| @@ -14,6 +14,7 @@ in | ||||
|   imports = [ | ||||
|     (import ../../../common/configs/user { inherit user home; }) | ||||
|  | ||||
|     (import ../../../common/configs/user/console/attic { inherit user home; }) | ||||
|     (import ../../../common/configs/user/console/brightnessctl { inherit user home; }) | ||||
|     (import ../../../common/configs/user/console/btop { inherit user home; }) | ||||
|     (import ../../../common/configs/user/console/fastfetch { inherit user home; }) | ||||
|   | ||||
| @@ -0,0 +1,127 @@ | ||||
| { user, home }: | ||||
| { | ||||
|   config, | ||||
|   inputs, | ||||
|   pkgs, | ||||
|   ... | ||||
| }: | ||||
| let | ||||
|   hmConfig = config.home-manager.users.${user}; | ||||
|   inherit (hmConfig.virtualisation.quadlet) containers volumes networks; | ||||
| in | ||||
| { | ||||
|   home-manager.users.${user} = { | ||||
|     sops = { | ||||
|       secrets = { | ||||
|         "attic/postgresql".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; | ||||
|         "attic/rs256".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; | ||||
|         "attic/admin".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; | ||||
|       }; | ||||
|  | ||||
|       templates = { | ||||
|         attic-postgresql-env.content = '' | ||||
|           POSTGRES_PASSWORD=${hmConfig.sops.placeholder."attic/postgresql"} | ||||
|         ''; | ||||
|  | ||||
|         attic-env.content = '' | ||||
|           ATTIC_TOKEN=${hmConfig.sops.placeholder."attic/admin"} | ||||
|         ''; | ||||
|  | ||||
|         attic.content = builtins.readFile ( | ||||
|           (pkgs.formats.toml { }).generate "server.toml" { | ||||
|             listen = "[::]:8080"; | ||||
|  | ||||
|             allowed-hosts = [ "nix.karaolidis.com" ]; | ||||
|             api-endpoint = "https://nix.karaolidis.com/"; | ||||
|  | ||||
|             database.url = "postgres://attic:${ | ||||
|               hmConfig.sops.placeholder."attic/postgresql" | ||||
|             }@attic-postgresql:5432/attic"; | ||||
|  | ||||
|             storage = { | ||||
|               type = "local"; | ||||
|               path = "/var/lib/attic"; | ||||
|             }; | ||||
|  | ||||
|             chunking = { | ||||
|               nar-size-threshold = 65536; | ||||
|               min-size = 16384; | ||||
|               avg-size = 65536; | ||||
|               max-size = 262144; | ||||
|             }; | ||||
|  | ||||
|             compression = { | ||||
|               type = "zstd"; | ||||
|               level = 8; | ||||
|             }; | ||||
|  | ||||
|             garbage-collection = { | ||||
|               interval = "12 hours"; | ||||
|               default-retention-period = "1 month"; | ||||
|             }; | ||||
|  | ||||
|             jwt.signing.token-rs256-secret-base64 = hmConfig.sops.placeholder."attic/rs256"; | ||||
|           } | ||||
|         ); | ||||
|       }; | ||||
|     }; | ||||
|  | ||||
|     systemd.user.tmpfiles.rules = [ | ||||
|       "d /mnt/storage/private/storm/containers/storage/volumes/attic/_data 700 storm storm" | ||||
|     ]; | ||||
|  | ||||
|     virtualisation.quadlet = { | ||||
|       networks.attic = { }; | ||||
|  | ||||
|       volumes.attic-postgresql = { }; | ||||
|  | ||||
|       containers = { | ||||
|         attic = { | ||||
|           containerConfig = { | ||||
|             image = "docker-archive:${pkgs.dockerImages.attic}"; | ||||
|             networks = [ | ||||
|               networks.attic.ref | ||||
|               networks.traefik.ref | ||||
|             ]; | ||||
|             volumes = [ | ||||
|               "/mnt/storage/private/storm/containers/storage/volumes/attic/_data:/var/lib/attic" | ||||
|               "${hmConfig.sops.templates.attic.path}:/etc/attic/server.toml" | ||||
|             ]; | ||||
|             environmentFiles = [ hmConfig.sops.templates.attic-env.path ]; | ||||
|             exec = [ | ||||
|               "--config" | ||||
|               "/etc/attic/server.toml" | ||||
|             ]; | ||||
|             labels = [ | ||||
|               "traefik.enable=true" | ||||
|               "traefik.http.routers.attic.rule=Host(`nix.karaolidis.com`)" | ||||
|             ]; | ||||
|           }; | ||||
|  | ||||
|           unitConfig = { | ||||
|             After = [ | ||||
|               "${containers.attic-postgresql._serviceName}.service" | ||||
|               "sops-nix.service" | ||||
|             ]; | ||||
|             Requires = [ "${containers.attic-postgresql._serviceName}.service" ]; | ||||
|           }; | ||||
|         }; | ||||
|  | ||||
|         attic-postgresql = { | ||||
|           containerConfig = { | ||||
|             image = "docker-archive:${pkgs.dockerImages.postgresql}"; | ||||
|             networks = [ networks.attic.ref ]; | ||||
|             volumes = [ "${volumes.attic-postgresql.ref}:/var/lib/postgresql/data" ]; | ||||
|             environments = { | ||||
|               POSTGRES_DB = "attic"; | ||||
|               POSTGRES_USER = "attic"; | ||||
|             }; | ||||
|             environmentFiles = [ hmConfig.sops.templates.attic-postgresql-env.path ]; | ||||
|           }; | ||||
|  | ||||
|           unitConfig.After = [ "sops-nix.service" ]; | ||||
|         }; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
| @@ -0,0 +1,22 @@ | ||||
| # shellcheck shell=sh | ||||
|  | ||||
| attic login main https://nix.karaolidis.com/ "$ATTIC_TOKEN" | ||||
|  | ||||
| CACHE_NAME="main" | ||||
|  | ||||
| while true; do | ||||
|   out=$(attic cache info "$CACHE_NAME" 2>&1) | ||||
|   status=$? | ||||
|  | ||||
|   if [ $status -eq 0 ]; then | ||||
|     break | ||||
|   elif echo "$out" | grep -q "NoSuchCache"; then | ||||
|     attic cache create "$CACHE_NAME" | ||||
|   elif echo "$out" | grep -q "404"; then | ||||
|     sleep 0.1 | ||||
|   else | ||||
|     echo "Unexpected error:" | ||||
|     echo "$out" | ||||
|     break | ||||
|   fi | ||||
| done | ||||
| @@ -10,6 +10,7 @@ let | ||||
| in | ||||
| { | ||||
|   imports = [ | ||||
|     (import ./attic { inherit user home; }) | ||||
|     (import ./authelia { inherit user home; }) | ||||
|     (import ./gitea { inherit user home; }) | ||||
|     (import ./grafana { inherit user home; }) | ||||
|   | ||||
| @@ -14,6 +14,7 @@ in | ||||
|   imports = [ | ||||
|     (import ../../../common/configs/user { inherit user home; }) | ||||
|  | ||||
|     (import ../../../common/configs/user/console/attic { inherit user home; }) | ||||
|     (import ../../../common/configs/user/console/brightnessctl { inherit user home; }) | ||||
|     (import ../../../common/configs/user/console/btop { inherit user home; }) | ||||
|     (import ../../../common/configs/user/console/home-manager { inherit user home; }) | ||||
|   | ||||
		Reference in New Issue
	
	Block a user