wip: attic

modules/nixos/deertopia/atticd.nix

@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+let cfg = config.sydnix.deertopia.atticd;
+in {
+  options.sydnix.deertopia.atticd = {
+    enable = lib.mkEnableOption "Atticd";
+    port = lib.mkOption {
+      default = 8012;
+      type = lib.types.port;
+    };
+  };
+
+  # sudo atticd-atticadm make-token --sub msyds --validity '1 year' --pull 'msyds-*' --push 'msyds-*' --create-cache 'msyds-*' --configure-cache 'msyds-*'
+  config = lib.mkIf cfg.enable {
+    sydnix.sops.secrets.atticd-environment-file = {
+      # owner = config.services.atticd.user;
+      # group = config.services.atticd.group;
+    };
+
+    services.atticd = {
+      enable = true;
+      environmentFile =
+	config.sops.secrets.atticd-environment-file.path;
+      settings = {
+	api-endpoint = "https://attic.deertopia.net/";
+	listen = "[::]:${toString cfg.port}";
+	garbage-collection = {
+	  default-retention-period = "3 months";
+	};
+      };
+    };
+
+    sydnix.deertopia.nginx.vhosts."attic".vhost = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/".proxyPass =
+        "http://127.0.0.1:${toString cfg.port}";
+    };
+  };
+}