cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add attic and rm tor

Browse source
This commit is contained in:
cy 2025-01-05 05:42:52 -05:00
parent acae190bcc
commit 5765243596
8 changed files with 232 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.sops.yaml
View file

@ -93,3 +93,9 @@ creation_rules:
- age:
- *yt
- *cy
- path_regex: secrets/services/attic.yaml
key_groups:
- age:
- *chunk
- *cy
- *yt

141
flake.lock generated
View file

@ -1,6 +1,52 @@
{
"nodes": {
"attic": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1731270564,
"narHash": "sha256-6KMC/NH/VWP5Eb+hA56hz0urel3jP6Y6cF2PX6xaTkk=",
"owner": "zhaofengli",
"repo": "attic",
"rev": "47752427561f1c34debb16728a210d378f0ece36",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "attic",
"type": "github"
}
},
"crane": {
"inputs": {
"nixpkgs": [
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722960479,
"narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=",
"owner": "ipetkov",
"repo": "crane",
"rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"crane_2": {
"inputs": {
"nixpkgs": [
"lanzaboote",
@ -58,7 +104,44 @@
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
@ -126,11 +209,11 @@
]
},
"locked": {
"lastModified": 1736013363,
"narHash": "sha256-P4lsS2Y5GzBfC8OfXtD/xWEucX6oHGTjOzjEjEJbXfc=",
"lastModified": 1736066484,
"narHash": "sha256-uTstP36WaFrw+TEHb8nLF14hFPzQBOhmIxzioHCDaL8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0d7908bd09165db6699908b7e3970f137327cbf0",
"rev": "5ad12b6ea06b84e48f6b677957c74f32d47bdee0",
"type": "github"
},
"original": {
@ -141,9 +224,9 @@
},
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"crane": "crane_2",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_2",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
@ -166,6 +249,27 @@
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729742964,
"narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735834308,
@ -215,6 +319,22 @@
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1724316499,
"narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1710695816,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
@ -241,7 +361,7 @@
"lanzaboote",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1717664902,
@ -259,6 +379,7 @@
},
"root": {
"inputs": {
"attic": "attic",
"disko": "disko",
"home-manager": "home-manager",
"lanzaboote": "lanzaboote",
@ -301,11 +422,11 @@
]
},
"locked": {
"lastModified": 1735844895,
"narHash": "sha256-CIRlqX9tBK2awJkmVu2cKuap/0QziDXStQZ/u/+e8Z4=",
"lastModified": 1736064798,
"narHash": "sha256-xJRN0FmX9QJ6+w8eIIIxzBU1AyQcLKJ1M/Gp6lnSD20=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "24d89184adf76d7ccc99e659dc5f3838efb5ee32",
"rev": "5dc08f9cc77f03b43aacffdfbc8316807773c930",
"type": "github"
},
"original": {

6
flake.nix
View file

@ -23,6 +23,10 @@
url = "github:nix-community/lanzaboote/v0.4.1";
inputs.nixpkgs.follows = "nixpkgs";
};
attic = {
url = "github:zhaofengli/attic";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs-borg.url = "github:cything/nixpkgs/borg"; # unmerged PR
nixpkgs-btrbk.url = "github:cything/nixpkgs/btrbk"; # unmerged PR
@ -138,10 +142,12 @@
modules = [
{
nixpkgs = { inherit pkgs; };
disabledModules = [ "services/networking/atticd.nix" ];
}
./hosts/chunk
inputs.sops-nix.nixosModules.sops
./modules
inputs.attic.nixosModules.atticd
];
};

5
hosts/chunk/Caddyfile
View file

@ -60,3 +60,8 @@ element.cything.io {
import common
reverse_proxy localhost:8089
}
cache.cything.io {
import common
reverse_proxy localhost:8090
}

32
hosts/chunk/attic.nix Normal file
View file

@ -0,0 +1,32 @@
{config, ...}:
{
services.atticd = {
enable = true;
environmentFile = config.sops.secrets."attic/env".path;
settings = {
listen = "[::]:8090";
api-endpoint = "https://cache.cything.io/";
allowed-hosts = [ "cache.cything.io" ];
jwt = { };
compression.type = "zstd";
storage = {
type = "s3";
region = "default";
bucket = "cy7";
endpoint = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com";
};
database.url = "postgresql://localhost/atticd";
chunking = {
nar-size-threshold = 64 * 1024; # 64 KiB
min-size = 16 * 1024; # 16 KiB
avg-size = 64 * 1024; # 64 KiB
max-size = 256 * 1024; # 256 KiB
};
};
};
}

5
hosts/chunk/default.nix
View file

@ -21,10 +21,10 @@
./vaultwarden.nix
./wireguard.nix
./grafana.nix
./tor.nix
./conduwuit.nix
./immich.nix
./element.nix
./attic.nix
];
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
@ -82,6 +82,9 @@
"rsyncnet/id_ed25519" = {
sopsFile = ../../secrets/de3911/chunk.yaml;
};
"attic/env" = {
sopsFile = ../../secrets/services/attic.yaml;
};
};
boot.loader.grub.enable = true;

15
hosts/chunk/postgres.nix
View file

@ -1,6 +1,5 @@
{
pkgs,
lib,
...
}:
{
@ -11,13 +10,15 @@
enableTCPIP = true;
ensureDatabases = [
"hedgedoc"
"atticd"
];
authentication = lib.mkForce ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
host all all 172.18.0.0/16 trust
'';
ensureUsers = [
{
name = "atticd";
ensureDBOwnership = true;
}
]
;
};
services.postgresqlBackup = {
enable = true;

40
secrets/services/attic.yaml Normal file
View file

@ -0,0 +1,40 @@
attic:
env: ENC[AES256_GCM,data:ytja+z0aidJcC4LoEIf8SiH2TwGgoPMxxLsBxkIT545BcG1axW9yKYWUEryGiHKVYBXv+oFwTA1cXZ22nutWuZQC08G8RI1zvrA/nDTGuCtS4dv8w8XA7nR5IxwFzT6Ss3dsWaRVVPQ/2ik9OkqCVPiBjjVnePZxt8Hp0GS0uiHDw9Vhxu8qeT/O,iv:FUpv79AAubveP6kiMPL+Vs+d1ULZ0PdJsOW5VIHvfPU=,tag:AoReDpnGlJ5dqCRtE10Kug==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6UVhaVWl5UVk5ZXRVNFZw
dGxGQmRNa0JKemlNUGZRVHVFcXpMam1KOVF3CkFOOVNGeWxVS2ltc1JuK3ptdVNz
MU1vU2FXMTlPSk4raW14WkNZK0VBMUkKLS0tIFdlRURkTFY2S3R3Y3FLMnhMN0kz
Tjk4dytPZHp1aUlvTW9kaFpITWFEb28Krb4mkHrWTylz6IQvnUU2UI+fZ9MffLE8
A4U8tXyRbwcEmEEmihS8wxUBpWdkb5+0+oryrSt8I79EKcMS7H8WtA==
-----END AGE ENCRYPTED FILE-----
- recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMa0pvaWRWS0JkdDJxYy9W
SHE3QnFnblNxOW5OWERlM2N4bnZYMWJnRFJZCjdobmlsSUNjakJtdEd6TkRZVktu
Q0xFaEF3bG92MzY4WVViK3Exc0JaRW8KLS0tIGJNd0FHbHF6WEJHdGF5bjNyTExn
MExyYlBQUFd2KzdQeHFRSTNpMUdtRFUKwqZCfN0JStIjLA7Fqjws/c5+WeVdtL6F
VNYzgbqg73hKOGJ8GoDsMLIkiz7LchyIUXP/vOgU45cMGfeut4tcJg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4UmhKMEZrcVlhcEZwdHd5
VG5NQmtxR0RKN0dLSlFndGt4emFLcEdhNGxjCktMYWlaaUppbStSRUhuMWgzS0Vm
Tzh3bitISldacms5UkcvRVVnSWs4YTAKLS0tIHA3S1NoMW4yK01EU2NlMGI4OFNq
ekFwNFp4dm9UeDU5WFU5SmJyY25lMEEKZquSaE2A4ZTSp8sNB5bjgUzdp8RtAHIH
xmbtfiMcLUv7J3FdGNwmSn9P9lYgzCVEZBjI0BCj/9JEm0eGFL8Vbw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-05T10:08:04Z"
mac: ENC[AES256_GCM,data:tLhSxXsNEh/q1IQqIQuwj2ols3QdwRSE/VBMXuNBkTDkuWQpShoq+qScGZPrDSWIYQujYLroLHv0jpc0r6n0q+SSuLRNJHZboKG/o08gMjmh5EGCoI0yDfxiUGehHjYJsoyeaDjjJozRgDP0qsAsAUNnW/Ny0lg2BF36jPJPu1E=,iv:eZtGrZbtkBr4NFGGn4ohrSjgeRi47WKxsNSu4H34YdI=,tag:3fp5L6COgy3j5PIMtkmxrw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2