From 36cd77c6970bfba006524537491ad79371304747 Mon Sep 17 00:00:00 2001
From: Jack O'Sullivan <jackos1998@gmail.com>
Date: Fri, 17 Nov 2023 15:05:12 +0000
Subject: [PATCH] nixos/object: Initial working atticd cache

---
 devshell/default.nix                          |  1 +
 flake.nix                                     |  1 +
 .../vms/shill/containers/middleman/vhosts.nix |  8 ++---
 .../colony/vms/shill/containers/object.nix    | 29 +++++++++++++++++--
 secrets/object/atticd.env.age                 | 19 ++++++++++++
 5 files changed, 50 insertions(+), 8 deletions(-)
 create mode 100644 secrets/object/atticd.env.age

diff --git a/devshell/default.nix b/devshell/default.nix
index 5d30fec..fce4efd 100644
--- a/devshell/default.nix
+++ b/devshell/default.nix
@@ -27,5 +27,6 @@ in
     rage
     deploy-rs.deploy-rs
     home-manager
+    attic-client
   ];
 }
diff --git a/flake.nix b/flake.nix
index d0eae9d..c7bdac1 100644
--- a/flake.nix
+++ b/flake.nix
@@ -95,6 +95,7 @@
             inputs.ragenix.overlays.default
             inputs.deploy-rs.overlay
             (flakePackageOverlay inputs.home-manager-unstable system)
+            inputs.attic.overlays.default
           ];
         }))
         pkgsFlakes;
diff --git a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
index 8d44265..24d098a 100644
--- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
+++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
@@ -440,14 +440,10 @@ in
       };
 
       "nix-cache.${pubDomain}" = {
-        extraConfig = ''
-          ${extraConfig}
-          proxy_set_header Host "nix-cache.s3.nul.ie";
-        '';
         locations = {
-          "/".proxyPass = s3Upstream;
+          "/".proxyPass = "http://${host}:8069";
           "~ ${nixCacheableRegex}" = {
-            proxyPass = s3Upstream;
+            proxyPass = "http://${host}:8069";
             extraConfig = nixCacheHeaders;
           };
         };
diff --git a/nixos/boxes/colony/vms/shill/containers/object.nix b/nixos/boxes/colony/vms/shill/containers/object.nix
index 0aa0d75..a08e277 100644
--- a/nixos/boxes/colony/vms/shill/containers/object.nix
+++ b/nixos/boxes/colony/vms/shill/containers/object.nix
@@ -1,6 +1,7 @@
 { lib, ... }:
 let
   inherit (lib.my) net;
+  inherit (lib.my.c) pubDomain;
   inherit (lib.my.c.colony) domain prefixes;
 in
 {
@@ -23,7 +24,7 @@ in
 
     configuration = { lib, pkgs, config, assignments, ... }:
     let
-      inherit (lib) mkMerge mkIf;
+      inherit (lib) mkMerge mkIf mkForce;
       inherit (config.my.user.homeConfig.lib.file) mkOutOfStoreSymlink;
       inherit (lib.my) networkdAssignment systemdAwaitPostgres;
     in
@@ -46,11 +47,12 @@ in
                   owner = config.my.user.config.name;
                   group = config.my.user.config.group;
                 };
+                "object/atticd.env" = {};
               };
             };
 
             firewall = {
-              tcp.allowed = [ 9000 9001 config.services.sharry.config.bind.port ];
+              tcp.allowed = [ 9000 9001 config.services.sharry.config.bind.port 8069 ];
             };
 
             user.homeConfig = {
@@ -147,6 +149,29 @@ in
                 };
               };
             };
+
+            atticd = {
+              enable = true;
+              credentialsFile = config.age.secrets."object/atticd.env".path;
+              settings = {
+                listen = "[::]:8069";
+                allowed-hosts = [ "nix-cache.${pubDomain}" ];
+                api-endpoint = "https://nix-cache.${pubDomain}/";
+                database = mkForce {}; # blank to pull from env
+                storage = {
+                  type = "s3";
+                  region = "eu-central-1";
+                  bucket = "nix-attic";
+                  endpoint = "http://localhost:9000";
+                };
+                chunking = {
+                  nar-size-threshold = 65536;
+                  min-size = 16384;
+                  avg-size = 65536;
+                  max-size = 262144;
+                };
+              };
+            };
           };
         }
         (mkIf config.my.build.isDevVM {
diff --git a/secrets/object/atticd.env.age b/secrets/object/atticd.env.age
new file mode 100644
index 0000000..5a16b8d
--- /dev/null
+++ b/secrets/object/atticd.env.age
@@ -0,0 +1,19 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGhrYnR2ZyBFZGRt
+cjlNMnY4eDJ6enMzbjRrYk9rdk5aUlpjUFhWUXhrL0N1RFhOVnp3CmJWNzJXV3RW
+RGEzRTJxT01nZlIyTE84Y1poblUwa3VUUkxvK2ZUdHVFWlUKLT4gWDI1NTE5IEJn
+NFVUNk9mZXpUUCtRc1E2WjFhY2k1K1RpTFBLSTZpZzkrRjZEMC9nRzgKRXQvR1ZY
+d2gwOENSN283TlpBQlU3K2pndk5vZldqUmxQczloTEhFZFlFNAotPiBYMjU1MTkg
+cURjVytMNU1xUFdWcVVVL2pweXE3VUFHdkZvcVk1eUFpcEVWQkk4NkFYbwpUZkJv
+QnlXRFZmMi8wMUFOVHhIRVUxOG9VaENrbGwwUHI5YTBzbE5oMnVJCi0+IHMtZ3Jl
+YXNlClp4NmpRSTlOUjF2MnZnZVFaYUltNVdEZmdxSFpYK1NDVUY4TGFXRTB6KzlW
+dzBHVEs2TVdyNEpZTVU5ZktoMSsKNEtjUyttSVA5VTJoazg0ay9BCi0tLSBQbGx4
+T3BVUmo2KzNzdFd2MmlVWHM3OUtvRTV5dm9Hc1ZtdW9KT1UrYmNRCleCUn5rMaT3
+1eZtb7kLC2CATBgghXRv/ao9RAal9IrqEUiaeFk6H2IS5VL2ew97Chz2Rq48NQFG
+WpVxdM/Uhc2mVHXhHA7tUcMkICPwRSZ/B++1CvYBfzpGq+B2rPmMKAGeIk+yGFgt
+hWpssoaSMnaI58wBfT1SpNDPMm5ukQqcqb5LON/UZ4ExajNeTVEXZUJE6+cEfgrG
+/1n4Jp86A0jI45/IF+kxzP8MMgQs6aZ4/iiynMubJE8D7dB51QhTfx8RMQ4zOPyT
+Ak46cl7tZB+4sww7DE5sz5VXWMoEHig6qlLu0j/AonQCOMqoQj3dRiU0gfRJacu9
+4TMeDiY3GS0AjIIO6ENgnsk6gCn8tZ8HOZ85a9EbOT+LVjnL3EVVSup81uquGoJf
+Q6/0JkjFOWZuVJIaI2s6NFbfyA3vC1ig
+-----END AGE ENCRYPTED FILE-----