dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos/object: Initial working atticd cache

Browse Source
This commit is contained in:
Jack O'Sullivan 2023-11-17 15:05:12 +00:00
parent f72713410a
commit 36cd77c697
5 changed files with 50 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
devshell/default.nix
View File

@ -27,5 +27,6 @@ in
rage
deploy-rs.deploy-rs
home-manager
attic-client
];
}

1
flake.nix
View File

@ -95,6 +95,7 @@
inputs.ragenix.overlays.default
inputs.deploy-rs.overlay
(flakePackageOverlay inputs.home-manager-unstable system)
inputs.attic.overlays.default
];
}))
pkgsFlakes;

8
nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
View File

@ -440,14 +440,10 @@ in
};
"nix-cache.${pubDomain}" = {
extraConfig = ''
${extraConfig}
proxy_set_header Host "nix-cache.s3.nul.ie";
'';
locations = {
"/".proxyPass = s3Upstream;
"/".proxyPass = "http://${host}:8069";
"~ ${nixCacheableRegex}" = {
proxyPass = s3Upstream;
proxyPass = "http://${host}:8069";
extraConfig = nixCacheHeaders;
};
};

29
nixos/boxes/colony/vms/shill/containers/object.nix
View File

@ -1,6 +1,7 @@
{ lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.c) pubDomain;
inherit (lib.my.c.colony) domain prefixes;
in
{
@ -23,7 +24,7 @@ in
configuration = { lib, pkgs, config, assignments, ... }:
let
inherit (lib) mkMerge mkIf;
inherit (lib) mkMerge mkIf mkForce;
inherit (config.my.user.homeConfig.lib.file) mkOutOfStoreSymlink;
inherit (lib.my) networkdAssignment systemdAwaitPostgres;
in
@ -46,11 +47,12 @@ in
owner = config.my.user.config.name;
group = config.my.user.config.group;
};
"object/atticd.env" = {};
};
};
firewall = {
tcp.allowed = [ 9000 9001 config.services.sharry.config.bind.port ];
tcp.allowed = [ 9000 9001 config.services.sharry.config.bind.port 8069 ];
};
user.homeConfig = {
@ -147,6 +149,29 @@ in
};
};
};
atticd = {
enable = true;
credentialsFile = config.age.secrets."object/atticd.env".path;
settings = {
listen = "[::]:8069";
allowed-hosts = [ "nix-cache.${pubDomain}" ];
api-endpoint = "https://nix-cache.${pubDomain}/";
database = mkForce {}; # blank to pull from env
storage = {
type = "s3";
region = "eu-central-1";
bucket = "nix-attic";
endpoint = "http://localhost:9000";
};
chunking = {
nar-size-threshold = 65536;
min-size = 16384;
avg-size = 65536;
max-size = 262144;
};
};
};
};
}
(mkIf config.my.build.isDevVM {

19
secrets/object/atticd.env.age Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGhrYnR2ZyBFZGRt
cjlNMnY4eDJ6enMzbjRrYk9rdk5aUlpjUFhWUXhrL0N1RFhOVnp3CmJWNzJXV3RW
RGEzRTJxT01nZlIyTE84Y1poblUwa3VUUkxvK2ZUdHVFWlUKLT4gWDI1NTE5IEJn
NFVUNk9mZXpUUCtRc1E2WjFhY2k1K1RpTFBLSTZpZzkrRjZEMC9nRzgKRXQvR1ZY
d2gwOENSN283TlpBQlU3K2pndk5vZldqUmxQczloTEhFZFlFNAotPiBYMjU1MTkg
cURjVytMNU1xUFdWcVVVL2pweXE3VUFHdkZvcVk1eUFpcEVWQkk4NkFYbwpUZkJv
QnlXRFZmMi8wMUFOVHhIRVUxOG9VaENrbGwwUHI5YTBzbE5oMnVJCi0+IHMtZ3Jl
YXNlClp4NmpRSTlOUjF2MnZnZVFaYUltNVdEZmdxSFpYK1NDVUY4TGFXRTB6KzlW
dzBHVEs2TVdyNEpZTVU5ZktoMSsKNEtjUyttSVA5VTJoazg0ay9BCi0tLSBQbGx4
T3BVUmo2KzNzdFd2MmlVWHM3OUtvRTV5dm9Hc1ZtdW9KT1UrYmNRCleCUn5rMaT3
1eZtb7kLC2CATBgghXRv/ao9RAal9IrqEUiaeFk6H2IS5VL2ew97Chz2Rq48NQFG
WpVxdM/Uhc2mVHXhHA7tUcMkICPwRSZ/B++1CvYBfzpGq+B2rPmMKAGeIk+yGFgt
hWpssoaSMnaI58wBfT1SpNDPMm5ukQqcqb5LON/UZ4ExajNeTVEXZUJE6+cEfgrG
/1n4Jp86A0jI45/IF+kxzP8MMgQs6aZ4/iiynMubJE8D7dB51QhTfx8RMQ4zOPyT
Ak46cl7tZB+4sww7DE5sz5VXWMoEHig6qlLu0j/AonQCOMqoQj3dRiU0gfRJacu9
4TMeDiY3GS0AjIIO6ENgnsk6gCn8tZ8HOZ85a9EbOT+LVjnL3EVVSup81uquGoJf
Q6/0JkjFOWZuVJIaI2s6NFbfyA3vC1ig
-----END AGE ENCRYPTED FILE-----