feat: add attic nix cache

icecreammatt · Feb 3, 2024 · ebc6d90 · ebc6d90
1 parent e753198
commit ebc6d90
Show file tree

Hide file tree

Showing 7 changed files with 167 additions and 7 deletions.
diff --git a/.secrets/.sops.yaml b/.secrets/.sops.yaml
@@ -15,6 +15,10 @@ creation_rules:
     key_groups:
     - age:
       - *primary
+  - path_regex: .secrets/attic.ini$
+    key_groups:
+    - age:
+      - *primary
   - path_regex: .secrets/woodpecker.ini$
     key_groups:
     - age:

diff --git a/.secrets/attic.ini b/.secrets/attic.ini
@@ -0,0 +1,9 @@
+ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64 = ENC[AES256_GCM,data:SisQvE+Mur6+fsUiEA089sBre5upEfGDzsqN3XqDYes+uKgMv4hhplsJwu2R0z45fSS2EKdr3fl3T9imUZEuAirpReiOuaB0lr+dvy+bajYH1SHDbCQSOA==,iv:Ii9+19YK+rS6IrrP56DvJTabM3xHSpTcnWPc5Q6VeBg=,tag:ejbXCZSazzb/stsTGhRXnw==,type:str]
+
+[sops]
+age__list_0__map_recipient = age1m6p5fqprcepsuwdntzw2khdgstmd28y2us3xvdeqqflz7s5yf34sydejuz
+unencrypted_suffix         = _unencrypted
+version                    = 3.8.1
+age__list_0__map_enc       = -----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIeDBxVXdTNWZMWHpBYUJI\nZjY4Y0c4bkNXMjJIYmJTU1dXVmNHQ3pQMUU4CmFnY0lyQTJMQ3BveWVwemt3V0Vp\nVllrZVdGdWRzbXpVSkNlR3hsWmVkWkEKLS0tIEhrUDYzeElRV0JJRWlETlhjbzZs\nOVN3WDA2VjlPZkMwOTZ4M3hST1BVUHMKCclaEUCx3lEAjoRtJ6f7aibOUNOmjkfR\nZY/cfsNKk7yoLiTOmuPdWuuyRFEXCreh45FwBE1EnuoMqiS1oBROHA==\n-----END AGE ENCRYPTED FILE-----\n
+lastmodified               = 2024-02-02T09:53:18Z
+mac                        = ENC[AES256_GCM,data:fDVvoogTzh+s20BpRGMjacwKnNrGpuf9/6yX52QfWwVX7weDQ/7fDiR33pIAofz3RPYLqh3Go6fsTzwzRgOoHGmqD7tW6iRVREDTkrpuiBzd1pmbdtrUCoEsir/GeTsBJOr10KV0kUxSbw2TVyxviT6tPlJW1P/Sovd2ss7Uy/4=,iv:i6pX1IsPGWg3sPG56d4O5TVHQsDUv24U8yXVatenkA0=,tag:tbxkOsvzs9boGkOR6Qar7Q==,type:str]
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -39,6 +39,11 @@
       url = "github:icecreammatt/helix/refs/tags/2024-01-29";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    attic = {
+      url = "github:zhaofengli/attic";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs = inputs @ {
@@ -51,13 +56,14 @@
     sops-nix,
     helix-flake,
     xremap-flake,
+    attic,
     ...
   }: {
     # Gaming PC, VM, Raspberry Pi
     nixosConfigurations = (
       import ./hosts/nixos {
         inherit (nixpkgs) lib;
-        inherit inputs nixpkgs nixos-hardware home-manager hyprland sops-nix helix-flake;
+        inherit inputs nixpkgs nixos-hardware home-manager hyprland sops-nix helix-flake attic;
       }
     );
 

diff --git a/hosts/nixos/default.nix b/hosts/nixos/default.nix
@@ -7,6 +7,7 @@
   hyprland,
   helix-flake,
   sops-nix,
+  attic,
   ...
 }: let
   user = "matt";
@@ -158,6 +159,7 @@ in {
           helix-flake.packages."x86_64-linux".default
         ];
       }
+      attic.nixosModules.atticd
       sops-nix.nixosModules.sops
       home-manager.nixosModules.home-manager
       {

diff --git a/hosts/nixos/mini/caddy.nix b/hosts/nixos/mini/caddy.nix
@@ -56,6 +56,12 @@ in {
       ${reverse_proxy_string 8081}
     '';
 
+    virtualHosts."attic.${domain}".extraConfig = ''
+      ${tlsConfig}
+
+      ${reverse_proxy_string 8072}
+    '';
+
     # Silverbullet
     virtualHosts."notes.${domain}".extraConfig = ''
       ${tlsConfig}

diff --git a/hosts/nixos/mini/configuration.nix b/hosts/nixos/mini/configuration.nix
@@ -55,6 +55,46 @@
     print-manager
   ];
 
+  sops.secrets."attic/ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64" = {
+    sopsFile = ../../../.secrets/attic.ini;
+    format = "ini";
+  };
+
+  services.atticd = {
+    enable = true;
+
+    # Replace with absolute path to your credentials file
+    # credentialsFile = "/etc/atticd.env";
+    credentialsFile = config.sops.secrets."attic/ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64".path; # "/path/to/my/secrets/file";
+
+    settings = {
+      listen = "127.0.0.1:8072";
+
+      # Data chunking
+      #
+      # Warning: If you change any of the values here, it will be
+      # difficult to reuse existing chunks for newly-uploaded NARs
+      # since the cutpoints will be different. As a result, the
+      # deduplication ratio will suffer for a while after the change.
+      chunking = {
+        # The minimum NAR size to trigger chunking
+        #
+        # If 0, chunking is disabled entirely for newly-uploaded NARs.
+        # If 1, all NARs are chunked.
+        nar-size-threshold = 64 * 1024; # 64 KiB
+
+        # The preferred minimum size of a chunk, in bytes
+        min-size = 16 * 1024; # 16 KiB
+
+        # The preferred average size of a chunk, in bytes
+        avg-size = 64 * 1024; # 64 KiB
+
+        # The preferred maximum size of a chunk, in bytes
+        max-size = 256 * 1024; # 256 KiB
+      };
+    };
+  };
+
   systemd.timers."gauge-check" = {
     wantedBy = ["timers.target"];
     timerConfig = {