|||
"${inputs.self}/modules"
|
||||
|
||||
inputs.agenix.nixosModules.age
|
||||
inputs.attic.nixosModules.atticd
|
||||
{
|
||||
environment.systemPackages = [ inputs.agenix.packages.${system}.default ];
|
||||
az-username = username;
|
||||
|
|
|
@ -54,6 +54,7 @@ inputs.nixpkgs.lib.nixosSystem {
|
|||
"${inputs.self}/modules"
|
||||
|
||||
inputs.agenix.nixosModules.age
|
||||
inputs.attic.nixosModules.atticd
|
||||
{
|
||||
environment.systemPackages = [ inputs.agenix.packages.${system}.default ];
|
||||
az-username = username;
|
||||
|
|
|
@ -21,6 +21,7 @@
|
|||
./programs/restic-management
|
||||
./programs/scripts
|
||||
./programs/steam
|
||||
./services/attic
|
||||
./services/common-x86
|
||||
./services/data-share
|
||||
./services/docker
|
||||
|
|
|
@ -138,11 +138,13 @@
|
|||
"https://nix-community.cachix.org"
|
||||
"https://cache.nixos.org"
|
||||
"https://devenv.cachix.org"
|
||||
"http://management.2li.local:8080/prod"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
|
||||
"prod:46pIZhqoueg1P4IPp8ciArCUgSXWJZAq63CwLTQN/uA="
|
||||
];
|
||||
min-free = 1000000000;
|
||||
max-free = 10000000000;
|
||||
|
|
|
@ -0,0 +1,75 @@
|
|||
{
|
||||
config,
|
||||
inputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.az-attic-server;
|
||||
cacheStorage = "/mnt/binary-cache";
|
||||
atticPort = 8080;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.az-attic-server.enable = lib.mkEnableOption "Enable attic server and related services";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
age.secrets.atticEnv = {
|
||||
file = "${inputs.self}/scrts/attic_env.age";
|
||||
mode = "600";
|
||||
owner = "65312";
|
||||
group = "65312";
|
||||
};
|
||||
fileSystems."${cacheStorage}" = {
|
||||
device = "10.7.89.108:binary-cache";
|
||||
fsType = "nfs";
|
||||
options = [
|
||||
"hard"
|
||||
"noatime"
|
||||
"rw"
|
||||
];
|
||||
};
|
||||
environment.systemPackages = [ pkgs.unstable.attic-client ];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ atticPort ];
|
||||
services.atticd = {
|
||||
enable = true;
|
||||
credentialsFile = config.age.secrets.atticEnv.path;
|
||||
settings = {
|
||||
listen = "[::]:${toString atticPort}";
|
||||
api-endpoint = "http://management.2li.local/";
|
||||
allowed-hosts = [ ];
|
||||
storage = {
|
||||
type = "local";
|
||||
path = "${cacheStorage}";
|
||||
};
|
||||
chunking = {
|
||||
nar-size-threshold = 64 * 1024; # 64 KiB
|
||||
# The preferred minimum size of a chunk, in bytes
|
||||
min-size = 16 * 1024; # 16 KiB
|
||||
# The preferred average size of a chunk, in bytes
|
||||
avg-size = 64 * 1024; # 64 KiB
|
||||
# The preferred maximum size of a chunk, in bytes
|
||||
max-size = 256 * 1024; # 256 KiB
|
||||
};
|
||||
database.url = "postgresql:///atticd?host=/run/postgresql";
|
||||
garbage-collection = {
|
||||
interval = "24h";
|
||||
default-retention-period = "6 months";
|
||||
};
|
||||
};
|
||||
};
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "atticd";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
ensureDatabases = [ "atticd" ];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,35 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-rsa 7S8lxw
|
||||
JK2+T8L5jPVphZu1yDWgrLBE969FLg5tW0laWB73xT4skMxRin5zgUfCKP8ltM5d
|
||||
iR7IxbcXzGkNYl8MJIfWvwqQmyFe+MsYYIzoqwN0XPlzjRlVfaCQYikgDxDraplP
|
||||
dWfUr5JihIq/aMhLzKgJPVjl5N/yc2JxBk+bIydaSCg2WppVWzaUGSD5B4WZFeGB
|
||||
JR7pyRhYbDU96JqXIVl3IGl8YgWYHbIQRguoktFYitLF+CNx8ntA5t3oucsTazOP
|
||||
I3XnItzlFT/KIzI47VcIOdTWg/g0VW8ryTiylF452HD2OXq2p2UioAcB8GxS4Ws7
|
||||
FtJNvmFibI/tt7LGc56Ta8KVq8FySSo+/J+XcEVcgYw/j+oTtG9zDE/aDXCM2DJT
|
||||
0hIAx/7uxiFdv92Udy/TRjgVoFLGowEXkdYzRWFqzgtyw7BarE4aFIcshoBO4zNZ
|
||||
p5b5IRwpd0m0tiBjDbgWZk/OsBfEYxczYV11Um440tGhYwZOK8Ha7SxgGmUbjitt
|
||||
|
||||
-> ssh-ed25519 Xj0rlw KCPa3OySLuUPtOCM09eZdEgYqQos5UMvFk9s7VtE/1A
|
||||
vJj8mS8DCz3rD7CSy2Pv1y+qE2FzYqUPzlw43yCA1Gc
|
||||
-> ssh-rsa Ws+JZA
|
||||
jOFVlB3bPA46otF2tIJBS9ttSSMk8aaYndsFfxVkblZN7DRGtE4Tr/Lo4FH040yv
|
||||
lzuvASpQgpBJ0+HQobhNdeYHGsgtNuMIgzCRdDoZ81jKlboll0LpjxwyRtvxPLUN
|
||||
g3XbOZD1YFDZkqJxvm0AczBrEpBSaZGuML3XFXVPXPnHZP6aCnt/alGjSlw2DivR
|
||||
AnD0rTOnTv5wa5xqMw2wCTH9Z9LHuGt2HpMO05AgPOGV3H7vQSrTc1RD2eJeXTqB
|
||||
mf4CJiB5T4Phfq0Qk9nipw749C6K4CYp8zmJhFLbajw0cKbPjymucdP2xmYQHAJw
|
||||
xFqiw2x8P3cf4l3fTAEikGTXzUNxhPnyZTVxSdLzRSu6POE2ETxitJAS7AkzkjPv
|
||||
0+y4EVRbSLhEN64V8UkVUl/mKUAWCSpOjnRFSKpw4ncely4SP9szsD72lamaVPgr
|
||||
wRJBHK/WVxIdlOvSf8CLKWKTr92N/F+Y+09aFoyqZLMAsk6MArsdpX0+Fm5UE1Hc
|
||||
|
||||
-> ssh-ed25519 skmU/w lCetiZmPi4xLEb2nCn2KrsFmux1O7WUlnxiL5U4xbh0
|
||||
Zc0e2tlBo9OcS573pI8mR4Lu4NAX8dgnvOd71bAB/a8
|
||||
-> ssh-ed25519 YoupUg kYVqQmUTUQ1ynNWosiCLHgnNvXLp6nbyVkK8eshyxW0
|
||||
rSpyW+3KOls4TwQhDbx6FhtW5v5OiGl6xSuTMT+kk8M
|
||||
-> ssh-ed25519 KXqA9w OdrpyguIFQxu00qlsODcVBcw5nOUQTxNFfIIDkvB0n0
|
||||
tvoYs/hoLqUiVpaFEl7dYdqsO4H7MCSSmWVh0pfrqbk
|
||||
-> ssh-ed25519 O6+Deg ADHvSzstkZmgduyHRgMWXoL7LpEygDO3cl1DIKDtWHs
|
||||
n3bBt5fih3O2v5S3+MnaIytPi2UTqDddr9bvVEFBqQQ
|
||||
--- JjLEt5SJfC5hlZD2VP+UWW6f0ROdWVuNcfbDOSG5PLw
|
||||
ë—gQÔ
|
||||
äñ"ûú‚þÐä¦Ï|>"v’œxÁl¿¤*e7ÃÂô'ºóÊœéïöêËL<C38B>£v+¢x a§ÝžaGH‘,þ¸Õcê!ö„<¤:Þ<>–›„˜FÄ6´—ŸH[½,†oÏ<C2AD>"¡TJèIÝc{Ø#v“G<E2809C>Ý<02>Q«€%É|.
|
||||
)„È™ù³Îú'cÿôª'ßyÎàu‡&íø êäk
|
|
@ -46,6 +46,7 @@ let
|
|||
all = users ++ systems;
|
||||
in
|
||||
{
|
||||
"attic_env.age".publicKeys = defaultKeys;
|
||||
"dkim_2li.ch.age".publicKeys = defaultKeys ++ [ mail ];
|
||||
"dkim_zweili.ch.age".publicKeys = defaultKeys ++ [ mail ];
|
||||
"freshrss_db_pass.age".publicKeys = defaultKeys ++ [ ttrss ];
|
||||
|
|
|
@ -12,6 +12,7 @@
|
|||
# Features
|
||||
profiles.az-server.enable = true;
|
||||
services = {
|
||||
az-attic-server.enable = true;
|
||||
az-data-share.enable = true;
|
||||
az-docker.enable = true;
|
||||
az-logs-share.enable = true;
|
||||
|
|
Loading…
Reference in New Issue