feat: create module for atticd

2025-12-04 15:00:13 +01:00 · 2025-11-11 11:36:50 +01:00 · 2025-11-11 11:36:50 +01:00 · f47ac18dab
commit f47ac18dab
parent 7fa7706d43
2 changed files with 54 additions and 0 deletions
--- a/modules/services/attic.nix
+++ b/modules/services/attic.nix
@ -0,0 +1,52 @@
+{ config, ... }:
+{
+  services = {
+    atticd = {
+      enable = true;
+
+      # File containing the server token in the following format:
+      #   ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=<...>
+      # You can generate the token by running the following command:
+      #   openssl genrsa -traditional 4096 | base64 -w0
+      environmentFile = config.sops.secrets.atticdEnvironment.path;
+      settings = {
+        # Listen on some port. Replace it!
+        listen = "[::]:8060";
+        # The two lines below should be set to the URL where your Attic cache will be available.
+        allowed-hosts = [ "cache.liv.town" ];
+        # Apparently it's very important this ends in a "/"
+        api-endpoint = "https://cache.liv.town/";
+        jwt = { };
+        database = {
+          # I used Postgres here, but if you leave it empty
+          # it will use an in-memory SQLite DB instead.
+          # url = "postgresql://atticd@127.0.0.1/atticd";
+          # heartbeat = true;
+        };
+        storage = {
+          # You could also use S3 here. But nah lol shit's expensive.
+          type = "local";
+          # Leave this empty to use the default path,
+          # or change it to some path that Attic can write to.
+          path = "/mnt/nfs/violet/nix";
+        };
+      };
+    };
+    anubis.instances.atticd = {
+      settings = {
+        TARGET = "http://localhost:8060";
+        BIND = ":8061";
+        BIND_NETWORK = "tcp";
+      };
+    };
+    nginx.virtualHosts."cache.liv.town" = {
+      forceSSL = true;
+      sslCertificate = "/var/lib/acme/liv.town/cert.pem";
+      sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
+      locations."/" = {
+        proxyPass = "http://localhost${toString config.services.anubis.instances.atticd.settings.BIND}";
+        proxyWebsockets = true;
+      };
+    };
+  };
+}
--- a/modules/services/violet.nix
+++ b/modules/services/violet.nix
@ -3,12 +3,14 @@
  imports =
    [ (import ./invidious.nix) ]
    ++ [ (import ./anubis.nix) ]
+    ++ [ (import ./attic.nix) ]
    ++ [ (import ./borg.nix) ]
    ++ [ (import ./binternet-proxy.nix) ]
    ++ [ (import ./bluemap-proxy.nix) ]
    ++ [ (import ./docker.nix) ]
    ++ [ (import ./email.nix) ]
    ++ [ (import ./forgejo.nix) ]
+    # ++ [ (import ./funkwhale.nix) ]
    ++ [ (import ./grafana.nix) ]
    ++ [ (import ./guacamole.nix) ]
    ++ [ (import ./gokapi.nix) ]