diff options
Diffstat (limited to 'systems')
| -rw-r--r-- | systems/atlas/attic.nix | 33 | ||||
| -rw-r--r-- | systems/atlas/default.nix | 1 | ||||
| -rw-r--r-- | systems/atlas/nginx.nix | 24 | ||||
| -rw-r--r-- | systems/default.nix | 5 |
4 files changed, 55 insertions, 8 deletions
diff --git a/systems/atlas/attic.nix b/systems/atlas/attic.nix new file mode 100644 index 0000000..a810eb5 --- /dev/null +++ b/systems/atlas/attic.nix @@ -0,0 +1,33 @@ +{ + config, + inputs', + secretsDir, + ... +}: { + age.secrets.atticCreds.file = secretsDir + "/atticCreds.age"; + + environment.systemPackages = [inputs'.attic.packages.default]; + + services.atticd = { + enable = true; + + credentialsFile = config.age.secrets.atticCreds.path; + + settings = { + listen = "[::]:5000"; + + api-endpoint = "https://cache.${config.networking.domain}/"; + + chunking = let + kb = 1024; + in { + nar-size-threshold = 64 * kb; + min-size = 16 * kb; + avg-size = 64 * kb; + max-size = 256 * kb; + }; + + compression.type = "zstd"; + }; + }; +} diff --git a/systems/atlas/default.nix b/systems/atlas/default.nix index 2a8346f..e527af9 100644 --- a/systems/atlas/default.nix +++ b/systems/atlas/default.nix @@ -6,6 +6,7 @@ }: { imports = [ ./hardware-configuration.nix + ./attic.nix ./miniflux.nix ./nginx.nix ]; diff --git a/systems/atlas/nginx.nix b/systems/atlas/nginx.nix index 866b605..fbf081a 100644 --- a/systems/atlas/nginx.nix +++ b/systems/atlas/nginx.nix @@ -1,29 +1,41 @@ -{config, ...}: let - inherit (config.networking) domain; - +{ + config, + lib, + ... +}: let mkProxy = endpoint: port: { "${endpoint}" = { proxyPass = "http://localhost:${toString port}"; proxyWebsockets = true; }; }; + + toVHosts = lib.mapAttrs' ( + name: value: lib.nameValuePair "${name}.${config.networking.domain}" value + ); in { server.services.cloudflared.enable = true; services.nginx = { enable = true; + clientMaxBodySize = "1250m"; + recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts = { - "miniflux.${domain}" = { + virtualHosts = toVHosts { + cache = { + locations = mkProxy "/" "5000"; + }; + + miniflux = { locations = mkProxy "/" "7000"; }; - "msix.${domain}" = { + msix = { root = "/var/www/msix"; }; }; diff --git a/systems/default.nix b/systems/default.nix index de2f9e1..2c7eec4 100644 --- a/systems/default.nix +++ b/systems/default.nix @@ -65,9 +65,10 @@ in { atlas = { builder = inputs.nixpkgs-stable.lib.nixosSystem; system = "aarch64-linux"; - modules = + modules = with inputs; [ - inputs.teawiebot.nixosModules.default + teawiebot.nixosModules.default + attic.nixosModules.atticd ] ++ server; }; |