nixfiles/config/services/attic.nix

{ config, inputs, ... }: {
  imports = [
    inputs.attic.nixosModules.atticd
  ];
  sops.secrets."services/attic/credentialsFile" = {
    sopsFile = ../../secrets/services/attic.yaml;
  };
  services.atticd = {
    enable = true;
    credentialsFile = config.sops.secrets."services/attic/credentialsFile".path;
    settings = {
      listen = "[::1]:8080"; 
      allowed-hosts = [ "cache.kyouma.net" ];
      api-endpoint = "https://cache.kyouma.net/";
      chunking = {
        nar-size-threshold = 1024 * 128;
        min-size = 1024 * 64;
        avg-size = 1024 * 128;
        max-size = 1024 * 256;
      };
      database.url = "postgresql:///atticd?host=/run/postgresql";
      garbage-collection = {
        interval = "12 hours";
        default-retention-period = "3 months";
      };
    };
  };
  services.postgresql = {
    enable = true;
    ensureDatabases = [ "atticd" ];
    ensureUsers = [
      {
        name = "atticd";
        ensureDBOwnership = true;
      }
    ];
  };
  kyouma.nginx.virtualHosts."cache.kyouma.net" = {
    locations."/" = {
      proxyPass = "http://[::1]:8080";
    };
  };
  security.acme.certs."cache.kyouma.net" = {};
}