msyds/sydnix
1
0
Fork 0
Code Issues 5 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

wip: attic
All checks were successful
build / build-sydpc (push) Successful in 33s
Details
build / build-fruitbook (push) Successful in 30s
Details
build / build-deertopia (push) Successful in 40s
Details

Browse Source
This commit is contained in:
Madeleine Sydney Slaga
2026-03-04 14:48:35 -07:00
parent 70068bf0d9
commit 4c1ccd22ff
4 changed files with 55 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/deertopia/configuration.nix
View File

@@ -49,6 +49,7 @@
deertopia = { deertopia = {
authelia.enable = true; authelia.enable = true;
atticd.enable = true;
gitea.enable = true; gitea.enable = true;
quiver.enable = true; quiver.enable = true;
www.enable = true; www.enable = true;

40
modules/nixos/deertopia/atticd.nix Normal file
View File

@@ -0,0 +1,40 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.deertopia.atticd;
in {
options.sydnix.deertopia.atticd = {
enable = lib.mkEnableOption "Atticd";
port = lib.mkOption {
default = 8012;
type = lib.types.port;
};
};
# sudo atticd-atticadm make-token --sub msyds --validity '1 year' --pull 'msyds-*' --push 'msyds-*' --create-cache 'msyds-*' --configure-cache 'msyds-*'
config = lib.mkIf cfg.enable {
sydnix.sops.secrets.atticd-environment-file = {
# owner = config.services.atticd.user;
# group = config.services.atticd.group;
};
services.atticd = {
enable = true;
environmentFile =
config.sops.secrets.atticd-environment-file.path;
settings = {
api-endpoint = "https://attic.deertopia.net/";
listen = "[::]:${toString cfg.port}";
garbage-collection = {
default-retention-period = "3 months";
};
};
};
sydnix.deertopia.nginx.vhosts."attic".vhost = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass =
"http://127.0.0.1:${toString cfg.port}";
};
};
}

11
modules/nixos/impermanence.nix
View File

@@ -70,6 +70,10 @@ in {
}; };
# O_O what the fuck did i write this for.... CONCERNING. # O_O what the fuck did i write this for.... CONCERNING.
#
# oh because of these types of errors:
# Directory "/var/lib/private" already exists, but has mode 0755
# that is too permissive (0700 was requested), refusing.
systemd.tmpfiles.settings."10-varlibprivate" = { systemd.tmpfiles.settings."10-varlibprivate" = {
"/var/lib/private" = { "/var/lib/private" = {
z.group = "root"; z.group = "root";
@@ -78,6 +82,13 @@ in {
}; };
}; };
# Workaround for https://github.com/nix-community/impermanence/issues/254.
systemd.services."systemd-tmpfiles-resetup" = {
serviceConfig = {
RemainAfterExit = lib.mkForce false;
};
};
# Permit members of `cfg.persistGroupName` to read, write, and execute # Permit members of `cfg.persistGroupName` to read, write, and execute
# /persist. # /persist.
systemd.tmpfiles.settings."10-persist" = { systemd.tmpfiles.settings."10-persist" = {

5
secrets.yaml
View File

File diff suppressed because one or more lines are too long