nixos-config/config/services/atticd.nix

63 lines
1.4 KiB
Nix
Raw Normal View History

2023-01-15 12:12:01 +01:00
{
attic,
config,
lib,
2023-01-28 20:36:05 +01:00
nix-packages,
system,
2023-06-13 07:07:34 +01:00
pkgs,
2023-01-15 12:12:01 +01:00
...
}: {
imports = [attic.nixosModules.atticd];
services.atticd = {
enable = true;
2023-06-13 06:46:23 +01:00
package = pkgs.attic-server;
2023-01-15 12:12:01 +01:00
credentialsFile = config.sops.secrets."services/attic".path;
settings = {
listen = "[::1]:57448";
allowed-hosts = ["attic.chir.rs"];
api-endpoint = "https://attic.chir.rs/";
2023-01-15 12:12:01 +01:00
database = lib.mkForce {};
storage = {
type = "s3";
2023-01-16 17:50:20 +01:00
region = "us-east-1";
2023-01-15 12:12:01 +01:00
bucket = "attic-chir-rs";
2023-01-16 17:50:20 +01:00
endpoint = "https://s3.us-west-000.backblazeb2.com/";
2023-01-15 12:12:01 +01:00
};
compression = {
type = "zstd";
level = 12;
};
chunking = {
nar-size-threshold = 131072;
min-size = 65536;
avg-size = 131072;
max-size = 262144;
};
garbage-collection.default-retention-period = "3 months";
};
};
sops.secrets."services/attic" = {};
services.postgresql.ensureDatabases = [
"attic"
];
services.postgresql.ensureUsers = [
{
name = "attic";
ensurePermissions = {
"DATABASE attic" = "ALL PRIVILEGES";
};
}
];
services.caddy.virtualHosts."attic.chir.rs" = {
2023-01-15 12:12:01 +01:00
useACMEHost = "chir.rs";
logFormat = lib.mkForce "";
extraConfig = ''
import baseConfig
2023-01-16 17:50:20 +01:00
reverse_proxy http://[::1]:57448 {
2023-01-15 12:12:01 +01:00
trusted_proxies private_ranges
}
'';
};
}