nixos-config/config/services/atticd.nix

58 lines
1.3 KiB
Nix

{
attic,
config,
lib,
...
}: {
imports = [attic.nixosModules.atticd];
services.atticd = {
enable = true;
credentialsFile = config.sops.secrets."services/attic".path;
settings = {
listen = "[::1]:57448";
allowed-hosts = ["attic.chir.rs" "attic-nocdn.chir.rs"];
api-endpoint = "https://attic-nocdn.chir.rs/";
database = lib.mkForce {};
storage = {
type = "s3";
region = "us-east-1";
bucket = "attic-chir-rs";
endpoint = "https://s3.us-west-000.backblazeb2.com/";
};
compression = {
type = "zstd";
level = 12;
};
chunking = {
nar-size-threshold = 131072;
min-size = 65536;
avg-size = 131072;
max-size = 262144;
};
garbage-collection.default-retention-period = "3 months";
};
};
sops.secrets."services/attic" = {};
services.postgresql.ensureDatabases = [
"attic"
];
services.postgresql.ensureUsers = [
{
name = "attic";
ensurePermissions = {
"DATABASE attic" = "ALL PRIVILEGES";
};
}
];
services.caddy.virtualHosts."attic-nocdn.chir.rs" = {
useACMEHost = "chir.rs";
logFormat = lib.mkForce "";
extraConfig = ''
import baseConfig
reverse_proxy http://[::1]:57448 {
trusted_proxies private_ranges
}
'';
};
}