mirror of
https://github.com/daylinmorgan/oizys.git
synced 2024-11-15 00:07:54 -06:00
59 lines
1.7 KiB
Nix
59 lines
1.7 KiB
Nix
|
{ pkgs, enabled, ... }:
|
||
|
let
|
||
|
atticPort = "5656";
|
||
|
in
|
||
|
{
|
||
|
|
||
|
services.resolved = enabled;
|
||
|
|
||
|
services.fail2ban = enabled // {
|
||
|
maxretry = 5;
|
||
|
bantime = "24h";
|
||
|
};
|
||
|
|
||
|
services.openssh = enabled // {
|
||
|
settings.PasswordAuthentication = false;
|
||
|
};
|
||
|
|
||
|
security.polkit = enabled; # attic was looking for this...
|
||
|
environment.systemPackages = [ pkgs.attic-client ];
|
||
|
|
||
|
# allow docker to forward the request to the host running attic
|
||
|
# https://discourse.nixos.org/t/docker-container-not-resolving-to-host/30259/6
|
||
|
networking.firewall.extraCommands = "iptables -A INPUT -p tcp --destination-port ${atticPort} -s 172.16.0.0/12 -j ACCEPT";
|
||
|
services.atticd = enabled // {
|
||
|
|
||
|
# Replace with absolute path to your credentials file
|
||
|
environmentFile = "/etc/atticd.env";
|
||
|
|
||
|
settings = {
|
||
|
listen = "[::]:${atticPort}";
|
||
|
|
||
|
jwt = { };
|
||
|
|
||
|
# Data chunking
|
||
|
#
|
||
|
# Warning: If you change any of the values here, it will be
|
||
|
# difficult to reuse existing chunks for newly-uploaded NARs
|
||
|
# since the cutpoints will be different. As a result, the
|
||
|
# deduplication ratio will suffer for a while after the change.
|
||
|
chunking = {
|
||
|
# The minimum NAR size to trigger chunking
|
||
|
#
|
||
|
# If 0, chunking is disabled entirely for newly-uploaded NARs.
|
||
|
# If 1, all NARs are chunked.
|
||
|
nar-size-threshold = 64 * 1024; # 64 KiB
|
||
|
|
||
|
# The preferred minimum size of a chunk, in bytes
|
||
|
min-size = 16 * 1024; # 16 KiB
|
||
|
|
||
|
# The preferred average size of a chunk, in bytes
|
||
|
avg-size = 64 * 1024; # 64 KiB
|
||
|
|
||
|
# The preferred maximum size of a chunk, in bytes
|
||
|
max-size = 256 * 1024; # 256 KiB
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
}
|