feat: add panopticon(attic cache server)

Signed-off-by: gwg313 <gwg313@pm.me> attic client Signed-off-by: gwg313 <gwg313@pm.me>
2025-07-09 08:08:12 -04:00 · 2025-07-09 08:08:12 -04:00 · 701051522a
commit 701051522a
parent d4fa506bac
10 changed files with 460 additions and 2 deletions
--- a/hosts/vault-tec/attic.nix
+++ b/hosts/vault-tec/attic.nix
@ -0,0 +1,73 @@
+{ config, ... }:
+{
+  users.users.atticd = {
+    isSystemUser = true;
+    group = "atticd";
+  };
+  users.groups.atticd = { };
+  sops.secrets.attic-access-key = { };
+  sops.secrets.attic-secret-key = { };
+  sops.secrets.attic-jwt-secret = { };
+
+  sops.templates."atticd.env" = {
+    content = ''
+      # AWS_ACCESS_KEY_ID=${config.sops.placeholder."attic-access-key"}
+      # AWS_SECRET_ACCESS_KEY=${config.sops.placeholder."attic-secret-key"}
+      ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64=${config.sops.placeholder."attic-jwt-secret"}
+    '';
+    path = "/etc/atticd.env";
+    owner = "atticd";
+    group = "atticd";
+    mode = "0400";
+  };
+
+  # Load it in systemd
+  systemd.services.atticd.serviceConfig = {
+    EnvironmentFile = "/etc/atticd.env";
+  };
+  services.atticd = {
+    enable = true;
+
+    # Replace with absolute path to your environment file
+    environmentFile = "/etc/atticd.env";
+
+    settings = {
+      listen = "127.0.0.1:8080";
+
+      jwt = { };
+      storage = {
+        type = "local";
+        path = "/cache";
+      };
+      # storage = {
+      #   type = "s3";
+      #   region = "us-east-1";
+      #   bucket = "attic-cache";
+      #   endpoint = "https://s3.gwg313.xyz";
+      # };
+
+      # Data chunking
+      #
+      # Warning: If you change any of the values here, it will be
+      # difficult to reuse existing chunks for newly-uploaded NARs
+      # since the cutpoints will be different. As a result, the
+      # deduplication ratio will suffer for a while after the change.
+      chunking = {
+        # The minimum NAR size to trigger chunking
+        #
+        # If 0, chunking is disabled entirely for newly-uploaded NARs.
+        # If 1, all NARs are chunked.
+        nar-size-threshold = 64 * 1024; # 64 KiB
+
+        # The preferred minimum size of a chunk, in bytes
+        min-size = 16 * 1024; # 16 KiB
+
+        # The preferred average size of a chunk, in bytes
+        avg-size = 64 * 1024; # 64 KiB
+
+        # The preferred maximum size of a chunk, in bytes
+        max-size = 256 * 1024; # 256 KiB
+      };
+    };
+  };
+}