yorick
/
dotfiles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add attic server

master
Yorick van Pelt 2024-02-17 15:14:16 +01:00
parent 8a89d26e08
commit 7723bc0df1
Signed by: yorick
GPG Key ID: D8D3CC6D951384DE
11 changed files with 195 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
flake.lock
View File

@ -23,6 +23,34 @@
"type": "github"
}
},
"attic": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1707922053,
"narHash": "sha256-wSZjK+rOXn+UQiP1NbdNn5/UW6UcBxjvlqr2wh++MbM=",
"owner": "zhaofengli",
"repo": "attic",
"rev": "6eabc3f02fae3683bffab483e614bebfcd476b21",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "attic",
"type": "github"
}
},
"blobs": {
"flake": false,
"locked": {
@ -39,6 +67,27 @@
"type": "gitlab"
}
},
"crane": {
"inputs": {
"nixpkgs": [
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1702918879,
"narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=",
"owner": "ipetkov",
"repo": "crane",
"rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@ -80,7 +129,7 @@
"dream2nix": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts",
"nix-unit": "nix-unit",
"nixpkgs": "nixpkgs",
@ -138,6 +187,22 @@
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1668681692,
@ -153,7 +218,7 @@
"type": "github"
}
},
"flake-compat_3": {
"flake-compat_4": {
"locked": {
"lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
@ -537,7 +602,7 @@
"nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat_3",
"nixpkgs": [
"nixpkgs"
],
@ -653,7 +718,7 @@
},
"nixpkgs-wayland": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_4",
"lib-aggregate": "lib-aggregate",
"nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": [
@ -732,6 +797,7 @@
"root": {
"inputs": {
"agenix": "agenix",
"attic": "attic",
"emacs-overlay": "emacs-overlay",
"flake-utils": "flake-utils_2",
"fooocus": "fooocus",

12
flake.nix
View File

@ -16,6 +16,14 @@
nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
nix-npm-buildpackage.url = "github:serokell/nix-npm-buildpackage";
nix-npm-buildpackage.inputs.nixpkgs.follows = "nixpkgs";
attic = {
url = "github:zhaofengli/attic";
inputs = {
nixpkgs-stable.follows = "nixpkgs";
nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
};
};
timesync = {
url = "github:datakami/timesync";
inputs.nixpkgs.follows = "nixpkgs";
@ -24,7 +32,8 @@
};
outputs = inputs@{ nixpkgs, home-manager, nixpkgs-mozilla, emacs-overlay
, nixpkgs-wayland, nixos-hardware, agenix, flake-utils
, nix-index-database, nix-npm-buildpackage, timesync
, nix-index-database, nix-npm-buildpackage, timesync
, attic
, self
, ... }:
(flake-utils.lib.eachSystem [ "x86_64-linux" ] (system:
@ -102,6 +111,7 @@
nixpkgs-mozilla.overlay
emacs-overlay.overlay
agenix.overlays.default
attic.overlays.default
(import ./fixups.nix)
(import ./pkgs)
(import ./pkgs/mdr.nix)

56
nixos/machines/frumar/cache.nix Normal file
View File

@ -0,0 +1,56 @@
{ config, pkgs, lib, inputs, ... }: {
imports = [
inputs.attic.nixosModules.atticd
];
age.secrets.attic.file = ../../../secrets/attic.env.age;
services.nginx.virtualHosts."cache.yori.cc" = {
onlySSL = true;
useACMEHost = "wildcard.yori.cc";
locations."/" = {
proxyPass = "http://[::]:8091";
recommendedProxySettings = true;
};
extraConfig = ''
client_max_body_size 8000M;
proxy_request_buffering off;
proxy_read_timeout 600s;
'';
};
services.atticd = {
enable = true;
credentialsFile = config.age.secrets.attic.path;
settings = {
storage = {
type = "local";
path = "/attic";
};
database.url = "postgresql:///atticd";
listen = "[::]:8091";
chunking = {
nar-size-threshold = 128 * 1024;
min-size = 32 * 1024;
avg-size = 128 * 1024;
max-size = 512 * 1024;
};
};
};
systemd.tmpfiles.rules = with config.services.atticd; [
"d /attic 0770 ${user} ${group}"
];
users.users.${config.services.atticd.user} = {
isSystemUser = true;
createHome = false;
group = config.services.atticd.group;
};
users.groups.${config.services.atticd.group} = {};
services.postgresql = {
enable = true;
package = pkgs.postgresql_15;
ensureDatabases = [ "atticd" ];
ensureUsers = [ {
name = "atticd";
ensureDBOwnership = true;
} ];
};
}

1
nixos/machines/frumar/default.nix
View File

@ -6,6 +6,7 @@
./paperless.nix
./media.nix
./home-automation.nix
./cache.nix
];
system.stateVersion = "15.09";

2
nixos/modules/lumi-cache.nix
View File

@ -9,7 +9,7 @@ in {
age.secrets.nix-netrc.file = ../../secrets/nix-netrc.age;
nix.settings = {
substituters = [ "https://cache.lumi.guide/?priority=50" ];
netrc-file = config.age.secrets.nix-netrc.path;
netrc-file = lib.mkForce config.age.secrets.nix-netrc.path;
trusted-public-keys = [
"cache.lumi.guide-1:z813xH+DDlh+wvloqEiihGvZqLXFmN7zmyF8wR47BHE="
];

12
nixos/roles/default.nix
View File

@ -18,6 +18,7 @@ in {
age.secrets = {
root-user-pass.file = ../../secrets/root-user-pass.age;
yorick-user-pass.file = ../../secrets/yorick-user-pass.age;
nix-netrc-yorick.file = ../../secrets/nix-netrc-yorick.age;
};
nix.nixPath = [];# "nixpkgs=${pkgs.path}" ];
@ -81,6 +82,7 @@ in {
hdparm
lm_sensors
ncdu
attic
# utils
file
@ -128,8 +130,6 @@ in {
};
security.acme.defaults.email = "acme@yori.cc";
security.acme.acceptTerms = true;
nix.settings.trusted-public-keys =
[ "yorick:Pmd0gyrTvVdzpQyb/raHJKdoOag8RLaj434qBgMm4I0=" ];
nix.settings.trusted-users = [ "@wheel" ];
services.prometheus.exporters.node = {
@ -139,4 +139,12 @@ in {
};
networking.firewall.interfaces.wg-y.allowedTCPPorts = [ 9100 ];
xdg.autostart.enable = false;
nix.settings = {
substituters = [ "https://cache.yori.cc/yorick" ];
netrc-file = config.age.secrets.nix-netrc-yorick.path;
trusted-public-keys = [
"yorick:sWqvIllvDhMS9vcWyk4+zSk9L6zq8UgcLPEEQJsAdW4="
];
};
}

23
nixos/roles/workstation.nix
View File

@ -18,15 +18,7 @@
"${gsettings-desktop-schemas}/share/gsettings-schemas/${gsettings-desktop-schemas.name}"
# emacs?
];
nix = {
gc.automatic = pkgs.lib.mkOverride 30 false;
settings.substituters = [
#"s3://yori-nix?endpoint=s3.eu-central-003.backblazeb2.com&profile=backblaze-read"
];
settings.trusted-public-keys = [
"yorick:Pmd0gyrTvVdzpQyb/raHJKdoOag8RLaj434qBgMm4I0="
];
};
nix.gc.automatic = lib.mkOverride 30 false;
virtualisation.libvirtd.enable = true;
# fix glasgow, fomu, backlight
services.udev.extraRules = ''
@ -87,7 +79,18 @@
source-code-pro
ubuntu_font_family # Ubuntu fonts
source-han-sans
nerdfonts
(nerdfonts.override {
fonts = [
"DejaVuSansMono"
"Inconsolata"
"Noto"
"SourceCodePro"
"Ubuntu"
"UbuntuMono"
"Iosevka"
"IosevkaTerm"
];
})
iosevka
emojione
font-awesome

7
secrets/attic.env.age Normal file
View File

@ -0,0 +1,7 @@
age-encryption.org/v1
-> X25519 K+KXUwQaKH32nHAM3MlnddgKsW3whn3VIFTEWGHslTo
+kb40pON4phWdiyeA62WUtO+ObaxJB7sc/voiEE2b5Y
-> ssh-ed25519 n7yA6g Q6U3CQc6TInYL+91d/H+AedrTpDJviiW26aRJNfm4n8
pAJXRVjlH+yxeVfQFjhpXGKe1WtiUQerDyAj3Ca2738
--- nV6YlcU1voUcYqI/fAnxYssj0eD28PG59Otl04fS6eM
Jâ3WÖf22„h<EFBFBD>ý™Ýð¬‡ú«rë@H„¶%Míu=¾ƒp{(i}û‚!r.‘þÊ_÷qS”O ˜ïù£—ËÆÙ«·®ÿ.èù#§‡(„‚ÆÝ{ƒÉ²""qÐ0<C390>ô]5OßÙøK±«aqYPwkñ í‡ÞàLz%”éÞèØ8ÚíÎ {îݶ«õl™ qG<71>ˆº'>™¡ç@

15
secrets/nix-netrc-yorick.age Normal file
View File

@ -0,0 +1,15 @@
age-encryption.org/v1
-> X25519 pUJv2+UeKmgR9dliN8CM3ZhIcAFkZVtoVinNKqz/xjc
TInJdQwvyXGlzJUB4gFV7C5eVwdcKHMKEKCBI+/t7RQ
-> ssh-ed25519 4Ui0LA t2S/srNSxkzJ5vGcBMjAvV2u3RRiVNw4jEioTAamqAo
8vdC4WFCfrtlKVlM4RGcDHCEbmomK41OLEPqLflbTRE
-> ssh-ed25519 ZzuO9Q q2k3YYQI6/OoKZDziMKsm/n1rv8FPMhOvNDorK7WUWE
mE0qF9sh8k3bPDE7/YXqpY33ZqSLxXwTvenTsm6/oPs
-> ssh-ed25519 n7yA6g eDPdacOl+/2woXcahFUI6S4nX6O6tCcMJYA9dR8nlzo
5IZcYzMh9pVrMZcvOIT2m8MTthant6fS6nLKZtFicyQ
-> ssh-ed25519 dY0yIg ip9px5ApISPT2NCzTyboyl8gUZytGTYKPsZGB0kgsh4
dPE8NP9vgwtncOLKGgM1b1oZHheg7JMiricqXGSLQxY
-> ssh-ed25519 6AxuSw jqxAt3SJOwHAje8nHw5bHSmmkzpZgtmATwN1l12MbU0
dherf7BN9ewR3OqKUScpQo4Mgz/ZA2d+TsdleDvG3X8
--- 8cl5MX/Jcp42H4KUwgRO3JiMCP1oVIpwYpLuLvHp7mU
ÅÎ1´<EFBFBD>¨Ì¤[ࢹƒR<ŠgƒI<C692>=è9J:‡C™±—ïKÓrQ…"lcc<63>â° ÊÂâ @,¢'ë<>îLd™Þ¾L"”¤=½•…bžŠ¿Ü@d<>ó¿vŸcOhšÆ!ù9i²îk¿XáTØÔ<f„³i"*ºx†>Ò”I˜bøStJH§€¡Ä;Óýž¤moØÇ>#JÚ@<>Zù¼§7æW­œ0lŠb*ƒ0Ëœòã„y+¾3ë( lj,ˆo(¥â÷ÅË%yÄeê»"eÿ¿ <C2BF>ÜÐSM>­mUzÖH†¹˜>ƒÄu3=…§¯ûWwîÐDNàƒ“Æ}—o~dŽèÍiyc?}N]£´d

21
secrets/nix-netrc.age
View File

@ -1,13 +1,10 @@
age-encryption.org/v1
-> X25519 +dxETfWakpKvSaQVTxeLHDBXdayqBlr7yJq0dWMSFGY
g77c7eeyzIJ6bAOrNHmzgY7QrpqZDxdMpCJpMF42n2o
-> ssh-ed25519 4Ui0LA mVr6KkM+LLHSOvf4BdGC3MtWAAMSYM3mmTH+bcjVr0s
SHIPWWVswelNngbyzo2R7KlaroWia7DvnQDy7Fs33ww
-> ssh-ed25519 6AxuSw Tid/WYFqrd1JYcaUWvm2OvVgyL4P02YsMAOQxMCM9RI
LYvHorxmfFvR0sFSx4E+3wA7sP/L2+uz96deY4avjic
-> AQJmE-grease S
EgTtZe6JEBT1FbX9anwRzQ+3Rid4/9b+xmYZqA
--- tekC1o0eun9AxkJbUZBJAB4mhlCOIZtXdQfwNf4Oy2M
¥?ˆtÓúPQ­<51>¦; Ö$zu­qØÎó;UùÎTùoú¹t5i×<69>ô¯±â Ø2<C398>ëò
öýÄç©Ï¸èx#
ð Ò×áLq_h}K$óJdŸÈËú'ž#¾ýCÉ€¨GTÊôMK•©Cp÷öœ~5ÔˆYúm
-> X25519 pjYYJugYHVeVRqF7r8RA3vtj70SIC7zbOpWI1QGjvBM
Db+MzMeH5/Q8C+LYHQ3/WLTuVG3ueC8ChAcrjGu4YGo
-> ssh-ed25519 4Ui0LA ZYBLcDrtdz98JrYfuvz8TLlg+C51ugW+98M26TeP63g
PZNlTouthAuqws99czOWkGuKDgvNTZHHZEiOglHoE8Y
-> ssh-ed25519 6AxuSw MWafEpm7oKbYA2xpwzAlATk5lH2p/vHBGfFIjTOGAGE
SMyNjb+Nt60U4tVez+xWgovjXlKZnf1A04PtAGz09j8
--- j7pZRyi3Gy3uWkAGpVpqOr6GdBvEG7nSRSoMaXEhcdM
íUF(Ù§2âàclØø@6i”i&?#6U¤ÒL /¾„ åSåw½~ÞºÐчA­=H§lÔø\OgL°“šÛˆâ¡_:žÑï~ÄsÀ^t¥žú/sÿZ»e}´?mëýR-¹øfàÌ÷®uîÀÅ&¶#ÙíXJ€Ä¶æ2™¬)ˆŠyp<>Œªd”ë}<7D><08>jèÉõ Ý?É\
Ã<Â]Ý<>ìP_X9=ê1úÓÈÍÝî|aî<61>Ê'TE @ÐfëFôTÇ Œ¢ãbõÇ —‹8Ô¾—î!GhM©y_(âäx%vÍ<76>#G} ¤ÛfÍ 3fY<66>÷LùZŽ3@­<>dL`2F]\>üÜ Í|6üà •½;X²»÷º%ÿÈnƒg™¿0>%|œ<> v"ž @Õ—%(cGæX&¿Ì®Vµ½U_,Ý­_žá» ô;uÄâ

2
secrets/secrets.nix
View File

@ -17,6 +17,7 @@ in
"grafana.env.age".publicKeys = [ yorick frumar ];
"http.muflax.age".publicKeys = [ yorick pennyworth ];
"nix-netrc.age".publicKeys = [ yorick blackadder jarvis ];
"nix-netrc-yorick.age".publicKeys = [ yorick blackadder pennyworth frumar smithers jarvis ];
"pennyworth_borg_repo.age".publicKeys = [ yorick pennyworth ];
"pennyworth_borg_ssh.age".publicKeys = [ yorick pennyworth ];
"transip-key.age".publicKeys = [ yorick frumar ];
@ -28,4 +29,5 @@ in
"zigbee2mqtt.env.age".publicKeys = [ yorick frumar ];
"marvin-tracker.env.age".publicKeys = [ yorick frumar ];
"oauth2-proxy.age".publicKeys = [ yorick frumar ];
"attic.env.age".publicKeys = [ yorick frumar ];
}