Build all images with nix-snapshotter

2024-12-19 21:07:30 +01:00 · 2024-12-19 21:07:30 +01:00 · 708e6b4336
commit 708e6b4336
parent ab3a068066
14 changed files with 125 additions and 184 deletions
--- a/nixng-configurations/attic.nix
+++ b/nixng-configurations/attic.nix
@ -0,0 +1,46 @@
+{...}: {
+  dinit.enable = true;
+  init.services.attic.shutdownOnExit = true;
+
+  services.attic = {
+    enable = true;
+
+    settings = {
+      # The '+" is to explicitly denote the end of the Vals expression.
+      # This is done because we quote the template for the toml file.
+      # See: https://github.com/helmfile/vals?tab=readme-ov-file#expression-syntax
+      # database.url = "ref+sops://secrets.yml#attic/databaseURL+";
+      database = {};
+
+      storage = {
+        type = "local";
+        path = "/var/lib/atticd/storage";
+      };
+
+      listen = "[::]:8080";
+
+      # Data chunking
+      #
+      # Warning: If you change any of the values here, it will be
+      # difficult to reuse existing chunks for newly-uploaded NARs
+      # since the cutpoints will be different. As a result, the
+      # deduplication ratio will suffer for a while after the change.
+      chunking = {
+        # The minimum NAR size to trigger chunking
+        #
+        # If 0, chunking is disabled entirely for newly-uploaded NARs.
+        # If 1, all NARs are chunked.
+        nar-size-threshold = 64 * 1024; # 64 KiB
+
+        # The preferred minimum size of a chunk, in bytes
+        min-size = 16 * 1024; # 16 KiB
+
+        # The preferred average size of a chunk, in bytes
+        avg-size = 64 * 1024; # 64 KiB
+
+        # The preferred maximum size of a chunk, in bytes
+        max-size = 256 * 1024; # 256 KiB
+      };
+    };
+  };
+}
--- a/nixng-configurations/default.nix
+++ b/nixng-configurations/default.nix
@ -8,6 +8,9 @@
 flake-utils.lib.eachDefaultSystem (system: let
  images = {
    dnsmasq = ./dnsmasq.nix;
+    attic = ./attic.nix;
+    ntfy = ./ntfy.nix;
+    radicale = ./radicale.nix;
  };
 in {
  nixngConfigurations = builtins.mapAttrs (name: configFile:
--- a/nixng-configurations/ntfy.nix
+++ b/nixng-configurations/ntfy.nix
@ -0,0 +1,20 @@
+{...}: {
+  dinit.enable = true;
+  init.services.ntfy-sh.shutdownOnExit = true;
+
+  services.ntfy-sh = {
+    enable = true;
+
+    settings = {
+      base-url = "https://ntfy.kun.is";
+      cache-file = "/var/cache/ntfy/cache.db";
+      cache-duration = "14d";
+      auth-file = "/var/lib/ntfy/user.db";
+      auth-default-access = "deny-all";
+      attachment-cache-dir = "/var/cache/ntfy-attachments";
+      enable-signup = false;
+      enable-login = true;
+      visitor-subscription-limit = 100;
+    };
+  };
+}
--- a/nixng-configurations/radicale.nix
+++ b/nixng-configurations/radicale.nix
@ -0,0 +1,46 @@
+{nglib, ...}: let
+  htpasswd_location = "/radicale_htpasswd";
+in {
+  dinit.enable = true;
+
+  init.services.radicale = {
+    shutdownOnExit = true;
+
+    tmpfiles = with nglib.nottmpfiles.dsl; [
+      (f htpasswd_location "-" "radicale" "radicale" _ "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ.")
+    ];
+  };
+
+  services.radicale = {
+    enable = true;
+
+    settings = {
+      server = {
+        hosts = "0.0.0.0:5232, [::]:5232";
+        ssl = false;
+      };
+
+      encoding = {
+        request = "utf-8";
+        stock = "utf-8";
+      };
+
+      auth = {
+        realm = "Radicale - Password Required";
+        type = "htpasswd";
+        htpasswd_filename = htpasswd_location;
+        htpasswd_encryption = "md5";
+      };
+
+      rights.type = "owner_only";
+
+      storage = {
+        type = "multifilesystem";
+        filesystem_folder = "/data";
+      };
+
+      logging = {};
+      headers = {};
+    };
+  };
+}