wailord: set up atticd

2024-04-25 23:27:39 +05:30 · 2024-04-25 23:27:39 +05:30 · ef68754cb5
parent 5eb047a218
commit ef68754cb5
5 changed files with 116 additions and 0 deletions
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,35 @@
 {
  "nodes": {
+    "attic": {
+      "inputs": {
+        "crane": "crane",
+        "flake-compat": [
+          "flake-compat"
+        ],
+        "flake-utils": [
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1711742460,
+        "narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=",
+        "owner": "zhaofengli",
+        "repo": "attic",
+        "rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "zhaofengli",
+        "repo": "attic",
+        "type": "github"
+      }
+    },
    "base16": {
      "inputs": {
        "fromYaml": "fromYaml"
@ -147,6 +177,27 @@
        "type": "github"
      }
    },
+    "crane": {
+      "inputs": {
+        "nixpkgs": [
+          "attic",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1702918879,
+        "narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=",
+        "owner": "ipetkov",
+        "repo": "crane",
+        "rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ipetkov",
+        "repo": "crane",
+        "type": "github"
+      }
+    },
    "darwin": {
      "inputs": {
        "nixpkgs": [
@ -691,6 +742,7 @@
    },
    "root": {
      "inputs": {
+        "attic": "attic",
        "darwin": "darwin",
        "deploy-rs": "deploy-rs",
        "devshell": "devshell",
--- a/flake.nix
+++ b/flake.nix
@ -39,6 +39,7 @@
        srvos.nixosModules.desktop
      ];
      systems.hosts.wailord.modules = with inputs; [
+        attic.nixosModules.atticd
        disko.nixosModules.disko
        srvos.nixosModules.server
      ];
@ -119,6 +120,12 @@

    systems.url = "github:msfjarvis/flake-systems";

+    attic.url = "github:zhaofengli/attic";
+    attic.inputs.nixpkgs.follows = "nixpkgs";
+    attic.inputs.nixpkgs-stable.follows = "nixpkgs";
+    attic.inputs.flake-utils.follows = "flake-utils";
+    attic.inputs.flake-compat.follows = "flake-compat";
+
    darwin.url = "github:LnL7/nix-darwin/master";
    darwin.inputs.nixpkgs.follows = "nixpkgs";

--- a/modules/nixos/profiles/server/default.nix
+++ b/modules/nixos/profiles/server/default.nix
@ -41,6 +41,9 @@ in {
      owner = config.services.yarr.user;
      inherit (config.services.yarr) group;
    };
+    sops.secrets.atticd = {
+      sopsFile = ./../../../../secrets/atticd.yaml;
+    };

    # Automatically log into my user account
    services.getty.autologinUser = lib.mkForce "msfjarvis";
--- a/secrets/atticd.yaml
+++ b/secrets/atticd.yaml
@ -0,0 +1,39 @@
+atticd: ENC[AES256_GCM,data:ZkGv4muspssESRbEF8MiZQ2E9+jpZ91bUtRZgOZ75KTZk+Wl9J7vwPoGQWG8dgXwC7UcpQlL7G1TMBfX6w4paRodE9TYOdZuDEkFahEeyXaxGyMHVLulOwRr3kONwsumidIYBGsLecxMDaleRq3olxSgGSYt18ihhAuEl6Nr8w==,iv:/8T2K7Tpsfyp68i+RAE90uZpuxCI0Dn2gnI/9RKqmag=,tag:vFPEsPRYMdvubGNMkdpyWA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1y7arunqzyjjdyspx46z20x6qadxpxfu5z59qe74tn4re375ctg7qtj48p3
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmQ0JaMkJzMjhVcnovc2pv
+            WHZQM0hiYndjL0d2K205TjQ3SDE1WS9wR0dBClBFSk91SFdIaUdXRnhsSFAvL2pt
+            MUUwcnNYd2NhczlTYnFhM08yL1hhSTgKLS0tIDBTR2thZnRSRmNSZzhPTHd0L2Rw
+            c3JlWHFDZ0RsdHREcXAxSzQzekVQWEUKqPE64wGtzcnD+8EH5hsIDcEa0LhrPeRC
+            +0blkwgQYjCeZYTlG54/qFJt7g8balUE0y/bJExtX1GiCpThaJNoXA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1dvrymsl5xk26pkznk5kljqssnkvae2ftsawx96n4r43p3cfzyv4qtr67qj
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVaEJwLzMxMkpoVmcwbVhN
+            a1JFMVowZGZvRENmY0ZYUG9pZFc1ZW5HdjJVCmIwcHQ4V0grRWRiWkFoLzZXaGdu
+            aUUzdURGUW1kSitRWit4NENFajQ2TkEKLS0tIGI0Yk9FRlJodklLRU81WkZ3NE50
+            cUZsdmFrOEFrSSsrVSsxYm1ObkVrd1kKjyq2UPf4ceU+JiZeIuLidb4FV1rjIsic
+            czVq/jUbXZj54kHenFXbdQNu1NNK0/M+hqBX/wA9U0Y5kEKiu3lpTA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age10fy49p7faufe5533rxgshwjn9kr3aqcxjyqk6ty26j99w50dkswsvn2maq
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpMHEwTVZzRmpYUnJMWjRN
+            ZCtTU0lMNVMyclBYak1LTmRzTVIvdmErWFVFCnlzTjhXSEliaUpjSHhnak1sS3dE
+            YnNzZm9sSTZOZ2FSck1FMk0yYWZBd2sKLS0tIGZscjRadDl3L3FibVlKdllPMTdR
+            THhaYnZCRk9nYmdUTkZnd2RwQmE0V2cKy8/US26LGDNOrophTN1Ek2SqewiwjLvb
+            d631PVwThF7FvsS9cYCmcTTQhuGiiIb0S5vXVFz3WFSbPw/DL7isug==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-04-25T16:08:01Z"
+    mac: ENC[AES256_GCM,data:FzFsko6dZi/fUMlPSCCO/aacLo+w3nSz1ifwujuFaRWohzfkUryhrtCCeM6T7o/Mp6cTLD+KiQHRm3lcWUvirZ7bUvhCTX54I4LbWs91L4UO+VfehHoNF5fpfmpRoDnri8FBeIyEc/v161e3fRTnVXzQzFlflOvNv0Xb1dO5RZU=,iv:yB9fH1X9URts95zGt1T3upgMQHYUEaaFPMx2Fh/0Wrk=,tag:Tc/Pm/gB3PMMpvFswp3MfQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
--- a/systems/aarch64-linux/wailord/default.nix
+++ b/systems/aarch64-linux/wailord/default.nix
@ -56,6 +56,21 @@
    micro
  ];

+  services.atticd = {
+    enable = true;
+    credentialsFile = config.sops.secrets.atticd.path;
+
+    settings = {
+      listen = "[::]:8081";
+      chunking = {
+        nar-size-threshold = 64 * 1024; # 64 KiB
+        min-size = 16 * 1024; # 16 KiB
+        avg-size = 64 * 1024; # 64 KiB
+        max-size = 256 * 1024; # 256 KiB
+      };
+    };
+  };
+
  services.atuin = {
    enable = true;
    openRegistration = true;