Add attic server
parent
8a89d26e08
commit
7723bc0df1
74
flake.lock
74
flake.lock
|
@ -23,6 +23,34 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"attic": {
|
||||
"inputs": {
|
||||
"crane": "crane",
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": [
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-stable": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1707922053,
|
||||
"narHash": "sha256-wSZjK+rOXn+UQiP1NbdNn5/UW6UcBxjvlqr2wh++MbM=",
|
||||
"owner": "zhaofengli",
|
||||
"repo": "attic",
|
||||
"rev": "6eabc3f02fae3683bffab483e614bebfcd476b21",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "zhaofengli",
|
||||
"repo": "attic",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"blobs": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
|
@ -39,6 +67,27 @@
|
|||
"type": "gitlab"
|
||||
}
|
||||
},
|
||||
"crane": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"attic",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1702918879,
|
||||
"narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=",
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"darwin": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
@ -80,7 +129,7 @@
|
|||
"dream2nix": {
|
||||
"inputs": {
|
||||
"devshell": "devshell",
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"flake-parts": "flake-parts",
|
||||
"nix-unit": "nix-unit",
|
||||
"nixpkgs": "nixpkgs",
|
||||
|
@ -138,6 +187,22 @@
|
|||
}
|
||||
},
|
||||
"flake-compat_2": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1673956053,
|
||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_3": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1668681692,
|
||||
|
@ -153,7 +218,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_3": {
|
||||
"flake-compat_4": {
|
||||
"locked": {
|
||||
"lastModified": 1688025799,
|
||||
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
|
||||
|
@ -537,7 +602,7 @@
|
|||
"nixos-mailserver": {
|
||||
"inputs": {
|
||||
"blobs": "blobs",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"flake-compat": "flake-compat_3",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
|
@ -653,7 +718,7 @@
|
|||
},
|
||||
"nixpkgs-wayland": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_3",
|
||||
"flake-compat": "flake-compat_4",
|
||||
"lib-aggregate": "lib-aggregate",
|
||||
"nix-eval-jobs": "nix-eval-jobs",
|
||||
"nixpkgs": [
|
||||
|
@ -732,6 +797,7 @@
|
|||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"attic": "attic",
|
||||
"emacs-overlay": "emacs-overlay",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"fooocus": "fooocus",
|
||||
|
|
12
flake.nix
12
flake.nix
|
@ -16,6 +16,14 @@
|
|||
nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
|
||||
nix-npm-buildpackage.url = "github:serokell/nix-npm-buildpackage";
|
||||
nix-npm-buildpackage.inputs.nixpkgs.follows = "nixpkgs";
|
||||
attic = {
|
||||
url = "github:zhaofengli/attic";
|
||||
inputs = {
|
||||
nixpkgs-stable.follows = "nixpkgs";
|
||||
nixpkgs.follows = "nixpkgs";
|
||||
flake-utils.follows = "flake-utils";
|
||||
};
|
||||
};
|
||||
timesync = {
|
||||
url = "github:datakami/timesync";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
@ -24,7 +32,8 @@
|
|||
};
|
||||
outputs = inputs@{ nixpkgs, home-manager, nixpkgs-mozilla, emacs-overlay
|
||||
, nixpkgs-wayland, nixos-hardware, agenix, flake-utils
|
||||
, nix-index-database, nix-npm-buildpackage, timesync
|
||||
, nix-index-database, nix-npm-buildpackage, timesync
|
||||
, attic
|
||||
, self
|
||||
, ... }:
|
||||
(flake-utils.lib.eachSystem [ "x86_64-linux" ] (system:
|
||||
|
@ -102,6 +111,7 @@
|
|||
nixpkgs-mozilla.overlay
|
||||
emacs-overlay.overlay
|
||||
agenix.overlays.default
|
||||
attic.overlays.default
|
||||
(import ./fixups.nix)
|
||||
(import ./pkgs)
|
||||
(import ./pkgs/mdr.nix)
|
||||
|
|
|
@ -0,0 +1,56 @@
|
|||
{ config, pkgs, lib, inputs, ... }: {
|
||||
imports = [
|
||||
inputs.attic.nixosModules.atticd
|
||||
];
|
||||
age.secrets.attic.file = ../../../secrets/attic.env.age;
|
||||
|
||||
services.nginx.virtualHosts."cache.yori.cc" = {
|
||||
onlySSL = true;
|
||||
useACMEHost = "wildcard.yori.cc";
|
||||
locations."/" = {
|
||||
proxyPass = "http://[::]:8091";
|
||||
recommendedProxySettings = true;
|
||||
};
|
||||
extraConfig = ''
|
||||
client_max_body_size 8000M;
|
||||
proxy_request_buffering off;
|
||||
proxy_read_timeout 600s;
|
||||
'';
|
||||
};
|
||||
services.atticd = {
|
||||
enable = true;
|
||||
credentialsFile = config.age.secrets.attic.path;
|
||||
settings = {
|
||||
storage = {
|
||||
type = "local";
|
||||
path = "/attic";
|
||||
};
|
||||
database.url = "postgresql:///atticd";
|
||||
listen = "[::]:8091";
|
||||
chunking = {
|
||||
nar-size-threshold = 128 * 1024;
|
||||
min-size = 32 * 1024;
|
||||
avg-size = 128 * 1024;
|
||||
max-size = 512 * 1024;
|
||||
};
|
||||
};
|
||||
};
|
||||
systemd.tmpfiles.rules = with config.services.atticd; [
|
||||
"d /attic 0770 ${user} ${group}"
|
||||
];
|
||||
users.users.${config.services.atticd.user} = {
|
||||
isSystemUser = true;
|
||||
createHome = false;
|
||||
group = config.services.atticd.group;
|
||||
};
|
||||
users.groups.${config.services.atticd.group} = {};
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
package = pkgs.postgresql_15;
|
||||
ensureDatabases = [ "atticd" ];
|
||||
ensureUsers = [ {
|
||||
name = "atticd";
|
||||
ensureDBOwnership = true;
|
||||
} ];
|
||||
};
|
||||
}
|
|
@ -6,6 +6,7 @@
|
|||
./paperless.nix
|
||||
./media.nix
|
||||
./home-automation.nix
|
||||
./cache.nix
|
||||
];
|
||||
|
||||
system.stateVersion = "15.09";
|
||||
|
|
|
@ -9,7 +9,7 @@ in {
|
|||
age.secrets.nix-netrc.file = ../../secrets/nix-netrc.age;
|
||||
nix.settings = {
|
||||
substituters = [ "https://cache.lumi.guide/?priority=50" ];
|
||||
netrc-file = config.age.secrets.nix-netrc.path;
|
||||
netrc-file = lib.mkForce config.age.secrets.nix-netrc.path;
|
||||
trusted-public-keys = [
|
||||
"cache.lumi.guide-1:z813xH+DDlh+wvloqEiihGvZqLXFmN7zmyF8wR47BHE="
|
||||
];
|
||||
|
|
|
@ -18,6 +18,7 @@ in {
|
|||
age.secrets = {
|
||||
root-user-pass.file = ../../secrets/root-user-pass.age;
|
||||
yorick-user-pass.file = ../../secrets/yorick-user-pass.age;
|
||||
nix-netrc-yorick.file = ../../secrets/nix-netrc-yorick.age;
|
||||
};
|
||||
|
||||
nix.nixPath = [];# "nixpkgs=${pkgs.path}" ];
|
||||
|
@ -81,6 +82,7 @@ in {
|
|||
hdparm
|
||||
lm_sensors
|
||||
ncdu
|
||||
attic
|
||||
|
||||
# utils
|
||||
file
|
||||
|
@ -128,8 +130,6 @@ in {
|
|||
};
|
||||
security.acme.defaults.email = "acme@yori.cc";
|
||||
security.acme.acceptTerms = true;
|
||||
nix.settings.trusted-public-keys =
|
||||
[ "yorick:Pmd0gyrTvVdzpQyb/raHJKdoOag8RLaj434qBgMm4I0=" ];
|
||||
|
||||
nix.settings.trusted-users = [ "@wheel" ];
|
||||
services.prometheus.exporters.node = {
|
||||
|
@ -139,4 +139,12 @@ in {
|
|||
};
|
||||
networking.firewall.interfaces.wg-y.allowedTCPPorts = [ 9100 ];
|
||||
xdg.autostart.enable = false;
|
||||
|
||||
nix.settings = {
|
||||
substituters = [ "https://cache.yori.cc/yorick" ];
|
||||
netrc-file = config.age.secrets.nix-netrc-yorick.path;
|
||||
trusted-public-keys = [
|
||||
"yorick:sWqvIllvDhMS9vcWyk4+zSk9L6zq8UgcLPEEQJsAdW4="
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -18,15 +18,7 @@
|
|||
"${gsettings-desktop-schemas}/share/gsettings-schemas/${gsettings-desktop-schemas.name}"
|
||||
# emacs?
|
||||
];
|
||||
nix = {
|
||||
gc.automatic = pkgs.lib.mkOverride 30 false;
|
||||
settings.substituters = [
|
||||
#"s3://yori-nix?endpoint=s3.eu-central-003.backblazeb2.com&profile=backblaze-read"
|
||||
];
|
||||
settings.trusted-public-keys = [
|
||||
"yorick:Pmd0gyrTvVdzpQyb/raHJKdoOag8RLaj434qBgMm4I0="
|
||||
];
|
||||
};
|
||||
nix.gc.automatic = lib.mkOverride 30 false;
|
||||
virtualisation.libvirtd.enable = true;
|
||||
# fix glasgow, fomu, backlight
|
||||
services.udev.extraRules = ''
|
||||
|
@ -87,7 +79,18 @@
|
|||
source-code-pro
|
||||
ubuntu_font_family # Ubuntu fonts
|
||||
source-han-sans
|
||||
nerdfonts
|
||||
(nerdfonts.override {
|
||||
fonts = [
|
||||
"DejaVuSansMono"
|
||||
"Inconsolata"
|
||||
"Noto"
|
||||
"SourceCodePro"
|
||||
"Ubuntu"
|
||||
"UbuntuMono"
|
||||
"Iosevka"
|
||||
"IosevkaTerm"
|
||||
];
|
||||
})
|
||||
iosevka
|
||||
emojione
|
||||
font-awesome
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
age-encryption.org/v1
|
||||
-> X25519 K+KXUwQaKH32nHAM3MlnddgKsW3whn3VIFTEWGHslTo
|
||||
+kb40pON4phWdiyeA62WUtO+ObaxJB7sc/voiEE2b5Y
|
||||
-> ssh-ed25519 n7yA6g Q6U3CQc6TInYL+91d/H+AedrTpDJviiW26aRJNfm4n8
|
||||
pAJXRVjlH+yxeVfQFjhpXGKe1WtiUQerDyAj3Ca2738
|
||||
--- nV6YlcU1voUcYqI/fAnxYssj0eD28PG59Otl04fS6eM
|
||||
Jâ3WÖf22„h<EFBFBD>ý™Ýð¬‡ú‚«rë@H„¶%Míu=¾ƒp{(i}û‚!r.‘þÊ_÷qS”O ˜ïù£—ËÆÙ«·®ÿ.èù#§‡(„‚ÆÝ{ƒÉ²""qÐ0<C390>ô]5OßÙøK±«aqYPwkñ í‡ÞàLz%”éÞèØ8ÚíÎ{îݶ«õl™ –qG<71>ˆº'>™¡ç@
|
|
@ -0,0 +1,15 @@
|
|||
age-encryption.org/v1
|
||||
-> X25519 pUJv2+UeKmgR9dliN8CM3ZhIcAFkZVtoVinNKqz/xjc
|
||||
TInJdQwvyXGlzJUB4gFV7C5eVwdcKHMKEKCBI+/t7RQ
|
||||
-> ssh-ed25519 4Ui0LA t2S/srNSxkzJ5vGcBMjAvV2u3RRiVNw4jEioTAamqAo
|
||||
8vdC4WFCfrtlKVlM4RGcDHCEbmomK41OLEPqLflbTRE
|
||||
-> ssh-ed25519 ZzuO9Q q2k3YYQI6/OoKZDziMKsm/n1rv8FPMhOvNDorK7WUWE
|
||||
mE0qF9sh8k3bPDE7/YXqpY33ZqSLxXwTvenTsm6/oPs
|
||||
-> ssh-ed25519 n7yA6g eDPdacOl+/2woXcahFUI6S4nX6O6tCcMJYA9dR8nlzo
|
||||
5IZcYzMh9pVrMZcvOIT2m8MTthant6fS6nLKZtFicyQ
|
||||
-> ssh-ed25519 dY0yIg ip9px5ApISPT2NCzTyboyl8gUZytGTYKPsZGB0kgsh4
|
||||
dPE8NP9vgwtncOLKGgM1b1oZHheg7JMiricqXGSLQxY
|
||||
-> ssh-ed25519 6AxuSw jqxAt3SJOwHAje8nHw5bHSmmkzpZgtmATwN1l12MbU0
|
||||
dherf7BN9ewR3OqKUScpQo4Mgz/ZA2d+TsdleDvG3X8
|
||||
--- 8cl5MX/Jcp42H4KUwgRO3JiMCP1oVIpwYpLuLvHp7mU
|
||||
ÅÎ1´<EFBFBD>¨Ì¤[ࢹƒR<ŠgƒI<C692>=è9J:‡C™±—ïKÓrQ…"lcc<63>â°ÊÂâ @,¢'ë<>îLd™Þ¾L"”¤=½•…bžŠ¿Ü@d<>ó¿vŸcOhšÆ!ù9i²îk¿X’áTØÔ<f„³i"*ºx†>Ò”I˜bøStJH§€¡Ä;Óýž¤moØÇ>#JÚ@<>Zù¼§7æWœ0lŠb*ƒ0Ëœòã„y+¾3ë( lj,ˆo(¥â÷ÅË%yÄeê»"eÿ¿ <C2BF>ÜÐSM>mUzÖH†¹˜>ƒÄu3=…§¯ûWwîÐDNàƒ“Æ}‹—o~dŽèÍiyc?’}N]£´d
|
|
@ -1,13 +1,10 @@
|
|||
age-encryption.org/v1
|
||||
-> X25519 +dxETfWakpKvSaQVTxeLHDBXdayqBlr7yJq0dWMSFGY
|
||||
g77c7eeyzIJ6bAOrNHmzgY7QrpqZDxdMpCJpMF42n2o
|
||||
-> ssh-ed25519 4Ui0LA mVr6KkM+LLHSOvf4BdGC3MtWAAMSYM3mmTH+bcjVr0s
|
||||
SHIPWWVswelNngbyzo2R7KlaroWia7DvnQDy7Fs33ww
|
||||
-> ssh-ed25519 6AxuSw Tid/WYFqrd1JYcaUWvm2OvVgyL4P02YsMAOQxMCM9RI
|
||||
LYvHorxmfFvR0sFSx4E+3wA7sP/L2+uz96deY4avjic
|
||||
-> AQJmE-grease S
|
||||
EgTtZe6JEBT1FbX9anwRzQ+3Rid4/9b+xmYZqA
|
||||
--- tekC1o0eun9AxkJbUZBJAB4mhlCOIZtXdQfwNf4Oy2M
|
||||
¥?‹ˆtÓúPQ<51>¦;Ö$zuqØÎó;UùÎTùoú¹t5i×<69>ô¯±âØ2<C398>ëò
|
||||
öýÄç©Ï¸èx#
|
||||
ð Ò×áLq_h}K$óJdŸÈËú'ž#‚¾ýCÉ€¨GTÊôMK•©Cp÷öœ~5ÔˆYúm
|
||||
-> X25519 pjYYJugYHVeVRqF7r8RA3vtj70SIC7zbOpWI1QGjvBM
|
||||
Db+MzMeH5/Q8C+LYHQ3/WLTuVG3ueC8ChAcrjGu4YGo
|
||||
-> ssh-ed25519 4Ui0LA ZYBLcDrtdz98JrYfuvz8TLlg+C51ugW+98M26TeP63g
|
||||
PZNlTouthAuqws99czOWkGuKDgvNTZHHZEiOglHoE8Y
|
||||
-> ssh-ed25519 6AxuSw MWafEpm7oKbYA2xpwzAlATk5lH2p/vHBGfFIjTOGAGE
|
||||
SMyNjb+Nt60U4tVez+xWgovjXlKZnf1A04PtAGz09j8
|
||||
--- j7pZRyi3Gy3uWkAGpVpqOr6GdBvEG7nSRSoMaXEhcdM
|
||||
íUF(Ù§2âàclØø@6i‹”i&?#6U¤ÒL› ^û/¾„ åSåw½7Å~ÞºÐчA=H‘§lÔø\OgL°’“šÛˆâ¡_:žÑï~ÄsÀ^t¥žú/sÿZ»e}´‹?mëýR-¹øfàÌ÷®uîÀÅ&¶#ÙíXJ€Ä¶æ2™‹¬)€ˆŠyp<>–Œªd”ë}<7D><08>jèÉõ Ý?É\
|
||||
Ã<Â]Ý<>ìP_X9=ê1úÓÈÍÝî|aî<61>Ê'TE @ÐfëFôTÇ Œ¢ãbõÇ—‹8Ô¾—î!GhM©y_(âäx%vÍ<76>#G}¤ÛfÍ 3fY<66>÷LùZŽ3@<>dL`‘2F]\>üÜ Í|6üà •½;X²»÷º%ÿÈnƒg™¿0>%|œ<>v"ž @Õ—%(c–GæX&¿Ì®Vµ½U_,Ý–_žá»
ô;uÄâ
|
|
@ -17,6 +17,7 @@ in
|
|||
"grafana.env.age".publicKeys = [ yorick frumar ];
|
||||
"http.muflax.age".publicKeys = [ yorick pennyworth ];
|
||||
"nix-netrc.age".publicKeys = [ yorick blackadder jarvis ];
|
||||
"nix-netrc-yorick.age".publicKeys = [ yorick blackadder pennyworth frumar smithers jarvis ];
|
||||
"pennyworth_borg_repo.age".publicKeys = [ yorick pennyworth ];
|
||||
"pennyworth_borg_ssh.age".publicKeys = [ yorick pennyworth ];
|
||||
"transip-key.age".publicKeys = [ yorick frumar ];
|
||||
|
@ -28,4 +29,5 @@ in
|
|||
"zigbee2mqtt.env.age".publicKeys = [ yorick frumar ];
|
||||
"marvin-tracker.env.age".publicKeys = [ yorick frumar ];
|
||||
"oauth2-proxy.age".publicKeys = [ yorick frumar ];
|
||||
"attic.env.age".publicKeys = [ yorick frumar ];
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue