migrate services

2025-07-02 10:01:00 -04:00 · 2025-07-02 10:01:00 -04:00 · 891be2b165
commit 891be2b165
parent f0b3b2a4b4
15 changed files with 1136 additions and 0 deletions
--- a/modules/services/attic/default.nix
+++ b/modules/services/attic/default.nix
@ -0,0 +1,57 @@
+{
+  lib,
+  config,
+  ...
+}: {
+  sops = {
+    secrets."attic/server_token" = {};
+    secrets."cloudflare/r2/access_key" = {};
+    secrets."cloudflare/r2/secret_key" = {};
+    templates."attic-env".content = ''
+      ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=${config.sops.placeholder."attic/server_token"}
+      AWS_ACCESS_KEY_ID=${config.sops.placeholder."cloudflare/r2/access_key"}
+      AWS_SECRET_ACCESS_KEY=${config.sops.placeholder."cloudflare/r2/secret_key"}
+    '';
+  };
+  services = {
+    atticd = {
+      enable = true;
+      mode = "monolithic";
+      environmentFile = config.sops.templates."attic-env".path;
+      settings = {
+        listen = "[::]:8080";
+        api-endpoint = "https://cache.wanderingcrow.net/";
+        jwt = {};
+        chunking = {
+          nar-size-threshold = 64 * 1024; # 64 KiB
+          min-size = 16 * 1024; # 16 KiB
+          avg-size = 64 * 1024; # 64 KiB
+          max-size = 256 * 1024; # 256 KiB
+        };
+        storage = {
+          type = "s3";
+          region = "";
+          bucket = "wce-attic-cache";
+          endpoint = "https://68c4b3ab47c1a97037ab5a938f772d69.r2.cloudflarestorage.com";
+        };
+      };
+    };
+    nginx = {
+      enable = true;
+      recommendedProxySettings = true;
+      virtualHosts = {
+        "cache.wanderingcrow.net" = {
+          forceSSL = true;
+          extraConfig = ''
+            client_max_body_size 0;
+          '';
+          useACMEHost = "cache.wanderingcrow.net";
+          locations."/" = {
+            proxyPass = "http://localhost:8080";
+            proxyWebsockets = true;
+          };
+        };
+      };
+    };
+  };
+}