From 03a13b32e72c16eac9194053125b45137c20218d Mon Sep 17 00:00:00 2001
From: Albin Vass <albinvass@gmail.com>
Date: Sat, 1 Jun 2024 18:52:34 +0200
Subject: [PATCH] Add attic to nixpi

---
 flake.nix                      |  1 +
 nixos/hosts/nixpi/attic.nix    | 36 ++++++++++++++++++++++++++++++++++
 nixos/hosts/nixpi/secrets.yaml |  6 ++++--
 3 files changed, 41 insertions(+), 2 deletions(-)
 create mode 100644 nixos/hosts/nixpi/attic.nix

diff --git a/flake.nix b/flake.nix
index 5a88263..1605084 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,6 +2,7 @@
   description = "Nix deployments";
 
   inputs = {
+    attic.url = "github:zhaofengli/attic";
     splitfree = {
       url = "github:albinvass/splitfree";
       inputs.nixpkgs.follows = "nixpkgs";
diff --git a/nixos/hosts/nixpi/attic.nix b/nixos/hosts/nixpi/attic.nix
new file mode 100644
index 0000000..635260b
--- /dev/null
+++ b/nixos/hosts/nixpi/attic.nix
@@ -0,0 +1,36 @@
+{ config, inputs, ...}:
+{
+  imports = [
+    inputs.attic.nixosModules.atticd
+  ];
+  sops.secrets = {
+    "attic/credentialsFile" = {
+      owner = config.services.atticd.user;
+      group = config.services.atticd.group;
+    };
+  };
+
+  services.cloudflared = {
+    tunnels = {
+      nixpi = {
+        ingress = {
+          "attic.albinvass.se" = "http://localhost:8080";
+        };
+      };
+    };
+  };
+
+  services.atticd = {
+    enable = true;
+    credentialsFile = config.sops.secrets."attic/credentialsFile".path;
+    settings = {
+      listen = "localhost:8080";
+      chunking = {
+        nar-size-threshold = 64 * 1024; # 64 KiB
+        min-size = 16 * 1024; # 16 KiB
+        avg-size = 64 * 1024; # 64 KiB
+        max-size = 256 * 1024; # 256 KiB
+      };
+    };
+  };
+}
diff --git a/nixos/hosts/nixpi/secrets.yaml b/nixos/hosts/nixpi/secrets.yaml
index 70afe2c..e111045 100644
--- a/nixos/hosts/nixpi/secrets.yaml
+++ b/nixos/hosts/nixpi/secrets.yaml
@@ -1,3 +1,5 @@
+attic:
+    credentialsFile: ENC[AES256_GCM,data:PiljK/mjJFZidQKt4a4dD/g2tj7BNjGh7IOvYJ60RbSwN9F4po3kBhPsiD2kQ3XdbVBQfj4p1SoWGV4lmSoF2bbMB7BJ0EJdtiMEoiUwUYX/p44t1g1rgLZpjP4A21zDMW3oq0paVWEUUtxr1SGqcC/LVX63iWpyCHJgcl8EC+s=,iv:B6RdC6vsJf/4huROINaSBAVNpNAczJm53MaFFMVfQmI=,tag:uUVy+0igoNCB5QB1Mj3tDg==,type:str]
 matrix-synapse:
     cifs: ENC[AES256_GCM,data:qoYKz9duigiZ6L5lIVRikBaVRkNoIUebyVkl8hgSBofrVbS8YQqjwqznEJyWx49GE+23AHfPymcbj5G4YxlE/v4M,iv:mm8uf4coPweNS//ergjjcb6J7uF2bnyLA/cRxyCheLo=,tag:KWWVGf9+SyVzqGmE96Ih2Q==,type:str]
 cloudflared:
@@ -36,8 +38,8 @@ sops:
             WTQ1ZDRyc2ZPbE9NdXhQd05yTFlZcTgKyptCBKP/GfiVkjjl3R8ISRW9KOrsFzt4
             d0nvYTMykcAn7aIJHcWnhJHfdROY8IraGhyPd4LCQHzdyiy2PPbkxQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-04T10:56:29Z"
-    mac: ENC[AES256_GCM,data:Khs4wB16U/0TUKGTe/RIjUVNg1d2IYsAbATzZvRUMsU0G/droIYZXm+cS5gu7P8XLOPMw25GOGyGrKbuH4x3yksTGMczVZ8UavBT9G4q7De9lnEfhKe+8BFugYUjB3OitKIMZuR8pROJWE346ArnAd0Fr0IS/voYZ2qx2LdKlqU=,iv:FpNCtCFoETZspbt/2xqeFfXYcLJft0Kj0D9aCrgRsQM=,tag:k5JA47HEZseml+z79W97lg==,type:str]
+    lastmodified: "2024-06-01T16:52:08Z"
+    mac: ENC[AES256_GCM,data:cJrgog3LkLrStQMXsb3Jj+vet1r9LQrHDEWT67nN/i+/0eVYfYdYnP4ZSV5ot90TJ4CC39qCdCoGSAHkWnittkNgDtPv+KCgqJNvDKhHR8QixE573BBMDpvW6gQ8dGAknhShHpP8SiAPv7BZqpaHIAJKwdyOuxtokR1xNyp1D1g=,iv:W8CN0zixZa8y4Ic4vxJR5O+E8U7TAmrnM4CNQZYumGg=,tag:eNaK/LXbxq/7U0sLgqDx+w==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1