starred/nix-config
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-03-20 08:34:28 +01:00
Code Issues Packages Projects Releases 10 Wiki Activity

feat: add attic - a self-hosted nix cache server

Browse Source
This commit is contained in:
Ryan Yin
2024-03-04 01:45:55 +08:00
parent 69a64b209a
commit b4015c2189
7 changed files with 241 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

193
flake.lock generated
View File

@@ -61,7 +61,50 @@
"type": "github"
}
},
"attic": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1707922053,
"narHash": "sha256-wSZjK+rOXn+UQiP1NbdNn5/UW6UcBxjvlqr2wh++MbM=",
"owner": "zhaofengli",
"repo": "attic",
"rev": "6eabc3f02fae3683bffab483e614bebfcd476b21",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "attic",
"type": "github"
}
},
"crane": {
"inputs": {
"nixpkgs": [
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1702918879,
"narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=",
"owner": "ipetkov",
"repo": "crane",
"rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"crane_2": {
"inputs": {
"flake-compat": [
"lanzaboote",
@@ -97,7 +140,7 @@
"daeuniverse": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_2",
"pnpm2nix": "pnpm2nix",
"pre-commit-hooks": "pre-commit-hooks"
},
@@ -175,6 +218,22 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@@ -190,7 +249,7 @@
"type": "github"
}
},
"flake-compat_2": {
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@@ -206,7 +265,7 @@
"type": "github"
}
},
"flake-compat_3": {
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@@ -300,6 +359,21 @@
}
},
"flake-utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems"
},
@@ -317,7 +391,7 @@
"type": "github"
}
},
"flake-utils_2": {
"flake-utils_3": {
"inputs": {
"systems": "systems_2"
},
@@ -335,7 +409,7 @@
"type": "github"
}
},
"flake-utils_3": {
"flake-utils_4": {
"inputs": {
"systems": "systems_4"
},
@@ -353,7 +427,7 @@
"type": "github"
}
},
"flake-utils_4": {
"flake-utils_5": {
"inputs": {
"systems": "systems_5"
},
@@ -371,7 +445,7 @@
"type": "github"
}
},
"flake-utils_5": {
"flake-utils_6": {
"inputs": {
"systems": "systems_6"
},
@@ -389,7 +463,7 @@
"type": "github"
}
},
"flake-utils_6": {
"flake-utils_7": {
"inputs": {
"systems": "systems_7"
},
@@ -603,10 +677,10 @@
},
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat_2",
"crane": "crane_2",
"flake-compat": "flake-compat_3",
"flake-parts": "flake-parts_3",
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_4",
"nixpkgs": [
"nixpkgs"
],
@@ -631,10 +705,10 @@
"mysecrets": {
"flake": false,
"locked": {
"lastModified": 1709042837,
"narHash": "sha256-oEiHgB7HLzNkkW3qEY4wcmAz1KU+zrcJ09BzswWtxbI=",
"lastModified": 1709488959,
"narHash": "sha256-7KULeEF0rob7pDc2OKVW1Iz7bTQIFYUrnwZcowWajW0=",
"ref": "refs/heads/main",
"rev": "68414f844ccf2278299088d0ed363ced0f09115e",
"rev": "d23c2f47f0395155cfe64b49c9a858aa7f4bfbd0",
"shallow": true,
"type": "git",
"url": "ssh://git@github.com/ryan4yin/nix-secrets.git"
@@ -668,7 +742,7 @@
"nix-gaming": {
"inputs": {
"flake-parts": "flake-parts_4",
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1707614138,
@@ -738,7 +812,7 @@
},
"nixos-licheepi4a": {
"inputs": {
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_4",
"thead-kernel": "thead-kernel"
},
"locked": {
@@ -757,8 +831,8 @@
},
"nixos-rk3588": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_4",
"flake-utils": "flake-utils_5",
"nixpkgs": "nixpkgs_5",
"pre-commit-hooks": "pre-commit-hooks_2"
},
"locked": {
@@ -777,16 +851,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1706732774,
"narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=",
"lastModified": 1702539185,
"narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d",
"rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
@@ -844,6 +918,22 @@
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1702780907,
"narHash": "sha256-blbrBBXjjZt6OKTcYX1jpe9SRof2P9ZYWPzq22tzXAA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1704874635,
"narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=",
@@ -859,7 +949,7 @@
"type": "github"
}
},
"nixpkgs-stable_2": {
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1678872516,
"narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=",
@@ -875,7 +965,7 @@
"type": "github"
}
},
"nixpkgs-stable_3": {
"nixpkgs-stable_4": {
"locked": {
"lastModified": 1707786466,
"narHash": "sha256-yLPfrmW87M2qt+8bAmwopJawa+MJLh3M9rUbXtpUc1o=",
@@ -891,7 +981,7 @@
"type": "github"
}
},
"nixpkgs-stable_4": {
"nixpkgs-stable_5": {
"locked": {
"lastModified": 1704874635,
"narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=",
@@ -924,6 +1014,22 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1706732774,
"narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1707451808,
"narHash": "sha256-UwDBUNHNRsYKFJzyTMVMTF5qS4xeJlWoeyJf+6vvamU=",
@@ -939,7 +1045,7 @@
"type": "github"
}
},
"nixpkgs_3": {
"nixpkgs_4": {
"locked": {
"lastModified": 1691280485,
"narHash": "sha256-/8Ct9092OC1TTNzHgbcE9ejQdS2QxZYGqrWXEwUxdtQ=",
@@ -955,7 +1061,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1709309926,
"narHash": "sha256-VZFBtXGVD9LWTecGi6eXrE0hJ/mVB3zGUlHImUs2Qak=",
@@ -971,7 +1077,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1707956935,
"narHash": "sha256-ZL2TrjVsiFNKOYwYQozpbvQSwvtV/3Me7Zwhmdsfyu4=",
@@ -987,7 +1093,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1701436327,
"narHash": "sha256-tRHbnoNI8SIM5O5xuxOmtSLnswEByzmnQcGGyNRjxsE=",
@@ -1001,7 +1107,7 @@
"url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz"
}
},
"nixpkgs_7": {
"nixpkgs_8": {
"locked": {
"lastModified": 1702921762,
"narHash": "sha256-O/rP7gulApQAB47u6szEd8Pn8Biw0d84j5iuP2tcxzY=",
@@ -1019,7 +1125,7 @@
},
"nuenv": {
"inputs": {
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_7",
"rust-overlay": "rust-overlay_2"
},
"locked": {
@@ -1038,7 +1144,7 @@
},
"nur-ryan4yin": {
"inputs": {
"nixpkgs": "nixpkgs_7"
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1705366605,
@@ -1056,7 +1162,7 @@
},
"pnpm2nix": {
"inputs": {
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"daeuniverse",
"nixpkgs"
@@ -1094,14 +1200,14 @@
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils_2",
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_3",
"gitignore": "gitignore",
"nixpkgs": [
"daeuniverse",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1706424699,
@@ -1132,7 +1238,7 @@
"lanzaboote",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_2"
"nixpkgs-stable": "nixpkgs-stable_3"
},
"locked": {
"lastModified": 1681413034,
@@ -1183,13 +1289,13 @@
},
"pre-commit-hooks_3": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_6",
"flake-compat": "flake-compat_4",
"flake-utils": "flake-utils_7",
"gitignore": "gitignore_4",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_4"
"nixpkgs-stable": "nixpkgs-stable_5"
},
"locked": {
"lastModified": 1707297608,
@@ -1210,6 +1316,7 @@
"agenix": "agenix",
"anyrun": "anyrun",
"astronvim": "astronvim",
"attic": "attic",
"daeuniverse": "daeuniverse",
"disko": "disko",
"doomemacs": "doomemacs",
@@ -1224,9 +1331,9 @@
"nixos-hardware": "nixos-hardware",
"nixos-licheepi4a": "nixos-licheepi4a",
"nixos-rk3588": "nixos-rk3588",
"nixpkgs": "nixpkgs_5",
"nixpkgs": "nixpkgs_6",
"nixpkgs-darwin": "nixpkgs-darwin",
"nixpkgs-stable": "nixpkgs-stable_3",
"nixpkgs-stable": "nixpkgs-stable_4",
"nixpkgs-unstable": "nixpkgs-unstable",
"nuenv": "nuenv",
"nur-ryan4yin": "nur-ryan4yin",
@@ -1262,7 +1369,7 @@
},
"rust-overlay_2": {
"inputs": {
"flake-utils": "flake-utils_5",
"flake-utils": "flake-utils_6",
"nixpkgs": [
"nuenv",
"nixpkgs"

2
flake.nix
View File

@@ -172,6 +172,8 @@
# daeuniverse.url = "github:daeuniverse/flake.nix/unstable";
daeuniverse.url = "github:daeuniverse/flake.nix/exp";
attic.url = "github:zhaofengli/attic";
######################## Some non-flake repositories #########################################
# AstroNvim is an aesthetic and feature-rich neovim config.

4
home/base/server/core.nix
View File

@@ -1,5 +1,6 @@
{
pkgs,
attic,
nur-ryan4yin,
...
}: {
@@ -45,6 +46,9 @@
# productivity
caddy # A webserver with automatic HTTPS via Let's Encrypt(replacement of nginx)
croc # File transfer between computers securely and easily
# self-hosted nix cache server
attic.packages.${pkgs.system}.attic-client
];
programs = {

1
hosts/idols_ai/impermanence.nix
View File

@@ -75,6 +75,7 @@
# misc
".config/pulse"
".config/attic" # attic nix cache server
".pki"
".steam" # steam games

74
hosts/idols_ruby/attic.nix Normal file
View File

@@ -0,0 +1,74 @@
{
config,
attic,
...
}: {
#=====================================================
#
# Attic
#
# A self-hostable Nix Binary Cache server
# backed by an S3-compatible storage provider
#
# https://docs.attic.rs/tutorial.html
#
#=====================================================
imports = [
attic.nixosModules.atticd
];
# Self-Hosted Nix Cache Server
# https://github.com/zhaofengli/attic
#
# The first thing to do after setting up the server is:
# 1. Generate a admin token on the server via command:
# `sudo atticd-atticadm make-token --sub "admin-1" --validity "2y" --pull "*" --push "*" --delete "*" --create-cache "*" --configure-cache "*" --configure-cache-retention "*" --destroy-cache "*"`
# 2. Login at the desktop via command:
# `attic login central http://attic.writefor.fun <TOKEN>`
# 3. Create a new cache via command:
# `attic cache create rk3588`
# `attic use cache rk3588`
# 4. Push Caches to the cache server via:
# it's similar to cachix, related docs:
# https://docs.attic.rs/reference/attic-cli.html
# https://docs.cachix.org/pushing#pushing
services.atticd = {
enable = true;
# Replace with absolute path to your credentials file
# The HS256 JWT secret can be generated with the openssl:
# openssl rand 64 | base64 -w0
#
# Content:
# ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64="output from openssl"
credentialsFile = config.age.secrets."attic-nix-cache-server.env".path;
settings = {
listen = "[::]:8888";
# Data chunking
#
# Warning: If you change any of the values here, it will be
# difficult to reuse existing chunks for newly-uploaded NARs
# since the cutpoints will be different. As a result, the
# deduplication ratio will suffer for a while after the change.
chunking = {
# The minimum NAR size to trigger chunking
#
# If 0, chunking is disabled entirely for newly-uploaded NARs.
# If 1, all NARs are chunked.
nar-size-threshold = 64 * 1024; # 64 KiB
# The preferred minimum size of a chunk, in bytes
min-size = 16 * 1024; # 16 KiB
# The preferred average size of a chunk, in bytes
avg-size = 64 * 1024; # 64 KiB
# The preferred maximum size of a chunk, in bytes
max-size = 256 * 1024; # 256 KiB
};
};
};
}

4
hosts/idols_ruby/caddy.nix
View File

@@ -31,6 +31,10 @@
encode zstd gzip
reverse_proxy http://localhost:9093
'';
virtualHosts."http://attic.writefor.fun".extraConfig = ''
encode zstd gzip
reverse_proxy http://localhost:8888
'';
};
networking.firewall.allowedTCPPorts = [80 443];
}

6
secrets/nixos.nix
View File

@@ -220,6 +220,12 @@ in {
file = "${mysecrets}/server/alertmanager.env.age";
}
// high_security;
"attic-nix-cache-server.env" =
{
file = "${mysecrets}/server/attic-nix-cache-server.env.age";
}
// high_security;
};
})