oizys/hosts/algiz/services.nix

{
  config,
  pkgs,
  enabled,
  ...
}:
let
  atticPort = "5656";
  harmoniaPort = "5657";
  static-attic = pkgs.runCommandLocal "static-files" { } ''
    mkdir $out
    cp ${./caddy/attic/index.html} $out/index.html
  '';
  static-nix-cache = pkgs.runCommandLocal "static-files-nix-cache" { } ''
    mkdir $out
    cp -r ${./caddy/nix-cache}/* $out
  '';

  check-attic = pkgs.writeShellScriptBin "check-attic" ''
    sudo du -sh /var/lib/atticd/
  '';
in
{

  services.resolved = enabled;

  services.fail2ban = enabled // {
    maxretry = 5;
    bantime = "24h";
  };

  services.openssh = enabled // {
    settings.PasswordAuthentication = false;
  };

  security.polkit = enabled; # attic was looking for this...

  environment.systemPackages = [
    pkgs.attic-client
    check-attic
  ];

  services.atticd = enabled // {

    # Replace with absolute path to your credentials file
    environmentFile = config.sops.secrets."atticd-env".path;

    settings = {
      listen = "[::]:${atticPort}";

      jwt = { };

      # Data chunking
      #
      # Warning: If you change any of the values here, it will be
      # difficult to reuse existing chunks for newly-uploaded NARs
      # since the cutpoints will be different. As a result, the
      # deduplication ratio will suffer for a while after the change.
      chunking = {
        # The minimum NAR size to trigger chunking
        #
        # If 0, chunking is disabled entirely for newly-uploaded NARs.
        # If 1, all NARs are chunked.
        nar-size-threshold = 64 * 1024; # 64 KiB

        # The preferred minimum size of a chunk, in bytes
        min-size = 16 * 1024; # 16 KiB

        # The preferred average size of a chunk, in bytes
        avg-size = 64 * 1024; # 64 KiB

        # The preferred maximum size of a chunk, in bytes
        max-size = 256 * 1024; # 256 KiB
      };
    };
  };

  services.harmonia = enabled // {
    signKeyPaths = [ config.sops.secrets.harmonia-key.path ];
    settings = {
      bind = "[::]:${harmoniaPort}";
    };
  };

  services.caddy = enabled // {
    extraConfig = builtins.readFile ./caddy/Caddyfile;

    virtualHosts = {
      "attic.dayl.in".extraConfig = ''

        redir /oizys /

        handle / {
          root * ${static-attic}
          file_server
        }

        handle /* {
          reverse_proxy http://localhost:${atticPort}
        }
      '';

      "nix-cache.dayl.in".extraConfig = ''
        @frontend {
          path /
          path /daylin-nix-cache-logo.svg
        }

        handle @frontend {
          root * ${static-nix-cache}
          file_server
        }

        handle /* {
          reverse_proxy http://localhost:${harmoniaPort}
        }
      '';
    };
  };
}
finish tweaking services config 2025-01-19 18:42:48 -06:00			`{`
add some secrets 2025-01-31 10:15:45 -06:00			`config,`
finish tweaking services config 2025-01-19 18:42:48 -06:00			`pkgs,`
			`enabled,`
			`...`
			`}:`
setup attic on algiz 2024-10-29 16:58:36 -05:00			`let`
			`atticPort = "5656";`
a new cache. a new oppurtunity 2025-02-12 09:48:05 -06:00			`harmoniaPort = "5657";`
add better branded landing page for harmonia 2025-02-17 13:12:30 -06:00			`static-attic = pkgs.runCommandLocal "static-files" { } ''`
tidy up caddy setup with alternate frontend to match dayl.in 2024-11-15 14:21:20 -06:00			`mkdir $out`
path fixup 2025-02-17 13:18:48 -06:00			`cp ${./caddy/attic/index.html} $out/index.html`
tidy up caddy setup with alternate frontend to match dayl.in 2024-11-15 14:21:20 -06:00			`'';`
add better branded landing page for harmonia 2025-02-17 13:12:30 -06:00			`static-nix-cache = pkgs.runCommandLocal "static-files-nix-cache" { } ''`
			`mkdir $out`
path fixup 2025-02-17 13:18:48 -06:00			`cp -r ${./caddy/nix-cache}/* $out`
add better branded landing page for harmonia 2025-02-17 13:12:30 -06:00			`'';`
add check-attic script 2025-02-07 15:39:52 -06:00
			`check-attic = pkgs.writeShellScriptBin "check-attic" ''`
			`sudo du -sh /var/lib/atticd/`
			`'';`
setup attic on algiz 2024-10-29 16:58:36 -05:00			`in`
			`{`

			`services.resolved = enabled;`

			`services.fail2ban = enabled // {`
			`maxretry = 5;`
			`bantime = "24h";`
			`};`

			`services.openssh = enabled // {`
			`settings.PasswordAuthentication = false;`
			`};`

			`security.polkit = enabled; # attic was looking for this...`

lix-attic 2025-02-07 15:05:04 -06:00			`environment.systemPackages = [`
lix-attic not ready 2025-02-10 00:16:45 -06:00			`pkgs.attic-client`
add check-attic script 2025-02-07 15:39:52 -06:00			`check-attic`
lix-attic 2025-02-07 15:05:04 -06:00			`];`

setup attic on algiz 2024-10-29 16:58:36 -05:00			`services.atticd = enabled // {`
prepare algiz for attic swap 2025-01-19 18:21:44 -06:00
setup attic on algiz 2024-10-29 16:58:36 -05:00			`# Replace with absolute path to your credentials file`
add some secrets 2025-01-31 10:15:45 -06:00			`environmentFile = config.sops.secrets."atticd-env".path;`
setup attic on algiz 2024-10-29 16:58:36 -05:00
			`settings = {`
			`listen = "[::]:${atticPort}";`

			`jwt = { };`

			`# Data chunking`
			`#`
			`# Warning: If you change any of the values here, it will be`
			`# difficult to reuse existing chunks for newly-uploaded NARs`
			`# since the cutpoints will be different. As a result, the`
			`# deduplication ratio will suffer for a while after the change.`
			`chunking = {`
			`# The minimum NAR size to trigger chunking`
			`#`
			`# If 0, chunking is disabled entirely for newly-uploaded NARs.`
			`# If 1, all NARs are chunked.`
			`nar-size-threshold = 64 * 1024; # 64 KiB`

			`# The preferred minimum size of a chunk, in bytes`
			`min-size = 16 * 1024; # 16 KiB`

			`# The preferred average size of a chunk, in bytes`
			`avg-size = 64 * 1024; # 64 KiB`

			`# The preferred maximum size of a chunk, in bytes`
			`max-size = 256 * 1024; # 256 KiB`
			`};`
			`};`
			`};`
add comin 2024-11-05 21:39:52 -06:00
a new cache. a new oppurtunity 2025-02-12 09:48:05 -06:00			`services.harmonia = enabled // {`
			`signKeyPaths = [ config.sops.secrets.harmonia-key.path ];`
			`settings = {`
			`bind = "[::]:${harmoniaPort}";`
			`};`
			`};`

tidy up caddy setup with alternate frontend to match dayl.in 2024-11-15 14:21:20 -06:00			`services.caddy = enabled // {`
			`extraConfig = builtins.readFile ./caddy/Caddyfile;`
a new cache. a new oppurtunity 2025-02-12 09:48:05 -06:00
			`virtualHosts = {`
			`"attic.dayl.in".extraConfig = ''`
fix logo path handling 2025-02-17 13:25:22 -06:00
a new cache. a new oppurtunity 2025-02-12 09:48:05 -06:00			`redir /oizys /`

			`handle / {`
add better branded landing page for harmonia 2025-02-17 13:12:30 -06:00			`root * ${static-attic}`
a new cache. a new oppurtunity 2025-02-12 09:48:05 -06:00			`file_server`
			`}`

			`handle /* {`
			`reverse_proxy http://localhost:${atticPort}`
			`}`
			`'';`

			`"nix-cache.dayl.in".extraConfig = ''`
fix logo path handling 2025-02-17 13:25:22 -06:00			`@frontend {`
			`path /`
			`path /daylin-nix-cache-logo.svg`
			`}`

			`handle @frontend {`
add better branded landing page for harmonia 2025-02-17 13:12:30 -06:00			`root * ${static-nix-cache}`
			`file_server`
			`}`
fix logo path handling 2025-02-17 13:25:22 -06:00
add better branded landing page for harmonia 2025-02-17 13:12:30 -06:00			`handle /* {`
			`reverse_proxy http://localhost:${harmoniaPort}`
			`}`
a new cache. a new oppurtunity 2025-02-12 09:48:05 -06:00			`'';`
			`};`
integrate caddy with nixos instead of docker 2024-11-15 10:51:25 -06:00			`};`
setup attic on algiz 2024-10-29 16:58:36 -05:00			`}`