72 lines
1.6 KiB
Nix
72 lines
1.6 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.my.attic;
|
|
in
|
|
{
|
|
options.my.attic = {
|
|
enable = lib.mkEnableOption "attic";
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
services.atticd = {
|
|
enable = true;
|
|
environmentFile = config.sops.secrets."attic/env".path;
|
|
settings = {
|
|
listen = "[::]:8091";
|
|
api-endpoint = "https://cache.cy7.sh/";
|
|
allowed-hosts = [
|
|
"cache.cy7.sh"
|
|
"cdn.cy7.sh"
|
|
];
|
|
require-proof-of-possession = false;
|
|
compression = {
|
|
type = "none";
|
|
level = 3;
|
|
};
|
|
database.url = "postgresql:///atticd?host=/run/postgresql";
|
|
|
|
storage = {
|
|
type = "s3";
|
|
region = "us-east-1";
|
|
bucket = "attic";
|
|
# attic must be patched to never serve pre-signed s3 urls directly
|
|
# otherwise it will redirect clients to this localhost endpoint
|
|
endpoint = "http://127.0.0.1:3900";
|
|
};
|
|
|
|
garbage-collection = {
|
|
default-retention-period = "1 month";
|
|
};
|
|
|
|
chunking = {
|
|
# disable chunking since garage does its own
|
|
nar-size-threshold = 0;
|
|
# defaults
|
|
min-size = 16384;
|
|
avg-size = 65536;
|
|
max-size = 262144;
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd.services.atticd = {
|
|
requires = [ "garage.service" ];
|
|
after = [ "garage.service" ];
|
|
environment = {
|
|
RUST_LOG = "INFO";
|
|
};
|
|
};
|
|
|
|
services.caddy.virtualHosts."cache.cy7.sh" = {
|
|
serverAliases = [ "cdn.cy7.sh" ];
|
|
extraConfig = ''
|
|
import common
|
|
reverse_proxy localhost:8091
|
|
'';
|
|
};
|
|
};
|
|
}
|