Add module for atticd
This commit is contained in:
parent
8cc10f0d17
commit
ab5a4e34c5
|
@ -20,6 +20,7 @@ in
|
||||||
pkgs.exercism
|
pkgs.exercism
|
||||||
pkgs.git
|
pkgs.git
|
||||||
pkgs.nix-tree
|
pkgs.nix-tree
|
||||||
|
pkgs.unstable.attic-client
|
||||||
unlock-luks
|
unlock-luks
|
||||||
];
|
];
|
||||||
shellAliases = {
|
shellAliases = {
|
||||||
|
|
|
@ -47,6 +47,7 @@ inputs.nixpkgs.lib.nixosSystem {
|
||||||
"${inputs.self}/modules"
|
"${inputs.self}/modules"
|
||||||
|
|
||||||
inputs.agenix.nixosModules.age
|
inputs.agenix.nixosModules.age
|
||||||
|
inputs.attic.nixosModules.atticd
|
||||||
{
|
{
|
||||||
environment.systemPackages = [ inputs.agenix.packages.${system}.default ];
|
environment.systemPackages = [ inputs.agenix.packages.${system}.default ];
|
||||||
az-username = username;
|
az-username = username;
|
||||||
|
|
|
@ -54,6 +54,7 @@ inputs.nixpkgs.lib.nixosSystem {
|
||||||
"${inputs.self}/modules"
|
"${inputs.self}/modules"
|
||||||
|
|
||||||
inputs.agenix.nixosModules.age
|
inputs.agenix.nixosModules.age
|
||||||
|
inputs.attic.nixosModules.atticd
|
||||||
{
|
{
|
||||||
environment.systemPackages = [ inputs.agenix.packages.${system}.default ];
|
environment.systemPackages = [ inputs.agenix.packages.${system}.default ];
|
||||||
az-username = username;
|
az-username = username;
|
||||||
|
|
|
@ -21,6 +21,7 @@
|
||||||
./programs/restic-management
|
./programs/restic-management
|
||||||
./programs/scripts
|
./programs/scripts
|
||||||
./programs/steam
|
./programs/steam
|
||||||
|
./services/attic
|
||||||
./services/common-x86
|
./services/common-x86
|
||||||
./services/data-share
|
./services/data-share
|
||||||
./services/docker
|
./services/docker
|
||||||
|
|
|
@ -138,11 +138,13 @@
|
||||||
"https://nix-community.cachix.org"
|
"https://nix-community.cachix.org"
|
||||||
"https://cache.nixos.org"
|
"https://cache.nixos.org"
|
||||||
"https://devenv.cachix.org"
|
"https://devenv.cachix.org"
|
||||||
|
"http://management.2li.local:8080/prod"
|
||||||
];
|
];
|
||||||
trusted-public-keys = [
|
trusted-public-keys = [
|
||||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||||
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
|
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
|
||||||
|
"prod:46pIZhqoueg1P4IPp8ciArCUgSXWJZAq63CwLTQN/uA="
|
||||||
];
|
];
|
||||||
min-free = 1000000000;
|
min-free = 1000000000;
|
||||||
max-free = 10000000000;
|
max-free = 10000000000;
|
||||||
|
|
|
@ -0,0 +1,75 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
inputs,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
let
|
||||||
|
cfg = config.services.az-attic-server;
|
||||||
|
cacheStorage = "/mnt/binary-cache";
|
||||||
|
atticPort = 8080;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
services.az-attic-server.enable = lib.mkEnableOption "Enable attic server and related services";
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
age.secrets.atticEnv = {
|
||||||
|
file = "${inputs.self}/scrts/attic_env.age";
|
||||||
|
mode = "600";
|
||||||
|
owner = "65312";
|
||||||
|
group = "65312";
|
||||||
|
};
|
||||||
|
fileSystems."${cacheStorage}" = {
|
||||||
|
device = "10.7.89.108:binary-cache";
|
||||||
|
fsType = "nfs";
|
||||||
|
options = [
|
||||||
|
"hard"
|
||||||
|
"noatime"
|
||||||
|
"rw"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
environment.systemPackages = [ pkgs.unstable.attic-client ];
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ atticPort ];
|
||||||
|
services.atticd = {
|
||||||
|
enable = true;
|
||||||
|
credentialsFile = config.age.secrets.atticEnv.path;
|
||||||
|
settings = {
|
||||||
|
listen = "[::]:${toString atticPort}";
|
||||||
|
api-endpoint = "http://management.2li.local/";
|
||||||
|
allowed-hosts = [ ];
|
||||||
|
storage = {
|
||||||
|
type = "local";
|
||||||
|
path = "${cacheStorage}";
|
||||||
|
};
|
||||||
|
chunking = {
|
||||||
|
nar-size-threshold = 64 * 1024; # 64 KiB
|
||||||
|
# The preferred minimum size of a chunk, in bytes
|
||||||
|
min-size = 16 * 1024; # 16 KiB
|
||||||
|
# The preferred average size of a chunk, in bytes
|
||||||
|
avg-size = 64 * 1024; # 64 KiB
|
||||||
|
# The preferred maximum size of a chunk, in bytes
|
||||||
|
max-size = 256 * 1024; # 256 KiB
|
||||||
|
};
|
||||||
|
database.url = "postgresql:///atticd?host=/run/postgresql";
|
||||||
|
garbage-collection = {
|
||||||
|
interval = "24h";
|
||||||
|
default-retention-period = "6 months";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services.postgresql = {
|
||||||
|
enable = true;
|
||||||
|
ensureUsers = [
|
||||||
|
{
|
||||||
|
name = "atticd";
|
||||||
|
ensureDBOwnership = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
ensureDatabases = [ "atticd" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,35 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-rsa 7S8lxw
|
||||||
|
JK2+T8L5jPVphZu1yDWgrLBE969FLg5tW0laWB73xT4skMxRin5zgUfCKP8ltM5d
|
||||||
|
iR7IxbcXzGkNYl8MJIfWvwqQmyFe+MsYYIzoqwN0XPlzjRlVfaCQYikgDxDraplP
|
||||||
|
dWfUr5JihIq/aMhLzKgJPVjl5N/yc2JxBk+bIydaSCg2WppVWzaUGSD5B4WZFeGB
|
||||||
|
JR7pyRhYbDU96JqXIVl3IGl8YgWYHbIQRguoktFYitLF+CNx8ntA5t3oucsTazOP
|
||||||
|
I3XnItzlFT/KIzI47VcIOdTWg/g0VW8ryTiylF452HD2OXq2p2UioAcB8GxS4Ws7
|
||||||
|
FtJNvmFibI/tt7LGc56Ta8KVq8FySSo+/J+XcEVcgYw/j+oTtG9zDE/aDXCM2DJT
|
||||||
|
0hIAx/7uxiFdv92Udy/TRjgVoFLGowEXkdYzRWFqzgtyw7BarE4aFIcshoBO4zNZ
|
||||||
|
p5b5IRwpd0m0tiBjDbgWZk/OsBfEYxczYV11Um440tGhYwZOK8Ha7SxgGmUbjitt
|
||||||
|
|
||||||
|
-> ssh-ed25519 Xj0rlw KCPa3OySLuUPtOCM09eZdEgYqQos5UMvFk9s7VtE/1A
|
||||||
|
vJj8mS8DCz3rD7CSy2Pv1y+qE2FzYqUPzlw43yCA1Gc
|
||||||
|
-> ssh-rsa Ws+JZA
|
||||||
|
jOFVlB3bPA46otF2tIJBS9ttSSMk8aaYndsFfxVkblZN7DRGtE4Tr/Lo4FH040yv
|
||||||
|
lzuvASpQgpBJ0+HQobhNdeYHGsgtNuMIgzCRdDoZ81jKlboll0LpjxwyRtvxPLUN
|
||||||
|
g3XbOZD1YFDZkqJxvm0AczBrEpBSaZGuML3XFXVPXPnHZP6aCnt/alGjSlw2DivR
|
||||||
|
AnD0rTOnTv5wa5xqMw2wCTH9Z9LHuGt2HpMO05AgPOGV3H7vQSrTc1RD2eJeXTqB
|
||||||
|
mf4CJiB5T4Phfq0Qk9nipw749C6K4CYp8zmJhFLbajw0cKbPjymucdP2xmYQHAJw
|
||||||
|
xFqiw2x8P3cf4l3fTAEikGTXzUNxhPnyZTVxSdLzRSu6POE2ETxitJAS7AkzkjPv
|
||||||
|
0+y4EVRbSLhEN64V8UkVUl/mKUAWCSpOjnRFSKpw4ncely4SP9szsD72lamaVPgr
|
||||||
|
wRJBHK/WVxIdlOvSf8CLKWKTr92N/F+Y+09aFoyqZLMAsk6MArsdpX0+Fm5UE1Hc
|
||||||
|
|
||||||
|
-> ssh-ed25519 skmU/w lCetiZmPi4xLEb2nCn2KrsFmux1O7WUlnxiL5U4xbh0
|
||||||
|
Zc0e2tlBo9OcS573pI8mR4Lu4NAX8dgnvOd71bAB/a8
|
||||||
|
-> ssh-ed25519 YoupUg kYVqQmUTUQ1ynNWosiCLHgnNvXLp6nbyVkK8eshyxW0
|
||||||
|
rSpyW+3KOls4TwQhDbx6FhtW5v5OiGl6xSuTMT+kk8M
|
||||||
|
-> ssh-ed25519 KXqA9w OdrpyguIFQxu00qlsODcVBcw5nOUQTxNFfIIDkvB0n0
|
||||||
|
tvoYs/hoLqUiVpaFEl7dYdqsO4H7MCSSmWVh0pfrqbk
|
||||||
|
-> ssh-ed25519 O6+Deg ADHvSzstkZmgduyHRgMWXoL7LpEygDO3cl1DIKDtWHs
|
||||||
|
n3bBt5fih3O2v5S3+MnaIytPi2UTqDddr9bvVEFBqQQ
|
||||||
|
--- JjLEt5SJfC5hlZD2VP+UWW6f0ROdWVuNcfbDOSG5PLw
|
||||||
|
ë—gQÔ
|
||||||
|
äñ"ûú‚þÐä¦Ï|>"v’œxÁl¿¤*e7ÃÂô'ºóÊœéïöêËL<C38B>£v+¢x a§ÝžaGH‘,þ¸Õcê!ö„<¤:Þ<>–›„˜FÄ6´—ŸH[½,†oÏ<C2AD>"¡TJèIÝc{Ø#v“G<E2809C>Ý<02>Q«€%É|.
|
||||||
|
)„È™ù³Îú'cÿôª'ßyÎàu‡&íø êäk
|
|
@ -46,6 +46,7 @@ let
|
||||||
all = users ++ systems;
|
all = users ++ systems;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
"attic_env.age".publicKeys = defaultKeys;
|
||||||
"dkim_2li.ch.age".publicKeys = defaultKeys ++ [ mail ];
|
"dkim_2li.ch.age".publicKeys = defaultKeys ++ [ mail ];
|
||||||
"dkim_zweili.ch.age".publicKeys = defaultKeys ++ [ mail ];
|
"dkim_zweili.ch.age".publicKeys = defaultKeys ++ [ mail ];
|
||||||
"freshrss_db_pass.age".publicKeys = defaultKeys ++ [ ttrss ];
|
"freshrss_db_pass.age".publicKeys = defaultKeys ++ [ ttrss ];
|
||||||
|
|
|
@ -12,6 +12,7 @@
|
||||||
# Features
|
# Features
|
||||||
profiles.az-server.enable = true;
|
profiles.az-server.enable = true;
|
||||||
services = {
|
services = {
|
||||||
|
az-attic-server.enable = true;
|
||||||
az-data-share.enable = true;
|
az-data-share.enable = true;
|
||||||
az-docker.enable = true;
|
az-docker.enable = true;
|
||||||
az-logs-share.enable = true;
|
az-logs-share.enable = true;
|
||||||
|
|
Loading…
Reference in New Issue