nix: add function to push to attic cache

ryzenbox: add attic CLI
wailord: reorganize domains
2024-04-26 01:29:58 +05:30 · 2024-04-26 01:11:04 +05:30 · 2024-04-26 01:10:38 +05:30 · 2024-04-26 00:18:03 +05:30 · 2024-04-25 23:27:39 +05:30
8 changed files with 141 additions and 16 deletions
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,35 @@
 {
  "nodes": {
+    "attic": {
+      "inputs": {
+        "crane": "crane",
+        "flake-compat": [
+          "flake-compat"
+        ],
+        "flake-utils": [
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1711742460,
+        "narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=",
+        "owner": "zhaofengli",
+        "repo": "attic",
+        "rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "zhaofengli",
+        "repo": "attic",
+        "type": "github"
+      }
+    },
    "base16": {
      "inputs": {
        "fromYaml": "fromYaml"
@ -147,6 +177,27 @@
        "type": "github"
      }
    },
+    "crane": {
+      "inputs": {
+        "nixpkgs": [
+          "attic",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1702918879,
+        "narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=",
+        "owner": "ipetkov",
+        "repo": "crane",
+        "rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ipetkov",
+        "repo": "crane",
+        "type": "github"
+      }
+    },
    "darwin": {
      "inputs": {
        "nixpkgs": [
@ -691,6 +742,7 @@
    },
    "root": {
      "inputs": {
+        "attic": "attic",
        "darwin": "darwin",
        "deploy-rs": "deploy-rs",
        "devshell": "devshell",
--- a/flake.nix
+++ b/flake.nix
@ -39,6 +39,7 @@
        srvos.nixosModules.desktop
      ];
      systems.hosts.wailord.modules = with inputs; [
+        attic.nixosModules.atticd
        disko.nixosModules.disko
        srvos.nixosModules.server
      ];
@ -119,6 +120,12 @@

    systems.url = "github:msfjarvis/flake-systems";

+    attic.url = "github:zhaofengli/attic";
+    attic.inputs.nixpkgs.follows = "nixpkgs";
+    attic.inputs.nixpkgs-stable.follows = "nixpkgs";
+    attic.inputs.flake-utils.follows = "flake-utils";
+    attic.inputs.flake-compat.follows = "flake-compat";
+
    darwin.url = "github:LnL7/nix-darwin/master";
    darwin.inputs.nixpkgs.follows = "nixpkgs";

--- a/modules/nixos/profiles/server/default.nix
+++ b/modules/nixos/profiles/server/default.nix
@ -37,10 +37,6 @@ in {
    sops.gnupg.sshKeyPaths = lib.mkForce [];
    sops.defaultSopsFile = ./../../../../secrets/tailscale.yaml;
    sops.secrets.tsauthkey = {};
-    sops.secrets.yarr-auth = {
-      owner = config.services.yarr.user;
-      inherit (config.services.yarr) group;
-    };

    # Automatically log into my user account
    services.getty.autologinUser = lib.mkForce "msfjarvis";
--- a/overlays/default/default.nix
+++ b/overlays/default/default.nix
@ -1,4 +1,5 @@
-_: _final: prev: {
+{inputs, ...}: _final: prev: {
+  attic = inputs.attic.packages.${prev.system}.attic-client;
  # Force the use of the JDK we're using everywhere else
  jdk = prev.openjdk21;
  jdk_headless = prev.openjdk21_headless;
--- a/scripts/nix
+++ b/scripts/nix
@ -45,3 +45,11 @@ function nixdiff() {
 function nixb() {
  nix flake update --commit-lock-file
 }
+
+function cache() {
+  local CACHE_PATHS ARCH KERNEL
+  CACHE_PATHS="${1}"
+  ARCH="$(uname -m)"
+  KERNEL="$(uname --kernel-name | tr '[:upper:]' '[:lower:]')"
+  attic push "${ARCH}-${KERNEL}" "${CACHE_PATHS:?}"
+}
--- a/secrets/atticd.yaml
+++ b/secrets/atticd.yaml
@ -0,0 +1,39 @@
+atticd: ENC[AES256_GCM,data:ZkGv4muspssESRbEF8MiZQ2E9+jpZ91bUtRZgOZ75KTZk+Wl9J7vwPoGQWG8dgXwC7UcpQlL7G1TMBfX6w4paRodE9TYOdZuDEkFahEeyXaxGyMHVLulOwRr3kONwsumidIYBGsLecxMDaleRq3olxSgGSYt18ihhAuEl6Nr8w==,iv:/8T2K7Tpsfyp68i+RAE90uZpuxCI0Dn2gnI/9RKqmag=,tag:vFPEsPRYMdvubGNMkdpyWA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1y7arunqzyjjdyspx46z20x6qadxpxfu5z59qe74tn4re375ctg7qtj48p3
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmQ0JaMkJzMjhVcnovc2pv
+            WHZQM0hiYndjL0d2K205TjQ3SDE1WS9wR0dBClBFSk91SFdIaUdXRnhsSFAvL2pt
+            MUUwcnNYd2NhczlTYnFhM08yL1hhSTgKLS0tIDBTR2thZnRSRmNSZzhPTHd0L2Rw
+            c3JlWHFDZ0RsdHREcXAxSzQzekVQWEUKqPE64wGtzcnD+8EH5hsIDcEa0LhrPeRC
+            +0blkwgQYjCeZYTlG54/qFJt7g8balUE0y/bJExtX1GiCpThaJNoXA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1dvrymsl5xk26pkznk5kljqssnkvae2ftsawx96n4r43p3cfzyv4qtr67qj
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVaEJwLzMxMkpoVmcwbVhN
+            a1JFMVowZGZvRENmY0ZYUG9pZFc1ZW5HdjJVCmIwcHQ4V0grRWRiWkFoLzZXaGdu
+            aUUzdURGUW1kSitRWit4NENFajQ2TkEKLS0tIGI0Yk9FRlJodklLRU81WkZ3NE50
+            cUZsdmFrOEFrSSsrVSsxYm1ObkVrd1kKjyq2UPf4ceU+JiZeIuLidb4FV1rjIsic
+            czVq/jUbXZj54kHenFXbdQNu1NNK0/M+hqBX/wA9U0Y5kEKiu3lpTA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age10fy49p7faufe5533rxgshwjn9kr3aqcxjyqk6ty26j99w50dkswsvn2maq
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpMHEwTVZzRmpYUnJMWjRN
+            ZCtTU0lMNVMyclBYak1LTmRzTVIvdmErWFVFCnlzTjhXSEliaUpjSHhnak1sS3dE
+            YnNzZm9sSTZOZ2FSck1FMk0yYWZBd2sKLS0tIGZscjRadDl3L3FibVlKdllPMTdR
+            THhaYnZCRk9nYmdUTkZnd2RwQmE0V2cKy8/US26LGDNOrophTN1Ek2SqewiwjLvb
+            d631PVwThF7FvsS9cYCmcTTQhuGiiIb0S5vXVFz3WFSbPw/DL7isug==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-04-25T16:08:01Z"
+    mac: ENC[AES256_GCM,data:FzFsko6dZi/fUMlPSCCO/aacLo+w3nSz1ifwujuFaRWohzfkUryhrtCCeM6T7o/Mp6cTLD+KiQHRm3lcWUvirZ7bUvhCTX54I4LbWs91L4UO+VfehHoNF5fpfmpRoDnri8FBeIyEc/v161e3fRTnVXzQzFlflOvNv0Xb1dO5RZU=,iv:yB9fH1X9URts95zGt1T3upgMQHYUEaaFPMx2Fh/0Wrk=,tag:Tc/Pm/gB3PMMpvFswp3MfQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
--- a/systems/aarch64-linux/wailord/default.nix
+++ b/systems/aarch64-linux/wailord/default.nix
@ -56,6 +56,24 @@
    micro
  ];

+  sops.secrets.atticd = {
+    sopsFile = ./../../../secrets/atticd.yaml;
+  };
+  services.atticd = {
+    enable = true;
+    credentialsFile = config.sops.secrets.atticd.path;
+
+    settings = {
+      listen = "[::]:8081";
+      chunking = {
+        nar-size-threshold = 64 * 1024; # 64 KiB
+        min-size = 16 * 1024; # 16 KiB
+        avg-size = 64 * 1024; # 64 KiB
+        max-size = 256 * 1024; # 256 KiB
+      };
+    };
+  };
+
  services.atuin = {
    enable = true;
    openRegistration = true;
@ -69,15 +87,20 @@
  services.caddy = {
    enable = true;
    virtualHosts = {
+      "https://cache.msfjarvis.dev" = {
+        extraConfig = ''
+          reverse_proxy ${config.services.atticd.settings.listen}
+        '';
+      };
      "https://git.msfjarvis.dev" = {
        extraConfig = ''
          reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT}
        '';
      };
-      "https://wailord.tiger-shark.ts.net" = {
+      "https://news.msfjarvis.dev" = {
        extraConfig = ''
-          root * /var/lib/file_share_internal
-          file_server browse
+          root * ${inputs.nixpkgs-news.packages.${pkgs.system}.nixpkgs-news}
+          file_server
        '';
      };
      "https://read.msfjarvis.dev" = {
@ -85,18 +108,12 @@
          reverse_proxy ${toString config.services.yarr.addr}
        '';
      };
-      "https://til.msfjarvis.dev" = {
+      "https://wailord.tiger-shark.ts.net" = {
        extraConfig = ''
-          root * /var/lib/file_share
+          root * /var/lib/file_share_internal
          file_server browse
        '';
      };
-      "https://toot.msfjarvis.dev" = {
-        extraConfig = ''
-          root * ${inputs.nixpkgs-news.packages.${pkgs.system}.nixpkgs-news}
-          file_server
-        '';
-      };
    };
  };

@ -112,6 +129,10 @@
    };
  };

+  sops.secrets.yarr-auth = {
+    owner = config.services.yarr.user;
+    inherit (config.services.yarr) group;
+  };
  services.yarr = {
    enable = true;
    addr = "127.0.0.1:8889";
--- a/systems/x86_64-linux/ryzenbox/default.nix
+++ b/systems/x86_64-linux/ryzenbox/default.nix
@ -55,6 +55,7 @@
    extraGroups = ["networkmanager" "wheel"];
    packages = with pkgs; [
      age
+      attic
      jarvis.boop-gtk
      discord
      fclones
Author	SHA1	Message	Date
Harsh Shandilya	a888ddfc8f	nix: add function to push to attic cache	2024-04-26 01:29:58 +05:30
Harsh Shandilya	23852d1b42	ryzenbox: add attic CLI	2024-04-26 01:11:04 +05:30
Harsh Shandilya	73f02e4bbb	wailord: reorganize domains	2024-04-26 01:10:38 +05:30
Harsh Shandilya	2874866b5e	wailord: declare secrets at usage site	2024-04-26 00:18:03 +05:30
Harsh Shandilya	ef68754cb5	wailord: set up atticd	2024-04-25 23:27:39 +05:30