Add deployment for attic
This commit is contained in:
parent
094030f4d5
commit
8518832b7d
129
flake.lock
129
flake.lock
|
@ -1,8 +1,51 @@
|
|||
{
|
||||
"nodes": {
|
||||
"attic": {
|
||||
"inputs": {
|
||||
"crane": "crane",
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1711742460,
|
||||
"narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=",
|
||||
"owner": "zhaofengli",
|
||||
"repo": "attic",
|
||||
"rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "zhaofengli",
|
||||
"repo": "attic",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"crane": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"attic",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1702918879,
|
||||
"narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=",
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"deploy-rs": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
|
@ -23,6 +66,22 @@
|
|||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1673956053,
|
||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_2": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
|
@ -38,23 +97,54 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"flake-utils": {
|
||||
"locked": {
|
||||
"lastModified": 1712439257,
|
||||
"narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599",
|
||||
"lastModified": 1667395993,
|
||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-unstable",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1711401922,
|
||||
"narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "07262b18b97000d16a4bdb003418bd2fb067a932",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1711460390,
|
||||
"narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "44733514b72e732bd49f5511bd0203dea9b9a434",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-23.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable_2": {
|
||||
"locked": {
|
||||
"lastModified": 1712437997,
|
||||
"narHash": "sha256-g0whLLwRvgO2FsyhY8fNk+TWenS3jg5UdlWL4uqgFeo=",
|
||||
|
@ -70,10 +160,27 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1712439257,
|
||||
"narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"attic": "attic",
|
||||
"deploy-rs": "deploy-rs",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"sops-nix": "sops-nix",
|
||||
"utils": "utils_2"
|
||||
}
|
||||
|
@ -83,7 +190,7 @@
|
|||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1712458908,
|
||||
|
|
|
@ -1,12 +1,13 @@
|
|||
{
|
||||
inputs = {
|
||||
attic = { url = "github:zhaofengli/attic"; };
|
||||
nixpkgs = { url = "github:nixos/nixpkgs/nixos-unstable"; };
|
||||
deploy-rs = { url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
utils = { url = "github:numtide/flake-utils"; };
|
||||
sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, deploy-rs, utils, sops-nix, ... }@inputs:
|
||||
outputs = { self, attic, nixpkgs, deploy-rs, utils, sops-nix, ... }@inputs:
|
||||
{
|
||||
nixosConfigurations = {
|
||||
"phoenix.lewd.wtf" = nixpkgs.lib.nixosSystem {
|
||||
|
@ -16,6 +17,7 @@
|
|||
sops-nix.nixosModules.sops
|
||||
./default.nix
|
||||
./hosts/phoenix.lewd.wtf/configuration.nix
|
||||
attic.nixosModules.atticd
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
@ -13,6 +13,12 @@
|
|||
}
|
||||
];
|
||||
|
||||
fileSystems."/mnt/zbigdata/seedbox_test" = {
|
||||
device = "zbigdata/seedbox_test";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
|
||||
containers.seedbox-test = {
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
|
|
|
@ -35,6 +35,11 @@
|
|||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/attic/storage" = {
|
||||
device = "zbigdata/attic";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
|
|
|
@ -12,6 +12,15 @@
|
|||
format = "dotenv";
|
||||
};
|
||||
|
||||
# Attic
|
||||
sops.secrets."services/attic/creds.env" = {
|
||||
mode = "0400";
|
||||
owner = config.users.users.root.name;
|
||||
group = config.users.users.root.group;
|
||||
sopsFile = ./secrets/attic.env;
|
||||
format = "dotenv";
|
||||
};
|
||||
|
||||
# MSMTP
|
||||
sops.secrets."services/msmtp/password" = {
|
||||
mode = "0777";
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64=ENC[AES256_GCM,data:VPOq3Ipu7fnpi14mbdFG01MJiZvMuK1FHlQbO+AQi3Xh8ZCScr+wedGekvtqrOkNXk8PBsXpXhXhQ7j7dJkUyfBnE1RAEIxaxwhuWyS2e2ZyTKNjL427hb/9,iv:xgc74cUXxO5dGTRGsl4u3HDRg1f3pOtHdekYoz/mDO8=,tag:j1c0Axfa/oBMgccPtrm5GQ==,type:str]
|
||||
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1MVRwaEJaa21ENi9RbGJn\nQXk2QXN1QW1ZbGFUaXdsaThEM0FJNTNKYjNNCmtDMXM3THQxazJTY2tjZ1JnTHF3\nOHVqZkdXOHdYUnQ4UGVXZGxwaDJGMG8KLS0tIHVNSWdReG9kY3lqa2xnRzVnVTZn\nemJmejIrSnd3amdUNm1TRE1OTTRSVG8Ktzanb6rbmFRE02N9vt+QyuwIpJN+EXCM\ncJRgxdUovzt/4CU6oJDNLrdV0FfCPUHMfg6f6CgEGu0RhvzKAh77Dg==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_age__list_0__map_recipient=age17wdazshqnfe63cy7mmsmwld75e5wedgn8gngvmvlqdktlr86c4us87tjxv
|
||||
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFbmZsV0ZINVN4QytybDRz\nb2pQVTNoVFVNb3A3QmlYUG9BRnBQVEFxYXk4CnVpZHQrd090WUF0TkVqNk1OM1JN\nS21hdHJ6MkEvUXlwYkFoTmdEeDZPcDgKLS0tIFFMdkhBRVVxelpDUFdxWWNKbEU4\nZkc2d3lEZC9FVHpBZlQ5K1lDK3ZwbFUKFshCxKov4sjuHOokHmoxa+IeOT2ttg7o\nNL75mlP+u6IKETvQNQ4HlHcVF1Zask1JUeJU13xI3b26laIKr0ZBYw==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_age__list_1__map_recipient=age1tf5077gpdp3cp4hedvng5wltzvp9jg0ehpt7czhnczlx6ctvqpjstvrmmh
|
||||
sops_lastmodified=2024-04-07T09:41:32Z
|
||||
sops_mac=ENC[AES256_GCM,data:lDQABnYzFbMNT09grDE9y++VWDzbw4wlrIXpXL2WMBK6LnJhtzsWHyUuZ8fxIjCihtxUW5LbeY5YjV53NubAGK+Aw3JysR90iVQ7Mo7Dn5E7Hv3MUx1+1R/HqIZegZ5lY64u58dFKqUV46lOqTCE3nfVSGZ65CiBLtHOOOYs8L4=,iv:4CvbTGLSzDC7IM7mt+V4tL+Js0sX4Z8nnJapC1BwrOk=,tag:PlkagmUsAmZ8FRsZy5x0Dw==,type:str]
|
||||
sops_unencrypted_suffix=_unencrypted
|
||||
sops_version=3.8.1
|
|
@ -0,0 +1,39 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
services.atticd = {
|
||||
enable = true;
|
||||
package = ${pkgs.attic-server};
|
||||
|
||||
credentialsFile = "/run/secrets/services/attic/creds.env";
|
||||
|
||||
settings = {
|
||||
listen = "0.0.0.0:28842";
|
||||
|
||||
chunking = {
|
||||
nar-size-threshold = 64 * 1024; # 64 KiB
|
||||
min-size = 16 * 1024; # 16 KiB
|
||||
avg-size = 64 * 1024; # 64 KiB
|
||||
max-size = 256 * 1024; # 256 KiB
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."attic.lewd.wtf" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:28842";
|
||||
extraConfig =
|
||||
"proxy_set_header Host $host;" +
|
||||
"proxy_set_header X-Real-IP $remote_addr;" +
|
||||
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" +
|
||||
"proxy_set_header X-Forwarded-Proto $scheme;" +
|
||||
"proxy_connect_timeout 1800;" +
|
||||
"proxy_send_timeout 1800;" +
|
||||
"proxy_read_timeout 1800;" +
|
||||
"send_timeout 1800;" +
|
||||
"client_max_body_size 5G;"
|
||||
;
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue