add cert for attic

modules/users/overseer/acme.nix

@@ -40,6 +40,7 @@ lib.mkIf config.user.overseer.enable {
       "homebox.wanderingcrow.net" = {};
       "bookstack.wanderingcrow.net" = {};
       "grocy.wanderingcrow.net" = {};
+      "cache.wanderingcrow.net" = {};
     };
   };
 }

modules/users/overseer/services/attic.nix

@@ -14,23 +14,39 @@ lib.mkIf config.user.overseer.enable {
       AWS_SECRET_ACCESS_KEY=${config.sops.placeholder."aws/secret_key"}
     '';
   };
-  services.atticd = {
-    enable = true;
-    mode = "monolithic";
-    environmentFile = config.sops.templates."attic-env".path;
-    settings = {
-      listen = "[::]:8080";
-      jwt = {};
-      chunking = {
-        nar-size-threshold = 64 * 1024; # 64 KiB
-        min-size = 16 * 1024; # 16 KiB
-        avg-size = 64 * 1024; # 64 KiB
-        max-size = 256 * 1024; # 256 KiB
+  services = {
+    atticd = {
+      enable = true;
+      mode = "monolithic";
+      environmentFile = config.sops.templates."attic-env".path;
+      settings = {
+        listen = "[::]:8080";
+        jwt = {};
+        chunking = {
+          nar-size-threshold = 64 * 1024; # 64 KiB
+          min-size = 16 * 1024; # 16 KiB
+          avg-size = 64 * 1024; # 64 KiB
+          max-size = 256 * 1024; # 256 KiB
+        };
+        storage = {
+          type = "s3";
+          region = "us-east-1";
+          bucket = "wce-20250209044958802100000001";
+        };
       };
-      storage = {
-        type = "s3";
-        region = "us-east-1";
-        bucket = "wce-20250209044958802100000001";
+      nginx = {
+        enable = true;
+        recommendedProxySettings = true;
+        virtualHosts = {
+          "cache.wanderingcrow.net" = {
+            forceSSL = true;
+            useACMEHost = "cache.wanderingcrow.net";
+            locations."/" = {
+              proxyPass = "http://localhost:8080";
+              proxyWebsockets = true;
+            };
+          };
+        };
       };
     };
   };