nixos-config/machines/nix-cache/configuration.nix

153 lines
3.3 KiB
Nix

{
self,
...
}:
{
pkgs,
modulesPath,
lib,
config,
...
}:
{
imports = [
(modulesPath + "/virtualisation/lxc-container.nix")
../../users/root
../../users/erwin
];
eboskma = {
users.erwin = {
enable = true;
server = true;
};
caddy-proxy = {
enable = true;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@89f16b99c18ef49c8bb470a82f895bce01cbaece" ];
hash = "sha256-JoujVXRXjKUam1Ej3/zKVvF0nX97dUizmISjy3M3Kr8=";
};
proxyHosts = [
{
externalHostname = "nix-cache.datarift.nl";
proxyAddress = "127.0.0.1:8080";
}
];
};
nix-common = {
enable = true;
remote-builders = true;
};
tailscale.enable = true;
};
time.timeZone = "Europe/Amsterdam";
system.configurationRevision = lib.mkIf (self ? rev) self.rev;
networking = {
hostName = "nix-cache";
useDHCP = false;
useHostResolvConf = false;
networkmanager.enable = false;
useNetworkd = true;
firewall = {
trustedInterfaces = [ "tailscale0" ];
allowPing = true;
allowedTCPPorts = [
80
443
];
};
};
systemd = {
network = {
enable = true;
wait-online.anyInterface = true;
networks = {
"40-eth0" = {
matchConfig = {
Name = "eth0";
};
networkConfig = {
Address = "10.0.0.209/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
};
};
};
};
services.caddy.serviceConfig.EnvironmentFile = [ config.sops.secrets.caddy-env.path ];
};
security = {
sudo-rs = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = false;
};
sudo.enable = false;
};
services = {
atticd = {
enable = true;
environmentFile = config.sops.secrets.attic-credentials.path;
settings = {
listen = "127.0.0.1:8080";
garbage-collection = {
default-retention-period = "6 weeks";
};
storage = {
type = "s3";
bucket = "nix-cache";
endpoint = "https://minio.datarift.nl";
region = "local";
};
# Data chunking
#
# Warning: If you change any of the values here, it will be
# difficult to reuse existing chunks for newly-uploaded NARs
# since the cutpoints will be different. As a result, the
# deduplication ratio will suffer for a while after the change.
chunking = {
# The minimum NAR size to trigger chunking
#
# If 0, chunking is disabled entirely for newly-uploaded NARs.
# If 1, all NARs are chunked.
nar-size-threshold = 256 * 1024; # 256 KiB
# The preferred minimum size of a chunk, in bytes
min-size = 128 * 1024; # 128 KiB
# The preferred average size of a chunk, in bytes
avg-size = 256 * 1024; # 256 KiB
# The preferred maximum size of a chunk, in bytes
max-size = 1024 * 1024; # 1024 KiB
};
};
};
};
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {
attic-credentials = { };
caddy-env = { };
};
system.stateVersion = "24.05";
}