pederbs/config
pederbs/config
2
1
Fork 0
Code Issues Pull Requests Releases Activity
36188d39b7
config/profiles/http/services/attic.nix
Peder Bergebakken Sundt 2a0b9a5eec foo
2025-01-22 12:49:16 +01:00

72 lines
2.5 KiB
Nix
Raw Blame History

{ config, pkgs, lib, mkDomain, ... }:
# attic - multi-tenant nix binary cache
# https://docs.attic.rs/tutorial.html
# https://discourse.nixos.org/t/introducing-attic-a-self-hostable-nix-binary-cache-server/24343
# https://docs.attic.rs/reference/attic-cli.html
# https://docs.attic.rs/reference/atticd-cli.html
# https://docs.attic.rs/reference/atticadm-cli.html
{
sops.secrets.atticd = {
restartUnits = [ "atticd.service" ];
owner = config.services.atticd.user;
group = config.services.atticd.group;
};
services.atticd = {
enable = lib.mkDefault (!config.virtualisation.isVmVariant);
environmentFile = config.sops.secrets.atticd.path;
settings = {
# https://github.com/zhaofengli/attic/blob/main/server/src/config-template.toml
# https://github.com/AtaraxiaSjel/nixos-config/blob/master/profiles/servers/atticd.nix
listen = "127.0.0.1:8083";
api-endpoint = "https://${mkDomain "attic"}";
allowed-hosts = [ (mkDomain "attic") ];
# set in e.g. profiles/mounts/meconium-zfs.nix
# TODO: turn a non-config into an eval failure
/*
#database.url = "postgresql:///atticd?host=/run/postgresql";
database.url = "sqlite:///mnt/meconium/blob/attic/server.db?mode=rwc";
storage.type = "local";
storage.path = "/mnt/meconium/blob/attic/storage";
*/
require-proof-of-possession = false;
garbage-collection = {
# can manually be run with `atticd --mode garbage-collector-once`
interval = "3 days"; # how often
#default-retention-period = "1 month"; # 0 by default, can be enabled on a per-cache basis
};
};
};
# disable DynamicUser
systemd.services.atticd.serviceConfig.DynamicUser = lib.mkForce false;
users.users.atticd.isSystemUser = true;
users.users.atticd.group = "atticd";
users.users.atticd.uid = 3001;
users.groups.atticd.gid = 3001;
services.nginx.virtualHosts.${mkDomain "plex"} = lib.mkIf config.services.attic.enable {
forceSSL = true; # addSSL = true;
enableACME = true; #useACMEHost = acmeDomain;
locations."/" = {
proxyPass = "http://127.0.0.1:8083";
extraConfig = ''
client_max_body_size 0;
send_timeout 15m;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
'';
};
};
}
Reference in New Issue View Git Blame Copy Permalink