nixos-config/modules/services/attic.nix

{ config, ... }:
{
  services = {
    atticd = {
      enable = true;

      # File containing the server token in the following format:
      #   ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=<...>
      # You can generate the token by running the following command:
      #   openssl genrsa -traditional 4096 | base64 -w0
      environmentFile = config.sops.secrets.atticdEnvironment.path;
      settings = {
        # Listen on some port. Replace it!
        listen = "[::]:8060";
        # The two lines below should be set to the URL where your Attic cache will be available.
        allowed-hosts = [ "cache.liv.town" ];
        # Apparently it's very important this ends in a "/"
        api-endpoint = "https://cache.liv.town/";
        jwt = { };
        database = {
          # I used Postgres here, but if you leave it empty
          # it will use an in-memory SQLite DB instead.
          # url = "postgresql://atticd@127.0.0.1/atticd";
          # heartbeat = true;
        };
        storage = {
          # You could also use S3 here. But nah lol shit's expensive.
          type = "local";
          # Leave this empty to use the default path,
          # or change it to some path that Attic can write to.
          path = "/mnt/nfs/violet/nix";
        };
      };
    };
    anubis.instances.atticd = {
      settings = {
        TARGET = "http://localhost:8060";
        BIND = ":8061";
        BIND_NETWORK = "tcp";
      };
    };
    nginx.virtualHosts."cache.liv.town" = {
      forceSSL = true;
      sslCertificate = "/var/lib/acme/liv.town/cert.pem";
      sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
      locations."/" = {
        proxyPass = "http://localhost${toString config.services.anubis.instances.atticd.settings.BIND}";
        proxyWebsockets = true;
      };
    };
  };
}
feat: create module for atticd 2025-11-11 11:36:50 +01:00			`{ config, ... }:`
			`{`
			`services = {`
			`atticd = {`
			`enable = true;`

			`# File containing the server token in the following format:`
			`# ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=<...>`
			`# You can generate the token by running the following command:`
			`# openssl genrsa -traditional 4096 \| base64 -w0`
			`environmentFile = config.sops.secrets.atticdEnvironment.path;`
			`settings = {`
			`# Listen on some port. Replace it!`
			`listen = "[::]:8060";`
			`# The two lines below should be set to the URL where your Attic cache will be available.`
			`allowed-hosts = [ "cache.liv.town" ];`
			`# Apparently it's very important this ends in a "/"`
			`api-endpoint = "https://cache.liv.town/";`
			`jwt = { };`
			`database = {`
			`# I used Postgres here, but if you leave it empty`
			`# it will use an in-memory SQLite DB instead.`
			`# url = "postgresql://atticd@127.0.0.1/atticd";`
			`# heartbeat = true;`
			`};`
			`storage = {`
			`# You could also use S3 here. But nah lol shit's expensive.`
			`type = "local";`
			`# Leave this empty to use the default path,`
			`# or change it to some path that Attic can write to.`
			`path = "/mnt/nfs/violet/nix";`
			`};`
			`};`
			`};`
			`anubis.instances.atticd = {`
			`settings = {`
			`TARGET = "http://localhost:8060";`
			`BIND = ":8061";`
			`BIND_NETWORK = "tcp";`
			`};`
			`};`
			`nginx.virtualHosts."cache.liv.town" = {`
			`forceSSL = true;`
			`sslCertificate = "/var/lib/acme/liv.town/cert.pem";`
			`sslCertificateKey = "/var/lib/acme/liv.town/key.pem";`
			`locations."/" = {`
			`proxyPass = "http://localhost${toString config.services.anubis.instances.atticd.settings.BIND}";`
			`proxyWebsockets = true;`
			`};`
			`};`
			`};`
			`}`