feat: init attic binary cache
This commit is contained in:
parent
d8495ee3f9
commit
c51171a7b2
8 changed files with 179 additions and 9 deletions
137
flake.lock
137
flake.lock
|
@ -1,8 +1,62 @@
|
||||||
{
|
{
|
||||||
"nodes": {
|
"nodes": {
|
||||||
|
"attic": {
|
||||||
|
"inputs": {
|
||||||
|
"crane": "crane",
|
||||||
|
"flake-compat": "flake-compat",
|
||||||
|
"flake-utils": "flake-utils",
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1685309025,
|
||||||
|
"narHash": "sha256-pZxMM3AMP/ojwhrFD0A2ML4NOgehlBLGHseInnO5evc=",
|
||||||
|
"owner": "zhaofengli",
|
||||||
|
"repo": "attic",
|
||||||
|
"rev": "b1fb790b5f2afaaa1b2f7f18979b8318abe604bb",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "zhaofengli",
|
||||||
|
"repo": "attic",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"crane": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-compat": [
|
||||||
|
"attic",
|
||||||
|
"flake-compat"
|
||||||
|
],
|
||||||
|
"flake-utils": [
|
||||||
|
"attic",
|
||||||
|
"flake-utils"
|
||||||
|
],
|
||||||
|
"nixpkgs": [
|
||||||
|
"attic",
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"rust-overlay": "rust-overlay"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1677892403,
|
||||||
|
"narHash": "sha256-/Wi0L1spSWLFj+UQxN3j0mPYMoc7ZoAujpUF/juFVII=",
|
||||||
|
"owner": "ipetkov",
|
||||||
|
"repo": "crane",
|
||||||
|
"rev": "105e27adb70a9890986b6d543a67761cbc1964a2",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "ipetkov",
|
||||||
|
"repo": "crane",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"deploy-rs": {
|
"deploy-rs": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": "flake-compat",
|
"flake-compat": "flake-compat_2",
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
],
|
],
|
||||||
|
@ -43,6 +97,22 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-compat": {
|
"flake-compat": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1673956053,
|
||||||
|
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-compat_2": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1668681692,
|
"lastModified": 1668681692,
|
||||||
|
@ -59,6 +129,21 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-utils": {
|
"flake-utils": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1667395993,
|
||||||
|
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-utils_2": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems"
|
"systems": "systems"
|
||||||
},
|
},
|
||||||
|
@ -145,7 +230,7 @@
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
],
|
],
|
||||||
"rust-overlay": "rust-overlay"
|
"rust-overlay": "rust-overlay_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1685985608,
|
"lastModified": 1685985608,
|
||||||
|
@ -178,6 +263,22 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1685004253,
|
||||||
|
"narHash": "sha256-AbVL1nN/TDicUQ5wXZ8xdLERxz/eJr7+o8lqkIOVuaE=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "3e01645c40b92d29f3ae76344a6d654986a91a91",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixos-23.05",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs-stable_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1686392259,
|
"lastModified": 1686392259,
|
||||||
"narHash": "sha256-hqSS9hKhWldIZr1bBp9xKhIznnGPICGKzuehd2LH0UA=",
|
"narHash": "sha256-hqSS9hKhWldIZr1bBp9xKhIznnGPICGKzuehd2LH0UA=",
|
||||||
|
@ -195,6 +296,7 @@
|
||||||
},
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
|
"attic": "attic",
|
||||||
"deploy-rs": "deploy-rs",
|
"deploy-rs": "deploy-rs",
|
||||||
"disko": "disko",
|
"disko": "disko",
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
|
@ -206,7 +308,34 @@
|
||||||
},
|
},
|
||||||
"rust-overlay": {
|
"rust-overlay": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-utils": "flake-utils",
|
"flake-utils": [
|
||||||
|
"attic",
|
||||||
|
"crane",
|
||||||
|
"flake-utils"
|
||||||
|
],
|
||||||
|
"nixpkgs": [
|
||||||
|
"attic",
|
||||||
|
"crane",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1675391458,
|
||||||
|
"narHash": "sha256-ukDKZw922BnK5ohL9LhwtaDAdCsJL7L6ScNEyF1lO9w=",
|
||||||
|
"owner": "oxalica",
|
||||||
|
"repo": "rust-overlay",
|
||||||
|
"rev": "383a4acfd11d778d5c2efcf28376cbd845eeaedf",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "oxalica",
|
||||||
|
"repo": "rust-overlay",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"rust-overlay_2": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-utils": "flake-utils_2",
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"ironbar",
|
"ironbar",
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
|
@ -231,7 +360,7 @@
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
],
|
],
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1686453485,
|
"lastModified": 1686453485,
|
||||||
|
|
|
@ -29,6 +29,10 @@
|
||||||
url = "github:JakeStanger/ironbar";
|
url = "github:JakeStanger/ironbar";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
attic = {
|
||||||
|
url = "github:zhaofengli/attic";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
outputs = {nixpkgs, ...} @ inputs: let
|
outputs = {nixpkgs, ...} @ inputs: let
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
|
|
|
@ -5,6 +5,7 @@ inputs: let
|
||||||
diskoModule = inputs.disko.nixosModules.disko;
|
diskoModule = inputs.disko.nixosModules.disko;
|
||||||
hyprlandModule = inputs.hyprland.homeManagerModules.default;
|
hyprlandModule = inputs.hyprland.homeManagerModules.default;
|
||||||
ironbarModule = inputs.ironbar.homeManagerModules.default;
|
ironbarModule = inputs.ironbar.homeManagerModules.default;
|
||||||
|
atticdModule = inputs.attic.nixosModules.atticd;
|
||||||
inherit (inputs.nixpkgs.lib) nixosSystem;
|
inherit (inputs.nixpkgs.lib) nixosSystem;
|
||||||
in {
|
in {
|
||||||
tsuki = nixosSystem {
|
tsuki = nixosSystem {
|
||||||
|
@ -39,6 +40,7 @@ in {
|
||||||
sopsModule
|
sopsModule
|
||||||
diskoModule
|
diskoModule
|
||||||
hmModule
|
hmModule
|
||||||
|
atticdModule
|
||||||
{
|
{
|
||||||
home-manager = {
|
home-manager = {
|
||||||
useGlobalPkgs = true;
|
useGlobalPkgs = true;
|
||||||
|
|
25
hosts/sakura/services/atticd.nix
Normal file
25
hosts/sakura/services/atticd.nix
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
{config, ...}: {
|
||||||
|
sops.secrets.attic-jwt-secret = {};
|
||||||
|
services.atticd = {
|
||||||
|
enable = true;
|
||||||
|
credentialsFile = config.sops.secrets.attic-jwt-secret.path;
|
||||||
|
settings = {
|
||||||
|
listen = "[::]:8100";
|
||||||
|
allowed-hosts = ["cache.notohh.dev"];
|
||||||
|
api-endpoint = "https://cache.notohh.dev";
|
||||||
|
chunking = {
|
||||||
|
nar-size-threshold = 64 * 1024; # 64 KiB
|
||||||
|
|
||||||
|
min-size = 16 * 1024; # 16 KiB
|
||||||
|
|
||||||
|
avg-size = 64 * 1024; # 64 KiB
|
||||||
|
|
||||||
|
max-size = 256 * 1024; # 256 KiB
|
||||||
|
};
|
||||||
|
garbage-collection = {
|
||||||
|
interval = "12 hours";
|
||||||
|
default-retention-period = "2 weeks";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -12,5 +12,6 @@
|
||||||
./grafana.nix
|
./grafana.nix
|
||||||
./prometheus.nix
|
./prometheus.nix
|
||||||
./woodpecker.nix
|
./woodpecker.nix
|
||||||
|
./atticd.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -81,6 +81,13 @@
|
||||||
tls.domains = [{main = "*.notohh.dev";}];
|
tls.domains = [{main = "*.notohh.dev";}];
|
||||||
tls.certresolver = "production";
|
tls.certresolver = "production";
|
||||||
};
|
};
|
||||||
|
atticd = {
|
||||||
|
rule = "Host(`cache.notohh.dev`)";
|
||||||
|
entrypoints = ["websecure"];
|
||||||
|
service = "atticd";
|
||||||
|
tls.domains = [{main = "*.notohh.dev";}];
|
||||||
|
tls.certresolver = "production";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
services = {
|
services = {
|
||||||
homepage.loadBalancer.servers = [{url = "http://localhost:3005";}];
|
homepage.loadBalancer.servers = [{url = "http://localhost:3005";}];
|
||||||
|
@ -92,7 +99,8 @@
|
||||||
gitea.loadBalancer.servers = [{url = "http://localhost:3200";}];
|
gitea.loadBalancer.servers = [{url = "http://localhost:3200";}];
|
||||||
rustypaste.loadBalancer.servers = [{url = "http://localhost:8000";}];
|
rustypaste.loadBalancer.servers = [{url = "http://localhost:8000";}];
|
||||||
grafana.loadBalancer.servers = [{url = "http://localhost:3100";}];
|
grafana.loadBalancer.servers = [{url = "http://localhost:3100";}];
|
||||||
woodpecker-server.loadBalancer.servers = [{url = "http://localhost:8006";}];
|
woodpecker-server.loadBalancer.servers = [{url = "http://localhost:8200";}];
|
||||||
|
atticd.loadBalancer.servers = [{url = "http://localhost:8100";}];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
services.woodpecker-server = {
|
services.woodpecker-server = {
|
||||||
enable = true;
|
enable = true;
|
||||||
environment = {
|
environment = {
|
||||||
WOODPECKER_SERVER_ADDR = ":8006";
|
WOODPECKER_SERVER_ADDR = ":8200";
|
||||||
WOODPECKER_HOST = "https://ci.notohh.dev";
|
WOODPECKER_HOST = "https://ci.notohh.dev";
|
||||||
WOODPECKER_OPEN = "false";
|
WOODPECKER_OPEN = "false";
|
||||||
WOODPECKER_GITEA = "true";
|
WOODPECKER_GITEA = "true";
|
||||||
|
@ -19,7 +19,7 @@
|
||||||
environment = {
|
environment = {
|
||||||
DOCKER_HOST = "unix:///var/run/docker.sock";
|
DOCKER_HOST = "unix:///var/run/docker.sock";
|
||||||
WOODPECKER_BACKEND = "docker";
|
WOODPECKER_BACKEND = "docker";
|
||||||
WOODPECKER_SERVER = "localhost:8006";
|
WOODPECKER_SERVER = "localhost:8200";
|
||||||
WOODPECKER_AGENT_SECRET = config.sops.secrets.woodpecker-agent-secret.path;
|
WOODPECKER_AGENT_SECRET = config.sops.secrets.woodpecker-agent-secret.path;
|
||||||
};
|
};
|
||||||
extraGroups = [
|
extraGroups = [
|
||||||
|
|
|
@ -5,6 +5,7 @@ rusty-auth-token: ENC[AES256_GCM,data:FZ1bC6wijkHPII2AlYnDq9P6pFq2qWVo,iv:92ZH8N
|
||||||
restic-repo-pwd: ENC[AES256_GCM,data:wan4U/w6417NWnbTTe7ID4y6Dv+bs0D3Fvw9ur6gIdU=,iv:4B5ihL5/QiNObqZwLwo4Sd33zx4pqRWszdzdutvK6a0=,tag:KqU5sSpPG8n6qHxxJUpDTg==,type:str]
|
restic-repo-pwd: ENC[AES256_GCM,data:wan4U/w6417NWnbTTe7ID4y6Dv+bs0D3Fvw9ur6gIdU=,iv:4B5ihL5/QiNObqZwLwo4Sd33zx4pqRWszdzdutvK6a0=,tag:KqU5sSpPG8n6qHxxJUpDTg==,type:str]
|
||||||
woodpecker-server: ENC[AES256_GCM,data:elB9cO9bM3B4aRadcma42tz5TFdXRPN4RS71PDfqKqBUuzCCZBZuyRqKYdCFQQkNsuLAIqKovuCcARnn5BKBEasbPUY4ykI3UG8wo9mQ9q5J73EL9aRFYeSZMpyN64hsrzD84kKlOHIYsEbpJhANYiAEyZzVbuxZTrvEHDu0cO0NkEvrE3ync7FYyROxsQ==,iv:dGnoqXIJZchPqXpXgMyFTHBqFPfwDfqzAG9db1/UngY=,tag:Dr3zqde0Q1QB1VUh1BAlbQ==,type:str]
|
woodpecker-server: ENC[AES256_GCM,data:elB9cO9bM3B4aRadcma42tz5TFdXRPN4RS71PDfqKqBUuzCCZBZuyRqKYdCFQQkNsuLAIqKovuCcARnn5BKBEasbPUY4ykI3UG8wo9mQ9q5J73EL9aRFYeSZMpyN64hsrzD84kKlOHIYsEbpJhANYiAEyZzVbuxZTrvEHDu0cO0NkEvrE3ync7FYyROxsQ==,iv:dGnoqXIJZchPqXpXgMyFTHBqFPfwDfqzAG9db1/UngY=,tag:Dr3zqde0Q1QB1VUh1BAlbQ==,type:str]
|
||||||
woodpecker-agent-secret: ENC[AES256_GCM,data:Xfz8OEQqcqeb9zi531zhfitbDbfxtVAsf4JFmmqpAL9rMsQwRl8vWVp3m23yEl6F5f67+Bf26GAlPwWT8hVCAA==,iv:fCoBgR1L1niZaa/HCCfJTsrJvOrlGv0Fa7zcTL6s118=,tag:SOE/4MOp6tx+eTr4vrxxGA==,type:str]
|
woodpecker-agent-secret: ENC[AES256_GCM,data:Xfz8OEQqcqeb9zi531zhfitbDbfxtVAsf4JFmmqpAL9rMsQwRl8vWVp3m23yEl6F5f67+Bf26GAlPwWT8hVCAA==,iv:fCoBgR1L1niZaa/HCCfJTsrJvOrlGv0Fa7zcTL6s118=,tag:SOE/4MOp6tx+eTr4vrxxGA==,type:str]
|
||||||
|
attic-jwt-secret: ENC[AES256_GCM,data:eWXD/WAsU5j8BAnbrY5U9wvtM2neQ3I4148FRPOg1UhoIeaXOf5WkKLcMHyGw3MLNzHrYYoe+PyPw8r1qrOigo7mY8zoa7X0vnga56xkvspfBBGp8MoSaNEPwcLFrAlINfIDLxZBg0LvEhQU+z2yPBBTOjls7ofUKrq5hbWuiA==,iv:l5gdqPPK+loR2R69sohu24bu+PPgXRX+ie/pDLho+60=,tag:4Mld1IMMaOjUKj7fHpNTyw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -20,8 +21,8 @@ sops:
|
||||||
YWNQcURKMSs2U0pOa3E0cTdCZ3RnalkKGayA7DBUQS+kn+6OYVBc6oTunF0qeZdt
|
YWNQcURKMSs2U0pOa3E0cTdCZ3RnalkKGayA7DBUQS+kn+6OYVBc6oTunF0qeZdt
|
||||||
5b9DLHgh0HRWFm09XGSOog8K315d93Wzblw1My1/dXeEQX/ryinqUQ==
|
5b9DLHgh0HRWFm09XGSOog8K315d93Wzblw1My1/dXeEQX/ryinqUQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-06-11T09:51:59Z"
|
lastmodified: "2023-06-11T23:40:00Z"
|
||||||
mac: ENC[AES256_GCM,data:v6psESfO90ppdjIcRTifR/+RElpruIxcKPi0YNwCfmceMkqxnB0O/VkxcQGy7HE2fxMZFwZxaonT050wG3AnDX+DzOZqVQifoBzV/g4ig/EPrjAUs0dFWfS0s4AzwcKiy9CXV4DpP+AlY/lnUozfo+X1k/YiOrcXQuq0/1Nd1rE=,iv:SqDDWchnG2EVhjhYg8QcqhtlG8tgg1liqcZKvS4lyRs=,tag:8OgxsOs6GrseCbOKD1bOWQ==,type:str]
|
mac: ENC[AES256_GCM,data:IrvlGM5tUSccbjeEmsjyug1dh2QPM2xIKdD/K7TDPGAlWq/ik8fmjz+l5wefsi1x4me37CImNBrYVX6oIA4686gbxRTvLI52SxZBGwBKnP0iIjIn6Ja72d+TH01LX+QDRbr+kdTh1AO5YpMZHC+sDLRcr7swIwrzD2bS7G4/LxQ=,iv:oJ+Q7SKGFPkIEdU55szDIgGZgu1hpXM1AcLxkOKTthI=,tag:NqQ82X0FeH+KzRM5OTR1UQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.7.3
|
version: 3.7.3
|
||||||
|
|
Loading…
Reference in a new issue