2024-05-12 02:47:20 +00:00
|
|
|
/*
|
|
|
|
A nix cache for our use
|
|
|
|
|
|
|
|
|
|
|
|
atticd-atticadm make-token --sub "admin_username" --validity "10y" --pull "*" --push "*" --create-cache "*" --delete "*" --configure-cache "*" --configure-cache-retention "*" --destroy-cache "*"
|
|
|
|
|
|
|
|
# for the gitlab runner, done eyarly
|
|
|
|
atticd-atticadm make-token --sub "wheatly-runner" --validity "1y" --pull "skynet-cache" --push "skynet-cache"
|
2024-05-12 03:57:26 +00:00
|
|
|
|
|
|
|
|
|
|
|
Documentation:
|
|
|
|
https://docs.attic.rs/introduction.html
|
2024-05-12 02:47:20 +00:00
|
|
|
*/
|
|
|
|
{
|
|
|
|
lib,
|
|
|
|
config,
|
|
|
|
pkgs,
|
|
|
|
inputs,
|
|
|
|
...
|
|
|
|
}:
|
|
|
|
with lib; let
|
|
|
|
name = "nix-cache";
|
|
|
|
cfg = config.services.skynet."${name}";
|
|
|
|
in {
|
|
|
|
imports = [
|
|
|
|
inputs.attic.nixosModules.atticd
|
|
|
|
../acme.nix
|
|
|
|
../dns.nix
|
|
|
|
];
|
|
|
|
|
|
|
|
options.services.skynet."${name}" = {
|
|
|
|
host = {
|
|
|
|
ip = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
};
|
|
|
|
name = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
config = {
|
2024-05-30 12:34:59 +00:00
|
|
|
services.skynet.acme.domains = [
|
2024-05-12 02:47:20 +00:00
|
|
|
"${name}.skynet.ie"
|
|
|
|
];
|
|
|
|
|
2024-05-30 12:25:52 +00:00
|
|
|
services.skynet.dns.records = [
|
2024-05-12 02:47:20 +00:00
|
|
|
{
|
|
|
|
record = "${name}";
|
|
|
|
r_type = "CNAME";
|
|
|
|
value = cfg.host.name;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
|
|
|
|
users.groups."nix-serve" = {};
|
|
|
|
users.users."nix-serve" = {
|
|
|
|
isSystemUser = true;
|
|
|
|
group = "nix-serve";
|
|
|
|
};
|
|
|
|
|
|
|
|
services.atticd = {
|
|
|
|
enable = true;
|
|
|
|
|
|
|
|
# Replace with absolute path to your credentials file
|
|
|
|
credentialsFile = "/etc/atticd.env";
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
listen = "127.0.0.1:8080";
|
|
|
|
|
|
|
|
# Data chunking
|
|
|
|
#
|
|
|
|
# Warning: If you change any of the values here, it will be
|
|
|
|
# difficult to reuse existing chunks for newly-uploaded NARs
|
|
|
|
# since the cutpoints will be different. As a result, the
|
|
|
|
# deduplication ratio will suffer for a while after the change.
|
|
|
|
chunking = {
|
|
|
|
# The minimum NAR size to trigger chunking
|
|
|
|
#
|
|
|
|
# If 0, chunking is disabled entirely for newly-uploaded NARs.
|
|
|
|
# If 1, all NARs are chunked.
|
|
|
|
nar-size-threshold = 64 * 1024; # 64 KiB
|
|
|
|
|
|
|
|
# The preferred minimum size of a chunk, in bytes
|
|
|
|
min-size = 16 * 1024; # 16 KiB
|
|
|
|
|
|
|
|
# The preferred average size of a chunk, in bytes
|
|
|
|
avg-size = 64 * 1024; # 64 KiB
|
|
|
|
|
|
|
|
# The preferred maximum size of a chunk, in bytes
|
|
|
|
max-size = 256 * 1024; # 256 KiB
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
networking.firewall.allowedTCPPorts = [80 443];
|
|
|
|
services.nginx = {
|
2024-05-12 04:31:01 +00:00
|
|
|
clientMaxBodySize = "500m";
|
2024-05-12 02:47:20 +00:00
|
|
|
virtualHosts = {
|
|
|
|
"${name}.skynet.ie" = {
|
|
|
|
forceSSL = true;
|
|
|
|
useACMEHost = "skynet";
|
|
|
|
locations."/" = {
|
|
|
|
proxyPass = "http://127.0.0.1:8080";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|