atlas: start hosting attic

5 files changed, 49 insertions, 11 deletions

diff --git a/systems/atlas/attic.nix b/systems/atlas/attic.nix
new file mode 100644
index 0000000..d6e15eb
--- /dev/null
+++ b/systems/atlas/attic.nix
@@ -0,0 +1,34 @@
+{config, ...}: let
+  kb = 1024;
+in {
+  age.secrets.atticCreds.file =
+    ../../secrets/${config.networking.hostName}/atticCreds.age;
+
+  services.atticd = {
+    enable = true;
+    credentialsFile = config.age.secrets.atticCreds.path;
+
+    settings = {
+      listen = "[::]:5000";
+      api-endpoint = "https://cache.${config.networking.domain}/";
+
+      compression.type = "zstd";
+
+      chunking = {
+        nar-size-threshold = 64 * kb;
+        min-size = 16 * kb;
+        avg-size = 64 * kb;
+        max-size = 256 * kb;
+      };
+
+      database = {
+        type = "s3";
+        region = "us-west-004";
+        bucket = "getchoo-attic";
+        endpoint = "s3.us-west-004.backblazeb2.com";
+      };
+
+      garbage-collection.interval = "12 hours";
+    };
+  };
+}
diff --git a/systems/atlas/default.nix b/systems/atlas/default.nix
index e6b30ca..247e134 100644
--- a/systems/atlas/default.nix
+++ b/systems/atlas/default.nix
@@ -5,6 +5,7 @@
 }: {
   imports = [
     ./hardware-configuration.nix
+    ./attic.nix
     ./miniflux.nix
     ./nginx.nix
   ];
diff --git a/systems/atlas/miniflux.nix b/systems/atlas/miniflux.nix
index b142e1f..d25b588 100644
--- a/systems/atlas/miniflux.nix
+++ b/systems/atlas/miniflux.nix
@@ -1,16 +1,13 @@
 {config, ...}: {
-  config = {
-    age.secrets = {
-      miniflux.file = ../../secrets/${config.networking.hostName}/miniflux.age;
-    };
+  age.secrets .miniflux.file =
+    ../../secrets/${config.networking.hostName}/miniflux.age;
 
-    services.miniflux = {
-      enable = true;
-      adminCredentialsFile = config.age.secrets.miniflux.path;
-      config = {
-        BASE_URL = "https://miniflux.${config.networking.domain}";
-        LISTEN_ADDR = "localhost:7000";
-      };
+  services.miniflux = {
+    enable = true;
+    adminCredentialsFile = config.age.secrets.miniflux.path;
+    config = {
+      BASE_URL = "https://miniflux.${config.networking.domain}";
+      LISTEN_ADDR = "localhost:7000";
     };
   };
 }
diff --git a/systems/atlas/nginx.nix b/systems/atlas/nginx.nix
index 6cdd793..626b4b3 100644
--- a/systems/atlas/nginx.nix
+++ b/systems/atlas/nginx.nix
@@ -28,12 +28,17 @@ in {
   services.nginx = {
     enable = true;
 
+    clientMaxBodySize = "2048m"; # 2GB
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
 
     virtualHosts = mkVHosts {
+      "cache.${domain}" = {
+        locations = mkProxy "/" "5000";
+      };
+
       "miniflux.${domain}" = {
         locations = mkProxy "/" "7000";
       };
diff --git a/systems/default.nix b/systems/default.nix
index 023dc59..e44b096 100644
--- a/systems/default.nix
+++ b/systems/default.nix
@@ -62,6 +62,7 @@ in {
         modules =
           [
             inputs.teawiebot.nixosModules.default
+            inputs.attic.nixosModules.atticd
           ]
           ++ server;
       };