forked from emily/nixfiles
44 lines
1.1 KiB
Nix
44 lines
1.1 KiB
Nix
{ config, inputs, ... }: {
|
|
imports = [
|
|
inputs.attic.nixosModules.atticd
|
|
];
|
|
sops.secrets."services/attic/credentialsFile" = {
|
|
sopsFile = ../../secrets/services/attic.yaml;
|
|
};
|
|
services.atticd = {
|
|
enable = true;
|
|
credentialsFile = config.sops.secrets."services/attic/credentialsFile".path;
|
|
settings = {
|
|
listen = "[::1]:8080";
|
|
allowed-hosts = [ "cache.kyouma.net" ];
|
|
api-endpoint = "https://cache.kyouma.net/";
|
|
chunking = {
|
|
nar-size-threshold = 1024 * 128;
|
|
min-size = 1024 * 64;
|
|
avg-size = 1024 * 128;
|
|
max-size = 1024 * 256;
|
|
};
|
|
database.url = "postgresql:///atticd?host=/run/postgresql";
|
|
garbage-collection = {
|
|
interval = "12 hours";
|
|
default-retention-period = "3 months";
|
|
};
|
|
};
|
|
};
|
|
services.postgresql = {
|
|
enable = true;
|
|
ensureDatabases = [ "atticd" ];
|
|
ensureUsers = [
|
|
{
|
|
name = "atticd";
|
|
ensureDBOwnership = true;
|
|
}
|
|
];
|
|
};
|
|
kyouma.nginx.virtualHosts."cache.kyouma.net" = {
|
|
locations."/" = {
|
|
proxyPass = "http://[::1]:8080";
|
|
};
|
|
};
|
|
security.acme.certs."cache.kyouma.net" = {};
|
|
}
|