nixos-config/config/services/atticd.nix

62 lines
1.4 KiB
Nix
Raw Normal View History

2023-01-15 11:12:01 +00:00
{
attic,
config,
lib,
2023-01-28 19:36:05 +00:00
nix-packages,
system,
2023-01-15 11:12:01 +00:00
...
}: {
imports = [attic.nixosModules.atticd];
services.atticd = {
enable = true;
2023-01-28 20:55:44 +00:00
package = attic.packages.${system}.attic-server;
2023-01-15 11:12:01 +00:00
credentialsFile = config.sops.secrets."services/attic".path;
settings = {
listen = "[::1]:57448";
allowed-hosts = ["attic.chir.rs" "attic-nocdn.chir.rs"];
2023-01-20 15:35:09 +00:00
api-endpoint = "https://attic-nocdn.chir.rs/";
2023-01-15 11:12:01 +00:00
database = lib.mkForce {};
storage = {
type = "s3";
2023-01-16 16:50:20 +00:00
region = "us-east-1";
2023-01-15 11:12:01 +00:00
bucket = "attic-chir-rs";
2023-01-16 16:50:20 +00:00
endpoint = "https://s3.us-west-000.backblazeb2.com/";
2023-01-15 11:12:01 +00:00
};
compression = {
type = "zstd";
level = 12;
};
chunking = {
nar-size-threshold = 131072;
min-size = 65536;
avg-size = 131072;
max-size = 262144;
};
garbage-collection.default-retention-period = "3 months";
};
};
sops.secrets."services/attic" = {};
services.postgresql.ensureDatabases = [
"attic"
];
services.postgresql.ensureUsers = [
{
name = "attic";
ensurePermissions = {
"DATABASE attic" = "ALL PRIVILEGES";
};
}
];
services.caddy.virtualHosts."attic-nocdn.chir.rs" = {
useACMEHost = "chir.rs";
logFormat = lib.mkForce "";
extraConfig = ''
import baseConfig
2023-01-16 16:50:20 +00:00
reverse_proxy http://[::1]:57448 {
2023-01-15 11:12:01 +00:00
trusted_proxies private_ranges
}
'';
};
}