diff options
| author | Kj Tsanaktsidis <kjtsanaktsidis@groq.com> | 2026-01-09 22:18:18 +1100 |
|---|---|---|
| committer | Kj Tsanaktsidis <kjtsanaktsidis@groq.com> | 2026-01-09 22:18:18 +1100 |
| commit | eca9d37810d5c29a1b0ea7f86c6b3abbb81f7c04 (patch) | |
| tree | cab6043efab9e97ef63881253574a7c9fc68e53c /modules | |
| parent | c8b32eb78c644b4c5499432e6e60f595c5a577b3 (diff) | |
attic
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/attic.nix | 78 | ||||
| -rw-r--r-- | modules/buildbot.nix | 27 |
2 files changed, 105 insertions, 0 deletions
diff --git a/modules/attic.nix b/modules/attic.nix new file mode 100644 index 0000000..7476d57 --- /dev/null +++ b/modules/attic.nix @@ -0,0 +1,78 @@ +{ + inputs, + config, + pkgs, + ... +}: +let + atticdPort = 3215; +in +{ + imports = [ + inputs.attic.nixosModules.atticd + ]; + + sops.secrets = { + attic_server_token_rs256_secret_base64 = { }; + }; + + systemd.services.atticd-env = + let + createEnvScript = pkgs.writeShellScript "atticd-env" '' + set -euo pipefail + umask 077 + value="$(<${config.sops.secrets.attic_server_token_rs256_secret_base64.path})" + printf "ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=\"%s\"\n" "$value" > /etc/atticd.env + ''; + in + { + description = "Create /etc/atticd.env if missing"; + before = [ "atticd.service" ]; + wantedBy = [ "atticd.service" ]; + unitConfig.ConditionPathExists = "!/etc/atticd.env"; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = createEnvScript; + }; + }; + + services.atticd = { + enable = true; + environmentFile = "/etc/atticd.env"; + mode = "monolithic"; + + settings = { + api-endpoint = "https://attic.kjtsanaktsidis.id.au"; + allowed-hosts = [ "attic.kjtsanaktsidis.id.au" ]; + listen = "[::]:${builtins.toString atticdPort}"; + jwt = { }; + chunking = { + nar-size-threshold = 64 * 1024; # 64 KiB + min-size = 16 * 1024; # 16 KiB + avg-size = 64 * 1024; # 64 KiB + max-size = 256 * 1024; # 256 KiB + }; + database = { + url = "sqlite:///var/lib/atticd/server.db"; + }; + storage = { + type = "local"; + path = "/var/lib/atticd/storage"; + }; + }; + }; + + + services.nginx = { + virtualHosts."attic.kjtsanaktsidis.id.au" = { + forceSSL = true; + enableACME = true; + locations = { + "/" = { + proxyPass = "http://localhost:${builtins.toString atticdPort}"; + }; + }; + }; + }; +} diff --git a/modules/buildbot.nix b/modules/buildbot.nix new file mode 100644 index 0000000..6ace501 --- /dev/null +++ b/modules/buildbot.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + ... +}: +{ + services.buildbot-master = { + enable = true; + home = "/var/lib/buildbot"; + title = "KJ's NixOS buildbot"; + port = 3214; + listenAddress = "::1"; + buildbotUrl = "https://buildbot.kjtsanaktsidis.id.au/"; + }; + + services.nginx = { + virtualHosts."buildbot.kjtsanaktsidis.id.au" = { + forceSSL = true; + enableACME = true; + locations = { + "/" = { + proxyPass = "http://localhost:${builtins.toString config.services.buildbot-master.port}"; + }; + }; + }; + }; +} |