diff options
| author | seth <[email protected]> | 2023-12-13 22:06:24 -0500 |
|---|---|---|
| committer | seth <[email protected]> | 2023-12-14 03:34:54 -0500 |
| commit | 78a344c27ded577693734ed733a57cfd582700a3 (patch) | |
| tree | 2679c6b33073c70c6f33a66f5ef3955fefe64bff /systems/atlas | |
| parent | 974decdfa3449f47892532f9ac728275fb9fa2df (diff) | |
tree-wide: back to attic & gha again
Diffstat (limited to 'systems/atlas')
| -rw-r--r-- | systems/atlas/attic.nix | 33 | ||||
| -rw-r--r-- | systems/atlas/default.nix | 1 | ||||
| -rw-r--r-- | systems/atlas/nginx.nix | 24 |
3 files changed, 52 insertions, 6 deletions
diff --git a/systems/atlas/attic.nix b/systems/atlas/attic.nix new file mode 100644 index 0000000..a810eb5 --- /dev/null +++ b/systems/atlas/attic.nix @@ -0,0 +1,33 @@ +{ + config, + inputs', + secretsDir, + ... +}: { + age.secrets.atticCreds.file = secretsDir + "/atticCreds.age"; + + environment.systemPackages = [inputs'.attic.packages.default]; + + services.atticd = { + enable = true; + + credentialsFile = config.age.secrets.atticCreds.path; + + settings = { + listen = "[::]:5000"; + + api-endpoint = "https://cache.${config.networking.domain}/"; + + chunking = let + kb = 1024; + in { + nar-size-threshold = 64 * kb; + min-size = 16 * kb; + avg-size = 64 * kb; + max-size = 256 * kb; + }; + + compression.type = "zstd"; + }; + }; +} diff --git a/systems/atlas/default.nix b/systems/atlas/default.nix index 2a8346f..e527af9 100644 --- a/systems/atlas/default.nix +++ b/systems/atlas/default.nix @@ -6,6 +6,7 @@ }: { imports = [ ./hardware-configuration.nix + ./attic.nix ./miniflux.nix ./nginx.nix ]; diff --git a/systems/atlas/nginx.nix b/systems/atlas/nginx.nix index 866b605..fbf081a 100644 --- a/systems/atlas/nginx.nix +++ b/systems/atlas/nginx.nix @@ -1,29 +1,41 @@ -{config, ...}: let - inherit (config.networking) domain; - +{ + config, + lib, + ... +}: let mkProxy = endpoint: port: { "${endpoint}" = { proxyPass = "http://localhost:${toString port}"; proxyWebsockets = true; }; }; + + toVHosts = lib.mapAttrs' ( + name: value: lib.nameValuePair "${name}.${config.networking.domain}" value + ); in { server.services.cloudflared.enable = true; services.nginx = { enable = true; + clientMaxBodySize = "1250m"; + recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts = { - "miniflux.${domain}" = { + virtualHosts = toVHosts { + cache = { + locations = mkProxy "/" "5000"; + }; + + miniflux = { locations = mkProxy "/" "7000"; }; - "msix.${domain}" = { + msix = { root = "/var/www/msix"; }; }; |