add attic and rm tor

2025-01-05 05:42:52 -05:00 · 2025-01-05 05:42:52 -05:00 · 5765243596
commit 5765243596
parent acae190bcc
8 changed files with 232 additions and 18 deletions
--- a/hosts/chunk/Caddyfile
+++ b/hosts/chunk/Caddyfile
@ -60,3 +60,8 @@ element.cything.io {
  import common
  reverse_proxy localhost:8089
 }
+
+cache.cything.io {
+  import common
+  reverse_proxy localhost:8090
+}
--- a/hosts/chunk/attic.nix
+++ b/hosts/chunk/attic.nix
@ -0,0 +1,32 @@
+{config, ...}:
+{
+  services.atticd = {
+    enable = true;
+
+    environmentFile = config.sops.secrets."attic/env".path;
+
+    settings = {
+      listen = "[::]:8090";
+      api-endpoint = "https://cache.cything.io/";
+      allowed-hosts = [ "cache.cything.io" ];
+
+      jwt = { };
+
+      compression.type = "zstd";
+      storage = {
+        type = "s3";
+        region = "default";
+        bucket = "cy7";
+        endpoint = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com";
+      };
+      database.url = "postgresql://localhost/atticd";
+
+      chunking = {
+        nar-size-threshold = 64 * 1024; # 64 KiB
+        min-size = 16 * 1024; # 16 KiB
+        avg-size = 64 * 1024; # 64 KiB
+        max-size = 256 * 1024; # 256 KiB
+      };
+    };
+  };
+}
--- a/hosts/chunk/default.nix
+++ b/hosts/chunk/default.nix
@ -21,10 +21,10 @@
    ./vaultwarden.nix
    ./wireguard.nix
    ./grafana.nix
-    ./tor.nix
    ./conduwuit.nix
    ./immich.nix
    ./element.nix
+    ./attic.nix
  ];

  sops.age.keyFile = "/root/.config/sops/age/keys.txt";
@ -82,6 +82,9 @@
    "rsyncnet/id_ed25519" = {
      sopsFile = ../../secrets/de3911/chunk.yaml;
    };
+    "attic/env" = {
+      sopsFile = ../../secrets/services/attic.yaml;
+    };
  };

  boot.loader.grub.enable = true;
--- a/hosts/chunk/postgres.nix
+++ b/hosts/chunk/postgres.nix
@ -1,6 +1,5 @@
 {
  pkgs,
-  lib,
  ...
 }:
 {
@ -11,13 +10,15 @@
    enableTCPIP = true;
    ensureDatabases = [
      "hedgedoc"
+      "atticd"
    ];
-    authentication = lib.mkForce ''
-      local all all trust
-      host  all all 127.0.0.1/32 trust
-      host  all all ::1/128 trust
-      host  all all 172.18.0.0/16 trust
-    '';
+    ensureUsers = [
+      {
+        name = "atticd";
+        ensureDBOwnership = true;
+      }
+    ]
+    ;
  };
  services.postgresqlBackup = {
    enable = true;