atlas: start hosting attic

9 files changed, 97 insertions, 11 deletions

diff --git a/flake.lock b/flake.lock
index 7b4e08c..dedc2a0 100644
--- a/flake.lock
+++ b/flake.lock
@@ -57,6 +57,41 @@
         "type": "github"
       }
     },
+    "attic": {
+      "inputs": {
+        "crane": [
+          "lanzaboote",
+          "crane"
+        ],
+        "flake-compat": [
+          "pre-commit",
+          "flake-compat"
+        ],
+        "flake-utils": [
+          "pre-commit",
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": [
+          "nixpkgs-stable"
+        ]
+      },
+      "locked": {
+        "lastModified": 1698258239,
+        "narHash": "sha256-qnhoYYIJ0L/P7H/f56lQUEvpzNlXh4sxuHpRERV+B44=",
+        "owner": "zhaofengli",
+        "repo": "attic",
+        "rev": "e9918bc6be268da6fa97af6ced15193d8a0421c0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "zhaofengli",
+        "repo": "attic",
+        "type": "github"
+      }
+    },
     "catppuccin": {
       "inputs": {
         "home-manager": [
@@ -549,6 +584,7 @@
       "inputs": {
         "agenix": "agenix",
         "arkenfox": "arkenfox",
+        "attic": "attic",
         "catppuccin": "catppuccin",
         "darwin": "darwin",
         "getchoo": "getchoo",
diff --git a/flake.nix b/flake.nix
index f342e34..598c977 100644
--- a/flake.nix
+++ b/flake.nix
@@ -38,6 +38,17 @@
       };
     };
 
+    attic = {
+      url = "github:zhaofengli/attic";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        nixpkgs-stable.follows = "nixpkgs-stable";
+        crane.follows = "lanzaboote/crane";
+        flake-utils.follows = "pre-commit/flake-utils";
+        flake-compat.follows = "pre-commit/flake-compat";
+      };
+    };
+
     catppuccin = {
       url = "github:Stonks3141/ctp-nix";
       inputs = {
diff --git a/secrets/atlas/atticCreds.age b/secrets/atlas/atticCreds.age
new file mode 100644
index 0000000..5a96479
--- /dev/null
+++ b/secrets/atlas/atticCreds.age
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 31d8622..bcf93a9 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -27,6 +27,7 @@ let
       files = [
         "rootPassword.age"
         "userPassword.age"
+        "atticCreds.age"
         "miniflux.age"
         "tailscaleAuthKey.age"
         "cloudflaredCreds.age"
diff --git a/systems/atlas/attic.nix b/systems/atlas/attic.nix
new file mode 100644
index 0000000..d6e15eb
--- /dev/null
+++ b/systems/atlas/attic.nix
@@ -0,0 +1,34 @@
+{config, ...}: let
+  kb = 1024;
+in {
+  age.secrets.atticCreds.file =
+    ../../secrets/${config.networking.hostName}/atticCreds.age;
+
+  services.atticd = {
+    enable = true;
+    credentialsFile = config.age.secrets.atticCreds.path;
+
+    settings = {
+      listen = "[::]:5000";
+      api-endpoint = "https://cache.${config.networking.domain}/";
+
+      compression.type = "zstd";
+
+      chunking = {
+        nar-size-threshold = 64 * kb;
+        min-size = 16 * kb;
+        avg-size = 64 * kb;
+        max-size = 256 * kb;
+      };
+
+      database = {
+        type = "s3";
+        region = "us-west-004";
+        bucket = "getchoo-attic";
+        endpoint = "s3.us-west-004.backblazeb2.com";
+      };
+
+      garbage-collection.interval = "12 hours";
+    };
+  };
+}
diff --git a/systems/atlas/default.nix b/systems/atlas/default.nix
index e6b30ca..247e134 100644
--- a/systems/atlas/default.nix
+++ b/systems/atlas/default.nix
@@ -5,6 +5,7 @@
 }: {
   imports = [
     ./hardware-configuration.nix
+    ./attic.nix
     ./miniflux.nix
     ./nginx.nix
   ];
diff --git a/systems/atlas/miniflux.nix b/systems/atlas/miniflux.nix
index b142e1f..d25b588 100644
--- a/systems/atlas/miniflux.nix
+++ b/systems/atlas/miniflux.nix
@@ -1,16 +1,13 @@
 {config, ...}: {
-  config = {
-    age.secrets = {
-      miniflux.file = ../../secrets/${config.networking.hostName}/miniflux.age;
-    };
+  age.secrets .miniflux.file =
+    ../../secrets/${config.networking.hostName}/miniflux.age;
 
-    services.miniflux = {
-      enable = true;
-      adminCredentialsFile = config.age.secrets.miniflux.path;
-      config = {
-        BASE_URL = "https://miniflux.${config.networking.domain}";
-        LISTEN_ADDR = "localhost:7000";
-      };
+  services.miniflux = {
+    enable = true;
+    adminCredentialsFile = config.age.secrets.miniflux.path;
+    config = {
+      BASE_URL = "https://miniflux.${config.networking.domain}";
+      LISTEN_ADDR = "localhost:7000";
     };
   };
 }
diff --git a/systems/atlas/nginx.nix b/systems/atlas/nginx.nix
index 6cdd793..626b4b3 100644
--- a/systems/atlas/nginx.nix
+++ b/systems/atlas/nginx.nix
@@ -28,12 +28,17 @@ in {
   services.nginx = {
     enable = true;
 
+    clientMaxBodySize = "2048m"; # 2GB
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
 
     virtualHosts = mkVHosts {
+      "cache.${domain}" = {
+        locations = mkProxy "/" "5000";
+      };
+
       "miniflux.${domain}" = {
         locations = mkProxy "/" "7000";
       };
diff --git a/systems/default.nix b/systems/default.nix
index 023dc59..e44b096 100644
--- a/systems/default.nix
+++ b/systems/default.nix
@@ -62,6 +62,7 @@ in {
         modules =
           [
             inputs.teawiebot.nixosModules.default
+            inputs.attic.nixosModules.atticd
           ]
           ++ server;
       };