2 files changed, 105 insertions, 0 deletions

diff --git a/modules/attic.nix b/modules/attic.nix
new file mode 100644
index 0000000..7476d57
--- /dev/null
+++ b/modules/attic.nix
@@ -0,0 +1,78 @@
+{
+  inputs,
+  config,
+  pkgs,
+  ...
+}:
+let
+  atticdPort = 3215;
+in
+{
+  imports = [
+    inputs.attic.nixosModules.atticd
+  ];
+
+  sops.secrets = {
+    attic_server_token_rs256_secret_base64 = { };
+  };
+
+  systemd.services.atticd-env =
+    let
+      createEnvScript = pkgs.writeShellScript "atticd-env" ''
+        set -euo pipefail
+        umask 077
+        value="$(<${config.sops.secrets.attic_server_token_rs256_secret_base64.path})"
+        printf "ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=\"%s\"\n" "$value" > /etc/atticd.env
+      '';
+    in
+    {
+      description = "Create /etc/atticd.env if missing";
+      before = [ "atticd.service" ];
+      wantedBy = [ "atticd.service" ];
+      unitConfig.ConditionPathExists = "!/etc/atticd.env";
+      serviceConfig = {
+        Type = "oneshot";
+        RemainAfterExit = true;
+        ExecStart = createEnvScript;
+      };
+    };
+
+  services.atticd = {
+    enable = true;
+    environmentFile = "/etc/atticd.env";
+    mode = "monolithic";
+
+    settings = {
+      api-endpoint = "https://attic.kjtsanaktsidis.id.au";
+      allowed-hosts = [ "attic.kjtsanaktsidis.id.au" ];
+      listen = "[::]:${builtins.toString atticdPort}";
+      jwt = { };
+      chunking = {
+        nar-size-threshold = 64 * 1024; # 64 KiB
+        min-size = 16 * 1024; # 16 KiB
+        avg-size = 64 * 1024; # 64 KiB
+        max-size = 256 * 1024; # 256 KiB
+      };
+      database = {
+        url = "sqlite:///var/lib/atticd/server.db";
+      };
+      storage = {
+        type = "local";
+        path = "/var/lib/atticd/storage";
+      };
+    };
+  };
+
+
+  services.nginx = {
+    virtualHosts."attic.kjtsanaktsidis.id.au" = {
+      forceSSL = true;
+      enableACME = true;
+      locations = {
+        "/" = {
+          proxyPass = "http://localhost:${builtins.toString atticdPort}";
+        };
+      };
+    };
+  };
+}
diff --git a/modules/buildbot.nix b/modules/buildbot.nix
new file mode 100644
index 0000000..6ace501
--- /dev/null
+++ b/modules/buildbot.nix
@@ -0,0 +1,27 @@
+{
+  config,
+  lib,
+  ...
+}:
+{
+  services.buildbot-master = {
+    enable = true;
+    home = "/var/lib/buildbot";
+    title = "KJ's NixOS buildbot";
+    port = 3214;
+    listenAddress = "::1";
+    buildbotUrl = "https://buildbot.kjtsanaktsidis.id.au/";
+  };
+
+  services.nginx = {
+    virtualHosts."buildbot.kjtsanaktsidis.id.au" = {
+      forceSSL = true;
+      enableACME = true;
+      locations = {
+        "/" = {
+          proxyPass = "http://localhost:${builtins.toString config.services.buildbot-master.port}";
+        };
+      };
+    };
+  };
+}