Setup cache.xnee.net

peterablehmann · Mar 20, 2024 · 5810762 · 5810762
1 parent 15b403c
commit 5810762
Show file tree

Hide file tree

Showing 10 changed files with 377 additions and 32 deletions.
diff --git a/.sops.yaml b/.sops.yaml
@@ -3,6 +3,7 @@ keys:
   - &system_mns age1s7xs405mkw2gagclktekz27lxhh38se7adrkdfc0x2l28j9xsvdqcdrsyr
   - &system_monitoring age1dpaezlv6va4a8pdqc9w8exuy54d8y2q20yu9zc98q326lusyfdpsf6ph93
   - &system_sync age1ap6uwhhy4uvq72hwyts7gzl027mnypakvj6svphgw2fm8jk72v7qtccs76
+  - &system_cache age1tst50yvdtvlggtjcpa47pvywcdaxfv00v04wfwf552wg4wraaexqsaqlke
 
 creation_rules:
   - path_regex: secrets/common.(yaml|json|env|ini)$
@@ -12,6 +13,7 @@ creation_rules:
       - *system_mns
       - *system_monitoring
       - *system_sync
+      - *system_cache
 
   - path_regex: secrets/[^/]+\.mns.(yaml|json|env|ini)$
     key_groups:
@@ -30,3 +32,9 @@ creation_rules:
     - age:
       - *peter
       - *system_monitoring
+
+  - path_regex: secrets/cache.(yaml|json|env|ini)$
+    key_groups:
+    - age:
+      - *peter
+      - *system_cache
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -18,6 +18,9 @@
     # Colmena
     colmena.url = "github:zhaofengli/colmena/main";
     colmena.inputs.nixpkgs.follows = "nixpkgs";
+
+    # Attic
+    attic.url = "github:zhaofengli/attic";
   };
 
   outputs =
@@ -27,6 +30,7 @@
     , sops-nix
     , flake-utils
     , colmena
+    , attic
     , ...
     } @ inputs:
     let
@@ -85,6 +89,15 @@
             self.nixosModules.common
           ];
         };
+        cache = nixpkgs.lib.nixosSystem {
+          specialArgs = { inherit inputs outputs; };
+          system = "x86_64-linux";
+          extraModules = [ inputs.colmena.nixosModules.deploymentOptions ];
+          modules = [
+            ./nodes/cache
+            self.nixosModules.common
+          ];
+        };
       };
 
       nixosModules = {

diff --git a/nodes/cache/attic.nix b/nodes/cache/attic.nix
@@ -0,0 +1,75 @@
+{ inputs
+, config
+, ...
+}:
+{
+  imports = [ inputs.attic.nixosModules.atticd ];
+
+
+  sops.secrets."atticd/env" = {
+    sopsFile = "${inputs.self}/secrets/cache.yaml";
+  };
+
+  security.acme = {
+    defaults.email = "[email protected]";
+    acceptTerms = true;
+    certs."cache.xnee.net" = { };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  services = {
+    atticd = {
+      enable = true;
+      credentialsFile = config.sops.secrets."atticd/env".path;
+
+      settings = {
+        listen = "127.0.0.1:8080";
+
+        storage = {
+          type = "s3";
+          endpoint = "https://s3.wasabisys.com";
+          region = "eu-central-2";
+          bucket = "cache-xnee-net";
+        };
+
+        # Data chunking
+        #
+        # Warning: If you change any of the values here, it will be
+        # difficult to reuse existing chunks for newly-uploaded NARs
+        # since the cutpoints will be different. As a result, the
+        # deduplication ratio will suffer for a while after the change.
+        chunking = {
+          # The minimum NAR size to trigger chunking
+          #
+          # If 0, chunking is disabled entirely for newly-uploaded NARs.
+          # If 1, all NARs are chunked.
+          nar-size-threshold = 64 * 1024; # 64 KiB
+
+          # The preferred minimum size of a chunk, in bytes
+          min-size = 16 * 1024; # 16 KiB
+
+          # The preferred average size of a chunk, in bytes
+          avg-size = 64 * 1024; # 64 KiB
+
+          # The preferred maximum size of a chunk, in bytes
+          max-size = 256 * 1024; # 256 KiB
+        };
+      };
+    };
+
+    nginx = {
+      enable = true;
+      recommendedTlsSettings = true;
+      recommendedOptimisation = true;
+      recommendedProxySettings = true;
+      virtualHosts."cache.xnee.net" = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://${config.services.atticd.settings.listen}";
+        };
+      };
+    };
+  };
+}
diff --git a/nodes/cache/default.nix b/nodes/cache/default.nix
@@ -0,0 +1,10 @@
+{
+  imports = [
+    ./disko.nix
+    ./hardware-configuration.nix
+    ./networking.nix
+    ./attic.nix
+  ];
+
+
+}
diff --git a/nodes/cache/disko.nix b/nodes/cache/disko.nix
@@ -0,0 +1,34 @@
+{
+  disko.devices = {
+    disk = {
+      sda = {
+        device = "/dev/sda";
+        type = "disk";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              label = "EFI";
+              type = "EF00";
+              size = "500M";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            };
+            root = {
+              label = "NIXOS";
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}