Nebucatnetzer
/
nixos
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add module for atticd

This commit is contained in:
Andreas Zweili 2024-04-15 11:38:12 +02:00
parent 8cc10f0d17
commit ab5a4e34c5
9 changed files with 118 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
home-manager/profiles/management.nix
View File

@ -20,6 +20,7 @@ in
pkgs.exercism
pkgs.git
pkgs.nix-tree
pkgs.unstable.attic-client
unlock-luks
];
shellAliases = {

1
lib/mk_computer.nix
View File

@ -47,6 +47,7 @@ inputs.nixpkgs.lib.nixosSystem {
"${inputs.self}/modules"
inputs.agenix.nixosModules.age
inputs.attic.nixosModules.atticd
{
environment.systemPackages = [ inputs.agenix.packages.${system}.default ];
az-username = username;

1
lib/mk_raspi.nix
View File

@ -54,6 +54,7 @@ inputs.nixpkgs.lib.nixosSystem {
"${inputs.self}/modules"
inputs.agenix.nixosModules.age
inputs.attic.nixosModules.atticd
{
environment.systemPackages = [ inputs.agenix.packages.${system}.default ];
az-username = username;

1
modules/default.nix
View File

@ -21,6 +21,7 @@
./programs/restic-management
./programs/scripts
./programs/steam
./services/attic
./services/common-x86
./services/data-share
./services/docker

2
modules/misc/common/default.nix
View File

@ -138,11 +138,13 @@
"https://nix-community.cachix.org"
"https://cache.nixos.org"
"https://devenv.cachix.org"
"http://management.2li.local:8080/prod"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
"prod:46pIZhqoueg1P4IPp8ciArCUgSXWJZAq63CwLTQN/uA="
];
min-free = 1000000000;
max-free = 10000000000;

75
modules/services/attic/default.nix Normal file
View File

@ -0,0 +1,75 @@
{
config,
inputs,
lib,
pkgs,
...
}:
let
cfg = config.services.az-attic-server;
cacheStorage = "/mnt/binary-cache";
atticPort = 8080;
in
{
options = {
services.az-attic-server.enable = lib.mkEnableOption "Enable attic server and related services";
};
config = lib.mkIf cfg.enable {
age.secrets.atticEnv = {
file = "${inputs.self}/scrts/attic_env.age";
mode = "600";
owner = "65312";
group = "65312";
};
fileSystems."${cacheStorage}" = {
device = "10.7.89.108:binary-cache";
fsType = "nfs";
options = [
"hard"
"noatime"
"rw"
];
};
environment.systemPackages = [ pkgs.unstable.attic-client ];
networking.firewall.allowedTCPPorts = [ atticPort ];
services.atticd = {
enable = true;
credentialsFile = config.age.secrets.atticEnv.path;
settings = {
listen = "[::]:${toString atticPort}";
api-endpoint = "http://management.2li.local/";
allowed-hosts = [ ];
storage = {
type = "local";
path = "${cacheStorage}";
};
chunking = {
nar-size-threshold = 64 * 1024; # 64 KiB
# The preferred minimum size of a chunk, in bytes
min-size = 16 * 1024; # 16 KiB
# The preferred average size of a chunk, in bytes
avg-size = 64 * 1024; # 64 KiB
# The preferred maximum size of a chunk, in bytes
max-size = 256 * 1024; # 256 KiB
};
database.url = "postgresql:///atticd?host=/run/postgresql";
garbage-collection = {
interval = "24h";
default-retention-period = "6 months";
};
};
};
services.postgresql = {
enable = true;
ensureUsers = [
{
name = "atticd";
ensureDBOwnership = true;
}
];
ensureDatabases = [ "atticd" ];
};
};
}

35
scrts/attic_env.age Normal file
View File

@ -0,0 +1,35 @@
age-encryption.org/v1
-> ssh-rsa 7S8lxw
JK2+T8L5jPVphZu1yDWgrLBE969FLg5tW0laWB73xT4skMxRin5zgUfCKP8ltM5d
iR7IxbcXzGkNYl8MJIfWvwqQmyFe+MsYYIzoqwN0XPlzjRlVfaCQYikgDxDraplP
dWfUr5JihIq/aMhLzKgJPVjl5N/yc2JxBk+bIydaSCg2WppVWzaUGSD5B4WZFeGB
JR7pyRhYbDU96JqXIVl3IGl8YgWYHbIQRguoktFYitLF+CNx8ntA5t3oucsTazOP
I3XnItzlFT/KIzI47VcIOdTWg/g0VW8ryTiylF452HD2OXq2p2UioAcB8GxS4Ws7
FtJNvmFibI/tt7LGc56Ta8KVq8FySSo+/J+XcEVcgYw/j+oTtG9zDE/aDXCM2DJT
0hIAx/7uxiFdv92Udy/TRjgVoFLGowEXkdYzRWFqzgtyw7BarE4aFIcshoBO4zNZ
p5b5IRwpd0m0tiBjDbgWZk/OsBfEYxczYV11Um440tGhYwZOK8Ha7SxgGmUbjitt
-> ssh-ed25519 Xj0rlw KCPa3OySLuUPtOCM09eZdEgYqQos5UMvFk9s7VtE/1A
vJj8mS8DCz3rD7CSy2Pv1y+qE2FzYqUPzlw43yCA1Gc
-> ssh-rsa Ws+JZA
jOFVlB3bPA46otF2tIJBS9ttSSMk8aaYndsFfxVkblZN7DRGtE4Tr/Lo4FH040yv
lzuvASpQgpBJ0+HQobhNdeYHGsgtNuMIgzCRdDoZ81jKlboll0LpjxwyRtvxPLUN
g3XbOZD1YFDZkqJxvm0AczBrEpBSaZGuML3XFXVPXPnHZP6aCnt/alGjSlw2DivR
AnD0rTOnTv5wa5xqMw2wCTH9Z9LHuGt2HpMO05AgPOGV3H7vQSrTc1RD2eJeXTqB
mf4CJiB5T4Phfq0Qk9nipw749C6K4CYp8zmJhFLbajw0cKbPjymucdP2xmYQHAJw
xFqiw2x8P3cf4l3fTAEikGTXzUNxhPnyZTVxSdLzRSu6POE2ETxitJAS7AkzkjPv
0+y4EVRbSLhEN64V8UkVUl/mKUAWCSpOjnRFSKpw4ncely4SP9szsD72lamaVPgr
wRJBHK/WVxIdlOvSf8CLKWKTr92N/F+Y+09aFoyqZLMAsk6MArsdpX0+Fm5UE1Hc
-> ssh-ed25519 skmU/w lCetiZmPi4xLEb2nCn2KrsFmux1O7WUlnxiL5U4xbh0
Zc0e2tlBo9OcS573pI8mR4Lu4NAX8dgnvOd71bAB/a8
-> ssh-ed25519 YoupUg kYVqQmUTUQ1ynNWosiCLHgnNvXLp6nbyVkK8eshyxW0
rSpyW+3KOls4TwQhDbx6FhtW5v5OiGl6xSuTMT+kk8M
-> ssh-ed25519 KXqA9w OdrpyguIFQxu00qlsODcVBcw5nOUQTxNFfIIDkvB0n0
tvoYs/hoLqUiVpaFEl7dYdqsO4H7MCSSmWVh0pfrqbk
-> ssh-ed25519 O6+Deg ADHvSzstkZmgduyHRgMWXoL7LpEygDO3cl1DIKDtWHs
n3bBt5fih3O2v5S3+MnaIytPi2UTqDddr9bvVEFBqQQ
--- JjLEt5SJfC5hlZD2VP+UWW6f0ROdWVuNcfbDOSG5PLw
ë—gQÔ
äñ"ûú‚þÐä¦Ï|>"vœxÁl¿¤*e7ÃÂô'ºóÊœéï öêËL<C38B>£v+¢x a§ÝžaGH¸Õcê!ö„<¤<>˜FÄ6´—ŸH[½,†o­Ï<C2AD>"¡TJèIÝc{Ø#v“G<E2809C>Ý<02>Q«€%É|.
)„È™ù³Îú 'cÿôª'ßyÎàu‡&íø êäk

1
scrts/secrets.nix
View File

@ -46,6 +46,7 @@ let
all = users ++ systems;
in
{
"attic_env.age".publicKeys = defaultKeys;
"dkim_2li.ch.age".publicKeys = defaultKeys ++ [ mail ];
"dkim_zweili.ch.age".publicKeys = defaultKeys ++ [ mail ];
"freshrss_db_pass.age".publicKeys = defaultKeys ++ [ ttrss ];

1
systems/management/default.nix
View File

@ -12,6 +12,7 @@
# Features
profiles.az-server.enable = true;
services = {
az-attic-server.enable = true;
az-data-share.enable = true;
az-docker.enable = true;
az-logs-share.enable = true;