diff --git a/flake.lock b/flake.lock index 9569b403..d5c1aaf9 100644 --- a/flake.lock +++ b/flake.lock @@ -61,7 +61,50 @@ "type": "github" } }, + "attic": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1707922053, + "narHash": "sha256-wSZjK+rOXn+UQiP1NbdNn5/UW6UcBxjvlqr2wh++MbM=", + "owner": "zhaofengli", + "repo": "attic", + "rev": "6eabc3f02fae3683bffab483e614bebfcd476b21", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "attic", + "type": "github" + } + }, "crane": { + "inputs": { + "nixpkgs": [ + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1702918879, + "narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=", + "owner": "ipetkov", + "repo": "crane", + "rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_2": { "inputs": { "flake-compat": [ "lanzaboote", @@ -97,7 +140,7 @@ "daeuniverse": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "pnpm2nix": "pnpm2nix", "pre-commit-hooks": "pre-commit-hooks" }, @@ -175,6 +218,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1696426674, @@ -190,7 +249,7 @@ "type": "github" } }, - "flake-compat_2": { + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1673956053, @@ -206,7 +265,7 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_4": { "flake": false, "locked": { "lastModified": 1696426674, @@ -300,6 +359,21 @@ } }, "flake-utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "inputs": { "systems": "systems" }, @@ -317,7 +391,7 @@ "type": "github" } }, - "flake-utils_2": { + "flake-utils_3": { "inputs": { "systems": "systems_2" }, @@ -335,7 +409,7 @@ "type": "github" } }, - "flake-utils_3": { + "flake-utils_4": { "inputs": { "systems": "systems_4" }, @@ -353,7 +427,7 @@ "type": "github" } }, - "flake-utils_4": { + "flake-utils_5": { "inputs": { "systems": "systems_5" }, @@ -371,7 +445,7 @@ "type": "github" } }, - "flake-utils_5": { + "flake-utils_6": { "inputs": { "systems": "systems_6" }, @@ -389,7 +463,7 @@ "type": "github" } }, - "flake-utils_6": { + "flake-utils_7": { "inputs": { "systems": "systems_7" }, @@ -603,10 +677,10 @@ }, "lanzaboote": { "inputs": { - "crane": "crane", - "flake-compat": "flake-compat_2", + "crane": "crane_2", + "flake-compat": "flake-compat_3", "flake-parts": "flake-parts_3", - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_4", "nixpkgs": [ "nixpkgs" ], @@ -631,10 +705,10 @@ "mysecrets": { "flake": false, "locked": { - "lastModified": 1709042837, - "narHash": "sha256-oEiHgB7HLzNkkW3qEY4wcmAz1KU+zrcJ09BzswWtxbI=", + "lastModified": 1709488959, + "narHash": "sha256-7KULeEF0rob7pDc2OKVW1Iz7bTQIFYUrnwZcowWajW0=", "ref": "refs/heads/main", - "rev": "68414f844ccf2278299088d0ed363ced0f09115e", + "rev": "d23c2f47f0395155cfe64b49c9a858aa7f4bfbd0", "shallow": true, "type": "git", "url": "ssh://git@github.com/ryan4yin/nix-secrets.git" @@ -668,7 +742,7 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_4", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1707614138, @@ -738,7 +812,7 @@ }, "nixos-licheepi4a": { "inputs": { - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "thead-kernel": "thead-kernel" }, "locked": { @@ -757,8 +831,8 @@ }, "nixos-rk3588": { "inputs": { - "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_4", + "flake-utils": "flake-utils_5", + "nixpkgs": "nixpkgs_5", "pre-commit-hooks": "pre-commit-hooks_2" }, "locked": { @@ -777,16 +851,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1706732774, - "narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=", + "lastModified": 1702539185, + "narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d", + "rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -844,6 +918,22 @@ } }, "nixpkgs-stable": { + "locked": { + "lastModified": 1702780907, + "narHash": "sha256-blbrBBXjjZt6OKTcYX1jpe9SRof2P9ZYWPzq22tzXAA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { "locked": { "lastModified": 1704874635, "narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=", @@ -859,7 +949,7 @@ "type": "github" } }, - "nixpkgs-stable_2": { + "nixpkgs-stable_3": { "locked": { "lastModified": 1678872516, "narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=", @@ -875,7 +965,7 @@ "type": "github" } }, - "nixpkgs-stable_3": { + "nixpkgs-stable_4": { "locked": { "lastModified": 1707786466, "narHash": "sha256-yLPfrmW87M2qt+8bAmwopJawa+MJLh3M9rUbXtpUc1o=", @@ -891,7 +981,7 @@ "type": "github" } }, - "nixpkgs-stable_4": { + "nixpkgs-stable_5": { "locked": { "lastModified": 1704874635, "narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=", @@ -924,6 +1014,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1706732774, + "narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1707451808, "narHash": "sha256-UwDBUNHNRsYKFJzyTMVMTF5qS4xeJlWoeyJf+6vvamU=", @@ -939,7 +1045,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1691280485, "narHash": "sha256-/8Ct9092OC1TTNzHgbcE9ejQdS2QxZYGqrWXEwUxdtQ=", @@ -955,7 +1061,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1709309926, "narHash": "sha256-VZFBtXGVD9LWTecGi6eXrE0hJ/mVB3zGUlHImUs2Qak=", @@ -971,7 +1077,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1707956935, "narHash": "sha256-ZL2TrjVsiFNKOYwYQozpbvQSwvtV/3Me7Zwhmdsfyu4=", @@ -987,7 +1093,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1701436327, "narHash": "sha256-tRHbnoNI8SIM5O5xuxOmtSLnswEByzmnQcGGyNRjxsE=", @@ -1001,7 +1107,7 @@ "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1702921762, "narHash": "sha256-O/rP7gulApQAB47u6szEd8Pn8Biw0d84j5iuP2tcxzY=", @@ -1019,7 +1125,7 @@ }, "nuenv": { "inputs": { - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "rust-overlay": "rust-overlay_2" }, "locked": { @@ -1038,7 +1144,7 @@ }, "nur-ryan4yin": { "inputs": { - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1705366605, @@ -1056,7 +1162,7 @@ }, "pnpm2nix": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "daeuniverse", "nixpkgs" @@ -1094,14 +1200,14 @@ }, "pre-commit-hooks": { "inputs": { - "flake-compat": "flake-compat", - "flake-utils": "flake-utils_2", + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils_3", "gitignore": "gitignore", "nixpkgs": [ "daeuniverse", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { "lastModified": 1706424699, @@ -1132,7 +1238,7 @@ "lanzaboote", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_2" + "nixpkgs-stable": "nixpkgs-stable_3" }, "locked": { "lastModified": 1681413034, @@ -1183,13 +1289,13 @@ }, "pre-commit-hooks_3": { "inputs": { - "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_6", + "flake-compat": "flake-compat_4", + "flake-utils": "flake-utils_7", "gitignore": "gitignore_4", "nixpkgs": [ "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_4" + "nixpkgs-stable": "nixpkgs-stable_5" }, "locked": { "lastModified": 1707297608, @@ -1210,6 +1316,7 @@ "agenix": "agenix", "anyrun": "anyrun", "astronvim": "astronvim", + "attic": "attic", "daeuniverse": "daeuniverse", "disko": "disko", "doomemacs": "doomemacs", @@ -1224,9 +1331,9 @@ "nixos-hardware": "nixos-hardware", "nixos-licheepi4a": "nixos-licheepi4a", "nixos-rk3588": "nixos-rk3588", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "nixpkgs-darwin": "nixpkgs-darwin", - "nixpkgs-stable": "nixpkgs-stable_3", + "nixpkgs-stable": "nixpkgs-stable_4", "nixpkgs-unstable": "nixpkgs-unstable", "nuenv": "nuenv", "nur-ryan4yin": "nur-ryan4yin", @@ -1262,7 +1369,7 @@ }, "rust-overlay_2": { "inputs": { - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_6", "nixpkgs": [ "nuenv", "nixpkgs" diff --git a/flake.nix b/flake.nix index 6f5f7a8a..e7189710 100644 --- a/flake.nix +++ b/flake.nix @@ -172,6 +172,8 @@ # daeuniverse.url = "github:daeuniverse/flake.nix/unstable"; daeuniverse.url = "github:daeuniverse/flake.nix/exp"; + attic.url = "github:zhaofengli/attic"; + ######################## Some non-flake repositories ######################################### # AstroNvim is an aesthetic and feature-rich neovim config. diff --git a/home/base/server/core.nix b/home/base/server/core.nix index 62f3010c..508147fc 100644 --- a/home/base/server/core.nix +++ b/home/base/server/core.nix @@ -1,5 +1,6 @@ { pkgs, + attic, nur-ryan4yin, ... }: { @@ -45,6 +46,9 @@ # productivity caddy # A webserver with automatic HTTPS via Let's Encrypt(replacement of nginx) croc # File transfer between computers securely and easily + + # self-hosted nix cache server + attic.packages.${pkgs.system}.attic-client ]; programs = { diff --git a/hosts/idols_ai/impermanence.nix b/hosts/idols_ai/impermanence.nix index dcbb8ef6..62873889 100644 --- a/hosts/idols_ai/impermanence.nix +++ b/hosts/idols_ai/impermanence.nix @@ -75,6 +75,7 @@ # misc ".config/pulse" + ".config/attic" # attic nix cache server ".pki" ".steam" # steam games diff --git a/hosts/idols_ruby/attic.nix b/hosts/idols_ruby/attic.nix new file mode 100644 index 00000000..66f2fa0e --- /dev/null +++ b/hosts/idols_ruby/attic.nix @@ -0,0 +1,74 @@ +{ + config, + attic, + ... +}: { + #===================================================== + # + # Attic + # + # A self-hostable Nix Binary Cache server + # backed by an S3-compatible storage provider + # + # https://docs.attic.rs/tutorial.html + # + #===================================================== + + imports = [ + attic.nixosModules.atticd + ]; + + # Self-Hosted Nix Cache Server + # https://github.com/zhaofengli/attic + # + # The first thing to do after setting up the server is: + # 1. Generate a admin token on the server via command: + # `sudo atticd-atticadm make-token --sub "admin-1" --validity "2y" --pull "*" --push "*" --delete "*" --create-cache "*" --configure-cache "*" --configure-cache-retention "*" --destroy-cache "*"` + # 2. Login at the desktop via command: + # `attic login central http://attic.writefor.fun ` + # 3. Create a new cache via command: + # `attic cache create rk3588` + # `attic use cache rk3588` + # 4. Push Caches to the cache server via: + # it's similar to cachix, related docs: + # https://docs.attic.rs/reference/attic-cli.html + # https://docs.cachix.org/pushing#pushing + services.atticd = { + enable = true; + + # Replace with absolute path to your credentials file + # The HS256 JWT secret can be generated with the openssl: + # openssl rand 64 | base64 -w0 + # + # Content: + # ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64="output from openssl" + credentialsFile = config.age.secrets."attic-nix-cache-server.env".path; + + settings = { + listen = "[::]:8888"; + + # Data chunking + # + # Warning: If you change any of the values here, it will be + # difficult to reuse existing chunks for newly-uploaded NARs + # since the cutpoints will be different. As a result, the + # deduplication ratio will suffer for a while after the change. + chunking = { + # The minimum NAR size to trigger chunking + # + # If 0, chunking is disabled entirely for newly-uploaded NARs. + # If 1, all NARs are chunked. + nar-size-threshold = 64 * 1024; # 64 KiB + + # The preferred minimum size of a chunk, in bytes + min-size = 16 * 1024; # 16 KiB + + # The preferred average size of a chunk, in bytes + avg-size = 64 * 1024; # 64 KiB + + # The preferred maximum size of a chunk, in bytes + max-size = 256 * 1024; # 256 KiB + }; + }; + }; +} diff --git a/hosts/idols_ruby/caddy.nix b/hosts/idols_ruby/caddy.nix index cf304bd9..ff44f271 100644 --- a/hosts/idols_ruby/caddy.nix +++ b/hosts/idols_ruby/caddy.nix @@ -31,6 +31,10 @@ encode zstd gzip reverse_proxy http://localhost:9093 ''; + virtualHosts."http://attic.writefor.fun".extraConfig = '' + encode zstd gzip + reverse_proxy http://localhost:8888 + ''; }; networking.firewall.allowedTCPPorts = [80 443]; } diff --git a/secrets/nixos.nix b/secrets/nixos.nix index 14609a66..ecab2194 100644 --- a/secrets/nixos.nix +++ b/secrets/nixos.nix @@ -220,6 +220,12 @@ in { file = "${mysecrets}/server/alertmanager.env.age"; } // high_security; + + "attic-nix-cache-server.env" = + { + file = "${mysecrets}/server/attic-nix-cache-server.env.age"; + } + // high_security; }; })