Install attic on sisko

2024-11-21 10:09:26 +01:00 · 2024-11-21 10:09:26 +01:00 · 24201d0db6
commit 24201d0db6
parent fa3a5e4ac4
5 changed files with 60 additions and 0 deletions
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -110,11 +110,13 @@
          "cloudflare-dyndns-api-token" = { };
          "restic-hetzner-password" = { };
          "hass-ssh-key".owner = "hass";
+          "sisko-attic-environment-file".owner = "atticd";
          "autistici-password" = {
            # FIXME terrible, should create a third ad-hoc group
            owner = "grafana";
            group = "forgejo";
          };
+
        };
      };
    };
--- a/hosts/sisko/default.nix
+++ b/hosts/sisko/default.nix
@ -30,6 +30,7 @@
      "immich"
      "paperless"
      "syncthing"
+      "atticd"
    ]
    ++ [
      ./disko.nix
--- a/modules/atticd/default.nix
+++ b/modules/atticd/default.nix
@ -0,0 +1,52 @@
+{ config, lib, ... }:
+{
+  services.atticd = {
+    enable = true;
+    settings = {
+      listen = "0.0.0.0:8081";
+      allowed-hosts = [ ]; # Allow all hosts
+      # api-endpoint = "https://cache.staging.mlabs.city/";
+      soft-delete-caches = false;
+      require-proof-of-possession = true;
+
+      database.url = "sqlite://${config.services.atticd.settings.storage.path}/server.db?mode=rwc";
+
+      storage = {
+        type = "local";
+        path = "/mnt/hd/atticd";
+      };
+
+      compression = {
+        level = 8;
+        type = "zstd";
+      };
+
+      chunking = {
+        nar-size-threshold = 64 * 1024; # 64 KiB
+        min-size = 16 * 1024; # 16 KiB
+        avg-size = 64 * 1024; # 64 KiB
+        max-size = 256 * 1024; # 256 KiB
+      };
+    };
+    environmentFile = config.age.secrets.sisko-attic-environment-file.path;
+  };
+
+  systemd.services.atticd = {
+    serviceConfig = {
+      DynamicUser = lib.mkForce false;
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "d config.services.atticd.settings.storage.path 770 atticd atticd"
+  ];
+
+  users = {
+    groups.atticd = { };
+    users.atticd = {
+      group = "atticd";
+      home = config.services.atticd.settings.storage.path;
+      isSystemUser = true;
+    };
+  };
+}
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -161,6 +161,11 @@ with keys.users;
    ccr-gpg
    sisko
  ];
+  "sisko-attic-environment-file.age".publicKeys = [
+    ccr-ssh
+    ccr-gpg
+    sisko
+  ];

  # WireGuard
  "picard-wireguard-private-key.age".publicKeys = [
--- a/secrets/sisko-attic-environment-file.age
+++ b/secrets/sisko-attic-environment-file.age