notohh/snowflake
notohh/snowflake
1
0
Fork 0
Code Issues Pull requests Projects 1 Releases Packages Wiki Activity

feat: init attic binary cache

Browse source
This commit is contained in:
notohh 2023-06-12 00:04:26 -04:00
parent d8495ee3f9
commit c51171a7b2
Signed by: notohh
GPG key ID: BD47506D475EE86D
8 changed files with 179 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

137
flake.lock
View file

@ -1,8 +1,62 @@
{ {
"nodes": { "nodes": {
"attic": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1685309025,
"narHash": "sha256-pZxMM3AMP/ojwhrFD0A2ML4NOgehlBLGHseInnO5evc=",
"owner": "zhaofengli",
"repo": "attic",
"rev": "b1fb790b5f2afaaa1b2f7f18979b8318abe604bb",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "attic",
"type": "github"
}
},
"crane": {
"inputs": {
"flake-compat": [
"attic",
"flake-compat"
],
"flake-utils": [
"attic",
"flake-utils"
],
"nixpkgs": [
"attic",
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1677892403,
"narHash": "sha256-/Wi0L1spSWLFj+UQxN3j0mPYMoc7ZoAujpUF/juFVII=",
"owner": "ipetkov",
"repo": "crane",
"rev": "105e27adb70a9890986b6d543a67761cbc1964a2",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"deploy-rs": { "deploy-rs": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
@ -43,6 +97,22 @@
} }
}, },
"flake-compat": { "flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1668681692, "lastModified": 1668681692,
@ -59,6 +129,21 @@
} }
}, },
"flake-utils": { "flake-utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems"
}, },
@ -145,7 +230,7 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay_2"
}, },
"locked": { "locked": {
"lastModified": 1685985608, "lastModified": 1685985608,
@ -178,6 +263,22 @@
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": {
"lastModified": 1685004253,
"narHash": "sha256-AbVL1nN/TDicUQ5wXZ8xdLERxz/eJr7+o8lqkIOVuaE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3e01645c40b92d29f3ae76344a6d654986a91a91",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": { "locked": {
"lastModified": 1686392259, "lastModified": 1686392259,
"narHash": "sha256-hqSS9hKhWldIZr1bBp9xKhIznnGPICGKzuehd2LH0UA=", "narHash": "sha256-hqSS9hKhWldIZr1bBp9xKhIznnGPICGKzuehd2LH0UA=",
@ -195,6 +296,7 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"attic": "attic",
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"disko": "disko", "disko": "disko",
"home-manager": "home-manager", "home-manager": "home-manager",
@ -206,7 +308,34 @@
}, },
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": [
"attic",
"crane",
"flake-utils"
],
"nixpkgs": [
"attic",
"crane",
"nixpkgs"
]
},
"locked": {
"lastModified": 1675391458,
"narHash": "sha256-ukDKZw922BnK5ohL9LhwtaDAdCsJL7L6ScNEyF1lO9w=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "383a4acfd11d778d5c2efcf28376cbd845eeaedf",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_2": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"ironbar", "ironbar",
"nixpkgs" "nixpkgs"
@ -231,7 +360,7 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable_2"
}, },
"locked": { "locked": {
"lastModified": 1686453485, "lastModified": 1686453485,

4
flake.nix
View file

@ -29,6 +29,10 @@
url = "github:JakeStanger/ironbar"; url = "github:JakeStanger/ironbar";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
attic = {
url = "github:zhaofengli/attic";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = {nixpkgs, ...} @ inputs: let outputs = {nixpkgs, ...} @ inputs: let
system = "x86_64-linux"; system = "x86_64-linux";

2
hosts/default.nix
View file

@ -5,6 +5,7 @@ inputs: let
diskoModule = inputs.disko.nixosModules.disko; diskoModule = inputs.disko.nixosModules.disko;
hyprlandModule = inputs.hyprland.homeManagerModules.default; hyprlandModule = inputs.hyprland.homeManagerModules.default;
ironbarModule = inputs.ironbar.homeManagerModules.default; ironbarModule = inputs.ironbar.homeManagerModules.default;
atticdModule = inputs.attic.nixosModules.atticd;
inherit (inputs.nixpkgs.lib) nixosSystem; inherit (inputs.nixpkgs.lib) nixosSystem;
in { in {
tsuki = nixosSystem { tsuki = nixosSystem {
@ -39,6 +40,7 @@ in {
sopsModule sopsModule
diskoModule diskoModule
hmModule hmModule
atticdModule
{ {
home-manager = { home-manager = {
useGlobalPkgs = true; useGlobalPkgs = true;

25
hosts/sakura/services/atticd.nix Normal file
View file

@ -0,0 +1,25 @@
{config, ...}: {
sops.secrets.attic-jwt-secret = {};
services.atticd = {
enable = true;
credentialsFile = config.sops.secrets.attic-jwt-secret.path;
settings = {
listen = "[::]:8100";
allowed-hosts = ["cache.notohh.dev"];
api-endpoint = "https://cache.notohh.dev";
chunking = {
nar-size-threshold = 64 * 1024; # 64 KiB
min-size = 16 * 1024; # 16 KiB
avg-size = 64 * 1024; # 64 KiB
max-size = 256 * 1024; # 256 KiB
};
garbage-collection = {
interval = "12 hours";
default-retention-period = "2 weeks";
};
};
};
}

1
hosts/sakura/services/default.nix
View file

@ -12,5 +12,6 @@
./grafana.nix ./grafana.nix
./prometheus.nix ./prometheus.nix
./woodpecker.nix ./woodpecker.nix
./atticd.nix
]; ];
} }

10
hosts/sakura/services/traefik.nix
View file

@ -81,6 +81,13 @@
tls.domains = [{main = "*.notohh.dev";}]; tls.domains = [{main = "*.notohh.dev";}];
tls.certresolver = "production"; tls.certresolver = "production";
}; };
atticd = {
rule = "Host(`cache.notohh.dev`)";
entrypoints = ["websecure"];
service = "atticd";
tls.domains = [{main = "*.notohh.dev";}];
tls.certresolver = "production";
};
}; };
services = { services = {
homepage.loadBalancer.servers = [{url = "http://localhost:3005";}]; homepage.loadBalancer.servers = [{url = "http://localhost:3005";}];
@ -92,7 +99,8 @@
gitea.loadBalancer.servers = [{url = "http://localhost:3200";}]; gitea.loadBalancer.servers = [{url = "http://localhost:3200";}];
rustypaste.loadBalancer.servers = [{url = "http://localhost:8000";}]; rustypaste.loadBalancer.servers = [{url = "http://localhost:8000";}];
grafana.loadBalancer.servers = [{url = "http://localhost:3100";}]; grafana.loadBalancer.servers = [{url = "http://localhost:3100";}];
woodpecker-server.loadBalancer.servers = [{url = "http://localhost:8006";}]; woodpecker-server.loadBalancer.servers = [{url = "http://localhost:8200";}];
atticd.loadBalancer.servers = [{url = "http://localhost:8100";}];
}; };
}; };
}; };

4
hosts/sakura/services/woodpecker.nix
View file

@ -4,7 +4,7 @@
services.woodpecker-server = { services.woodpecker-server = {
enable = true; enable = true;
environment = { environment = {
WOODPECKER_SERVER_ADDR = ":8006"; WOODPECKER_SERVER_ADDR = ":8200";
WOODPECKER_HOST = "https://ci.notohh.dev"; WOODPECKER_HOST = "https://ci.notohh.dev";
WOODPECKER_OPEN = "false"; WOODPECKER_OPEN = "false";
WOODPECKER_GITEA = "true"; WOODPECKER_GITEA = "true";
@ -19,7 +19,7 @@
environment = { environment = {
DOCKER_HOST = "unix:///var/run/docker.sock"; DOCKER_HOST = "unix:///var/run/docker.sock";
WOODPECKER_BACKEND = "docker"; WOODPECKER_BACKEND = "docker";
WOODPECKER_SERVER = "localhost:8006"; WOODPECKER_SERVER = "localhost:8200";
WOODPECKER_AGENT_SECRET = config.sops.secrets.woodpecker-agent-secret.path; WOODPECKER_AGENT_SECRET = config.sops.secrets.woodpecker-agent-secret.path;
}; };
extraGroups = [ extraGroups = [

5
secrets/secrets.yaml
View file

@ -5,6 +5,7 @@ rusty-auth-token: ENC[AES256_GCM,data:FZ1bC6wijkHPII2AlYnDq9P6pFq2qWVo,iv:92ZH8N
restic-repo-pwd: ENC[AES256_GCM,data:wan4U/w6417NWnbTTe7ID4y6Dv+bs0D3Fvw9ur6gIdU=,iv:4B5ihL5/QiNObqZwLwo4Sd33zx4pqRWszdzdutvK6a0=,tag:KqU5sSpPG8n6qHxxJUpDTg==,type:str] restic-repo-pwd: ENC[AES256_GCM,data:wan4U/w6417NWnbTTe7ID4y6Dv+bs0D3Fvw9ur6gIdU=,iv:4B5ihL5/QiNObqZwLwo4Sd33zx4pqRWszdzdutvK6a0=,tag:KqU5sSpPG8n6qHxxJUpDTg==,type:str]
woodpecker-server: ENC[AES256_GCM,data:elB9cO9bM3B4aRadcma42tz5TFdXRPN4RS71PDfqKqBUuzCCZBZuyRqKYdCFQQkNsuLAIqKovuCcARnn5BKBEasbPUY4ykI3UG8wo9mQ9q5J73EL9aRFYeSZMpyN64hsrzD84kKlOHIYsEbpJhANYiAEyZzVbuxZTrvEHDu0cO0NkEvrE3ync7FYyROxsQ==,iv:dGnoqXIJZchPqXpXgMyFTHBqFPfwDfqzAG9db1/UngY=,tag:Dr3zqde0Q1QB1VUh1BAlbQ==,type:str] woodpecker-server: ENC[AES256_GCM,data:elB9cO9bM3B4aRadcma42tz5TFdXRPN4RS71PDfqKqBUuzCCZBZuyRqKYdCFQQkNsuLAIqKovuCcARnn5BKBEasbPUY4ykI3UG8wo9mQ9q5J73EL9aRFYeSZMpyN64hsrzD84kKlOHIYsEbpJhANYiAEyZzVbuxZTrvEHDu0cO0NkEvrE3ync7FYyROxsQ==,iv:dGnoqXIJZchPqXpXgMyFTHBqFPfwDfqzAG9db1/UngY=,tag:Dr3zqde0Q1QB1VUh1BAlbQ==,type:str]
woodpecker-agent-secret: ENC[AES256_GCM,data:Xfz8OEQqcqeb9zi531zhfitbDbfxtVAsf4JFmmqpAL9rMsQwRl8vWVp3m23yEl6F5f67+Bf26GAlPwWT8hVCAA==,iv:fCoBgR1L1niZaa/HCCfJTsrJvOrlGv0Fa7zcTL6s118=,tag:SOE/4MOp6tx+eTr4vrxxGA==,type:str] woodpecker-agent-secret: ENC[AES256_GCM,data:Xfz8OEQqcqeb9zi531zhfitbDbfxtVAsf4JFmmqpAL9rMsQwRl8vWVp3m23yEl6F5f67+Bf26GAlPwWT8hVCAA==,iv:fCoBgR1L1niZaa/HCCfJTsrJvOrlGv0Fa7zcTL6s118=,tag:SOE/4MOp6tx+eTr4vrxxGA==,type:str]
attic-jwt-secret: ENC[AES256_GCM,data:eWXD/WAsU5j8BAnbrY5U9wvtM2neQ3I4148FRPOg1UhoIeaXOf5WkKLcMHyGw3MLNzHrYYoe+PyPw8r1qrOigo7mY8zoa7X0vnga56xkvspfBBGp8MoSaNEPwcLFrAlINfIDLxZBg0LvEhQU+z2yPBBTOjls7ofUKrq5hbWuiA==,iv:l5gdqPPK+loR2R69sohu24bu+PPgXRX+ie/pDLho+60=,tag:4Mld1IMMaOjUKj7fHpNTyw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -20,8 +21,8 @@ sops:
YWNQcURKMSs2U0pOa3E0cTdCZ3RnalkKGayA7DBUQS+kn+6OYVBc6oTunF0qeZdt YWNQcURKMSs2U0pOa3E0cTdCZ3RnalkKGayA7DBUQS+kn+6OYVBc6oTunF0qeZdt
5b9DLHgh0HRWFm09XGSOog8K315d93Wzblw1My1/dXeEQX/ryinqUQ== 5b9DLHgh0HRWFm09XGSOog8K315d93Wzblw1My1/dXeEQX/ryinqUQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-06-11T09:51:59Z" lastmodified: "2023-06-11T23:40:00Z"
mac: ENC[AES256_GCM,data:v6psESfO90ppdjIcRTifR/+RElpruIxcKPi0YNwCfmceMkqxnB0O/VkxcQGy7HE2fxMZFwZxaonT050wG3AnDX+DzOZqVQifoBzV/g4ig/EPrjAUs0dFWfS0s4AzwcKiy9CXV4DpP+AlY/lnUozfo+X1k/YiOrcXQuq0/1Nd1rE=,iv:SqDDWchnG2EVhjhYg8QcqhtlG8tgg1liqcZKvS4lyRs=,tag:8OgxsOs6GrseCbOKD1bOWQ==,type:str] mac: ENC[AES256_GCM,data:IrvlGM5tUSccbjeEmsjyug1dh2QPM2xIKdD/K7TDPGAlWq/ik8fmjz+l5wefsi1x4me37CImNBrYVX6oIA4686gbxRTvLI52SxZBGwBKnP0iIjIn6Ja72d+TH01LX+QDRbr+kdTh1AO5YpMZHC+sDLRcr7swIwrzD2bS7G4/LxQ=,iv:oJ+Q7SKGFPkIEdU55szDIgGZgu1hpXM1AcLxkOKTthI=,tag:NqQ82X0FeH+KzRM5OTR1UQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.7.3