diff --git a/flake.lock b/flake.lock index 340c687..7a57097 100755 --- a/flake.lock +++ b/flake.lock @@ -1,8 +1,62 @@ { "nodes": { + "attic": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1685309025, + "narHash": "sha256-pZxMM3AMP/ojwhrFD0A2ML4NOgehlBLGHseInnO5evc=", + "owner": "zhaofengli", + "repo": "attic", + "rev": "b1fb790b5f2afaaa1b2f7f18979b8318abe604bb", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "attic", + "type": "github" + } + }, + "crane": { + "inputs": { + "flake-compat": [ + "attic", + "flake-compat" + ], + "flake-utils": [ + "attic", + "flake-utils" + ], + "nixpkgs": [ + "attic", + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1677892403, + "narHash": "sha256-/Wi0L1spSWLFj+UQxN3j0mPYMoc7ZoAujpUF/juFVII=", + "owner": "ipetkov", + "repo": "crane", + "rev": "105e27adb70a9890986b6d543a67761cbc1964a2", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "deploy-rs": { "inputs": { - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "nixpkgs": [ "nixpkgs" ], @@ -43,6 +97,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1668681692, @@ -59,6 +129,21 @@ } }, "flake-utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "inputs": { "systems": "systems" }, @@ -145,7 +230,7 @@ "nixpkgs": [ "nixpkgs" ], - "rust-overlay": "rust-overlay" + "rust-overlay": "rust-overlay_2" }, "locked": { "lastModified": 1685985608, @@ -178,6 +263,22 @@ } }, "nixpkgs-stable": { + "locked": { + "lastModified": 1685004253, + "narHash": "sha256-AbVL1nN/TDicUQ5wXZ8xdLERxz/eJr7+o8lqkIOVuaE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3e01645c40b92d29f3ae76344a6d654986a91a91", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { "locked": { "lastModified": 1686392259, "narHash": "sha256-hqSS9hKhWldIZr1bBp9xKhIznnGPICGKzuehd2LH0UA=", @@ -195,6 +296,7 @@ }, "root": { "inputs": { + "attic": "attic", "deploy-rs": "deploy-rs", "disko": "disko", "home-manager": "home-manager", @@ -206,7 +308,34 @@ }, "rust-overlay": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": [ + "attic", + "crane", + "flake-utils" + ], + "nixpkgs": [ + "attic", + "crane", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1675391458, + "narHash": "sha256-ukDKZw922BnK5ohL9LhwtaDAdCsJL7L6ScNEyF1lO9w=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "383a4acfd11d778d5c2efcf28376cbd845eeaedf", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_2": { + "inputs": { + "flake-utils": "flake-utils_2", "nixpkgs": [ "ironbar", "nixpkgs" @@ -231,7 +360,7 @@ "nixpkgs": [ "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { "lastModified": 1686453485, diff --git a/flake.nix b/flake.nix index 36b7324..63ffb3f 100755 --- a/flake.nix +++ b/flake.nix @@ -29,6 +29,10 @@ url = "github:JakeStanger/ironbar"; inputs.nixpkgs.follows = "nixpkgs"; }; + attic = { + url = "github:zhaofengli/attic"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = {nixpkgs, ...} @ inputs: let system = "x86_64-linux"; diff --git a/hosts/default.nix b/hosts/default.nix index ef55469..8f5b23f 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -5,6 +5,7 @@ inputs: let diskoModule = inputs.disko.nixosModules.disko; hyprlandModule = inputs.hyprland.homeManagerModules.default; ironbarModule = inputs.ironbar.homeManagerModules.default; + atticdModule = inputs.attic.nixosModules.atticd; inherit (inputs.nixpkgs.lib) nixosSystem; in { tsuki = nixosSystem { @@ -39,6 +40,7 @@ in { sopsModule diskoModule hmModule + atticdModule { home-manager = { useGlobalPkgs = true; diff --git a/hosts/sakura/services/atticd.nix b/hosts/sakura/services/atticd.nix new file mode 100644 index 0000000..8cd27b3 --- /dev/null +++ b/hosts/sakura/services/atticd.nix @@ -0,0 +1,25 @@ +{config, ...}: { + sops.secrets.attic-jwt-secret = {}; + services.atticd = { + enable = true; + credentialsFile = config.sops.secrets.attic-jwt-secret.path; + settings = { + listen = "[::]:8100"; + allowed-hosts = ["cache.notohh.dev"]; + api-endpoint = "https://cache.notohh.dev"; + chunking = { + nar-size-threshold = 64 * 1024; # 64 KiB + + min-size = 16 * 1024; # 16 KiB + + avg-size = 64 * 1024; # 64 KiB + + max-size = 256 * 1024; # 256 KiB + }; + garbage-collection = { + interval = "12 hours"; + default-retention-period = "2 weeks"; + }; + }; + }; +} diff --git a/hosts/sakura/services/default.nix b/hosts/sakura/services/default.nix index ee341ce..19ed261 100644 --- a/hosts/sakura/services/default.nix +++ b/hosts/sakura/services/default.nix @@ -12,5 +12,6 @@ ./grafana.nix ./prometheus.nix ./woodpecker.nix + ./atticd.nix ]; } diff --git a/hosts/sakura/services/traefik.nix b/hosts/sakura/services/traefik.nix index 10dc138..eceaa72 100644 --- a/hosts/sakura/services/traefik.nix +++ b/hosts/sakura/services/traefik.nix @@ -81,6 +81,13 @@ tls.domains = [{main = "*.notohh.dev";}]; tls.certresolver = "production"; }; + atticd = { + rule = "Host(`cache.notohh.dev`)"; + entrypoints = ["websecure"]; + service = "atticd"; + tls.domains = [{main = "*.notohh.dev";}]; + tls.certresolver = "production"; + }; }; services = { homepage.loadBalancer.servers = [{url = "http://localhost:3005";}]; @@ -92,7 +99,8 @@ gitea.loadBalancer.servers = [{url = "http://localhost:3200";}]; rustypaste.loadBalancer.servers = [{url = "http://localhost:8000";}]; grafana.loadBalancer.servers = [{url = "http://localhost:3100";}]; - woodpecker-server.loadBalancer.servers = [{url = "http://localhost:8006";}]; + woodpecker-server.loadBalancer.servers = [{url = "http://localhost:8200";}]; + atticd.loadBalancer.servers = [{url = "http://localhost:8100";}]; }; }; }; diff --git a/hosts/sakura/services/woodpecker.nix b/hosts/sakura/services/woodpecker.nix index b4ea642..d23d50c 100644 --- a/hosts/sakura/services/woodpecker.nix +++ b/hosts/sakura/services/woodpecker.nix @@ -4,7 +4,7 @@ services.woodpecker-server = { enable = true; environment = { - WOODPECKER_SERVER_ADDR = ":8006"; + WOODPECKER_SERVER_ADDR = ":8200"; WOODPECKER_HOST = "https://ci.notohh.dev"; WOODPECKER_OPEN = "false"; WOODPECKER_GITEA = "true"; @@ -19,7 +19,7 @@ environment = { DOCKER_HOST = "unix:///var/run/docker.sock"; WOODPECKER_BACKEND = "docker"; - WOODPECKER_SERVER = "localhost:8006"; + WOODPECKER_SERVER = "localhost:8200"; WOODPECKER_AGENT_SECRET = config.sops.secrets.woodpecker-agent-secret.path; }; extraGroups = [ diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index fcd93ae..43c0593 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -5,6 +5,7 @@ rusty-auth-token: ENC[AES256_GCM,data:FZ1bC6wijkHPII2AlYnDq9P6pFq2qWVo,iv:92ZH8N restic-repo-pwd: ENC[AES256_GCM,data:wan4U/w6417NWnbTTe7ID4y6Dv+bs0D3Fvw9ur6gIdU=,iv:4B5ihL5/QiNObqZwLwo4Sd33zx4pqRWszdzdutvK6a0=,tag:KqU5sSpPG8n6qHxxJUpDTg==,type:str] woodpecker-server: ENC[AES256_GCM,data:elB9cO9bM3B4aRadcma42tz5TFdXRPN4RS71PDfqKqBUuzCCZBZuyRqKYdCFQQkNsuLAIqKovuCcARnn5BKBEasbPUY4ykI3UG8wo9mQ9q5J73EL9aRFYeSZMpyN64hsrzD84kKlOHIYsEbpJhANYiAEyZzVbuxZTrvEHDu0cO0NkEvrE3ync7FYyROxsQ==,iv:dGnoqXIJZchPqXpXgMyFTHBqFPfwDfqzAG9db1/UngY=,tag:Dr3zqde0Q1QB1VUh1BAlbQ==,type:str] woodpecker-agent-secret: ENC[AES256_GCM,data:Xfz8OEQqcqeb9zi531zhfitbDbfxtVAsf4JFmmqpAL9rMsQwRl8vWVp3m23yEl6F5f67+Bf26GAlPwWT8hVCAA==,iv:fCoBgR1L1niZaa/HCCfJTsrJvOrlGv0Fa7zcTL6s118=,tag:SOE/4MOp6tx+eTr4vrxxGA==,type:str] +attic-jwt-secret: ENC[AES256_GCM,data:eWXD/WAsU5j8BAnbrY5U9wvtM2neQ3I4148FRPOg1UhoIeaXOf5WkKLcMHyGw3MLNzHrYYoe+PyPw8r1qrOigo7mY8zoa7X0vnga56xkvspfBBGp8MoSaNEPwcLFrAlINfIDLxZBg0LvEhQU+z2yPBBTOjls7ofUKrq5hbWuiA==,iv:l5gdqPPK+loR2R69sohu24bu+PPgXRX+ie/pDLho+60=,tag:4Mld1IMMaOjUKj7fHpNTyw==,type:str] sops: kms: [] gcp_kms: [] @@ -20,8 +21,8 @@ sops: YWNQcURKMSs2U0pOa3E0cTdCZ3RnalkKGayA7DBUQS+kn+6OYVBc6oTunF0qeZdt 5b9DLHgh0HRWFm09XGSOog8K315d93Wzblw1My1/dXeEQX/ryinqUQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-06-11T09:51:59Z" - mac: ENC[AES256_GCM,data:v6psESfO90ppdjIcRTifR/+RElpruIxcKPi0YNwCfmceMkqxnB0O/VkxcQGy7HE2fxMZFwZxaonT050wG3AnDX+DzOZqVQifoBzV/g4ig/EPrjAUs0dFWfS0s4AzwcKiy9CXV4DpP+AlY/lnUozfo+X1k/YiOrcXQuq0/1Nd1rE=,iv:SqDDWchnG2EVhjhYg8QcqhtlG8tgg1liqcZKvS4lyRs=,tag:8OgxsOs6GrseCbOKD1bOWQ==,type:str] + lastmodified: "2023-06-11T23:40:00Z" + mac: ENC[AES256_GCM,data:IrvlGM5tUSccbjeEmsjyug1dh2QPM2xIKdD/K7TDPGAlWq/ik8fmjz+l5wefsi1x4me37CImNBrYVX6oIA4686gbxRTvLI52SxZBGwBKnP0iIjIn6Ja72d+TH01LX+QDRbr+kdTh1AO5YpMZHC+sDLRcr7swIwrzD2bS7G4/LxQ=,iv:oJ+Q7SKGFPkIEdU55szDIgGZgu1hpXM1AcLxkOKTthI=,tag:NqQ82X0FeH+KzRM5OTR1UQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3