Install attic on sisko
This commit is contained in:
parent
fa3a5e4ac4
commit
24201d0db6
SSH key fingerprint:
SHA256:/AagBweyV4Hlfg9u092n8hbHwD5fcB6A3qhDiDA65Rg
5 changed files with 60 additions and 0 deletions
|
|
@ -110,11 +110,13 @@
|
||||||
"cloudflare-dyndns-api-token" = { };
|
"cloudflare-dyndns-api-token" = { };
|
||||||
"restic-hetzner-password" = { };
|
"restic-hetzner-password" = { };
|
||||||
"hass-ssh-key".owner = "hass";
|
"hass-ssh-key".owner = "hass";
|
||||||
|
"sisko-attic-environment-file".owner = "atticd";
|
||||||
"autistici-password" = {
|
"autistici-password" = {
|
||||||
# FIXME terrible, should create a third ad-hoc group
|
# FIXME terrible, should create a third ad-hoc group
|
||||||
owner = "grafana";
|
owner = "grafana";
|
||||||
group = "forgejo";
|
group = "forgejo";
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -30,6 +30,7 @@
|
||||||
"immich"
|
"immich"
|
||||||
"paperless"
|
"paperless"
|
||||||
"syncthing"
|
"syncthing"
|
||||||
|
"atticd"
|
||||||
]
|
]
|
||||||
++ [
|
++ [
|
||||||
./disko.nix
|
./disko.nix
|
||||||
|
|
|
||||||
52
modules/atticd/default.nix
Normal file
52
modules/atticd/default.nix
Normal file
|
|
@ -0,0 +1,52 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
{
|
||||||
|
services.atticd = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
listen = "0.0.0.0:8081";
|
||||||
|
allowed-hosts = [ ]; # Allow all hosts
|
||||||
|
# api-endpoint = "https://cache.staging.mlabs.city/";
|
||||||
|
soft-delete-caches = false;
|
||||||
|
require-proof-of-possession = true;
|
||||||
|
|
||||||
|
database.url = "sqlite://${config.services.atticd.settings.storage.path}/server.db?mode=rwc";
|
||||||
|
|
||||||
|
storage = {
|
||||||
|
type = "local";
|
||||||
|
path = "/mnt/hd/atticd";
|
||||||
|
};
|
||||||
|
|
||||||
|
compression = {
|
||||||
|
level = 8;
|
||||||
|
type = "zstd";
|
||||||
|
};
|
||||||
|
|
||||||
|
chunking = {
|
||||||
|
nar-size-threshold = 64 * 1024; # 64 KiB
|
||||||
|
min-size = 16 * 1024; # 16 KiB
|
||||||
|
avg-size = 64 * 1024; # 64 KiB
|
||||||
|
max-size = 256 * 1024; # 256 KiB
|
||||||
|
};
|
||||||
|
};
|
||||||
|
environmentFile = config.age.secrets.sisko-attic-environment-file.path;
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.atticd = {
|
||||||
|
serviceConfig = {
|
||||||
|
DynamicUser = lib.mkForce false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d config.services.atticd.settings.storage.path 770 atticd atticd"
|
||||||
|
];
|
||||||
|
|
||||||
|
users = {
|
||||||
|
groups.atticd = { };
|
||||||
|
users.atticd = {
|
||||||
|
group = "atticd";
|
||||||
|
home = config.services.atticd.settings.storage.path;
|
||||||
|
isSystemUser = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -161,6 +161,11 @@ with keys.users;
|
||||||
ccr-gpg
|
ccr-gpg
|
||||||
sisko
|
sisko
|
||||||
];
|
];
|
||||||
|
"sisko-attic-environment-file.age".publicKeys = [
|
||||||
|
ccr-ssh
|
||||||
|
ccr-gpg
|
||||||
|
sisko
|
||||||
|
];
|
||||||
|
|
||||||
# WireGuard
|
# WireGuard
|
||||||
"picard-wireguard-private-key.age".publicKeys = [
|
"picard-wireguard-private-key.age".publicKeys = [
|
||||||
|
|
|
||||||
BIN
secrets/sisko-attic-environment-file.age
Normal file
BIN
secrets/sisko-attic-environment-file.age
Normal file
Binary file not shown.
Loading…
Add table
Reference in a new issue