persist attic data
This commit is contained in:
parent
f8b0e13356
commit
0c57b2deae
4 changed files with 90 additions and 22 deletions
|
@ -1,5 +1,47 @@
|
||||||
|
{ pkgs, ... }: {
|
||||||
|
kubernetes.resources =
|
||||||
|
let
|
||||||
|
atticdSettings = {
|
||||||
|
database.url = "ref+sops://secrets/sops.yaml#atticd/databaseURL";
|
||||||
|
|
||||||
|
storage = {
|
||||||
|
type = "local";
|
||||||
|
path = "/var/lib/atticd/storage";
|
||||||
|
};
|
||||||
|
|
||||||
|
listen = "[::]:8080";
|
||||||
|
|
||||||
|
# Data chunking
|
||||||
|
#
|
||||||
|
# Warning: If you change any of the values here, it will be
|
||||||
|
# difficult to reuse existing chunks for newly-uploaded NARs
|
||||||
|
# since the cutpoints will be different. As a result, the
|
||||||
|
# deduplication ratio will suffer for a while after the change.
|
||||||
|
chunking = {
|
||||||
|
# The minimum NAR size to trigger chunking
|
||||||
|
#
|
||||||
|
# If 0, chunking is disabled entirely for newly-uploaded NARs.
|
||||||
|
# If 1, all NARs are chunked.
|
||||||
|
nar-size-threshold = 64 * 1024; # 64 KiB
|
||||||
|
|
||||||
|
# The preferred minimum size of a chunk, in bytes
|
||||||
|
min-size = 16 * 1024; # 16 KiB
|
||||||
|
|
||||||
|
# The preferred average size of a chunk, in bytes
|
||||||
|
avg-size = 64 * 1024; # 64 KiB
|
||||||
|
|
||||||
|
# The preferred maximum size of a chunk, in bytes
|
||||||
|
max-size = 256 * 1024; # 256 KiB
|
||||||
|
};
|
||||||
|
};
|
||||||
|
generatedConfig = (pkgs.formats.toml { }).generate "atticd.toml" atticdSettings;
|
||||||
|
in
|
||||||
{
|
{
|
||||||
kubernetes.resources = {
|
configMaps = {
|
||||||
|
atticd-env.data.ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64 = "ref+sops://secrets/sops.yaml#atticd/jwtToken";
|
||||||
|
atticd-config.data.config = builtins.readFile generatedConfig;
|
||||||
|
};
|
||||||
|
|
||||||
deployments.atticd = {
|
deployments.atticd = {
|
||||||
metadata.labels.app = "atticd";
|
metadata.labels.app = "atticd";
|
||||||
|
|
||||||
|
@ -11,8 +53,27 @@
|
||||||
|
|
||||||
spec = {
|
spec = {
|
||||||
containers.atticd = {
|
containers.atticd = {
|
||||||
image = "git.kun.is/pim/atticd-nix-image:test";
|
image = "git.kun.is/home/atticd:fd910d91c2143295e959d2c903e9ea25cf94ba27";
|
||||||
|
envFrom = [{ configMapRef.name = "atticd-env"; }];
|
||||||
ports.web.containerPort = 8080;
|
ports.web.containerPort = 8080;
|
||||||
|
args = [ "-f" "/etc/atticd/config.toml" ];
|
||||||
|
|
||||||
|
volumeMounts = [
|
||||||
|
{
|
||||||
|
name = "data";
|
||||||
|
mountPath = "/var/lib/atticd/storage";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "config";
|
||||||
|
mountPath = "/etc/atticd/config.toml";
|
||||||
|
subPath = "config";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
volumes = {
|
||||||
|
data.persistentVolumeClaim.claimName = "atticd";
|
||||||
|
config.configMap.name = "atticd-config";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -38,5 +99,7 @@
|
||||||
portName = "web";
|
portName = "web";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nfsVolumes.atticd.path = "atticd";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
|
|
||||||
spec = {
|
spec = {
|
||||||
containers.blog = {
|
containers.blog = {
|
||||||
image = "git.kun.is/home/blog-pim:5a7cb47dd4a8b6286f6987781683b174cd280b95";
|
image = "git.kun.is/home/blog-pim:fd910d91c2143295e959d2c903e9ea25cf94ba27";
|
||||||
ports.web.containerPort = 80;
|
ports.web.containerPort = 80;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -31,6 +31,7 @@ let
|
||||||
"/sonarr/config"
|
"/sonarr/config"
|
||||||
"/bazarr/config"
|
"/bazarr/config"
|
||||||
"/minecraft"
|
"/minecraft"
|
||||||
|
"/atticd"
|
||||||
];
|
];
|
||||||
|
|
||||||
nfsExports = lib.strings.concatLines (
|
nfsExports = lib.strings.concatLines (
|
||||||
|
@ -93,6 +94,7 @@ in
|
||||||
host nextcloud nextcloud all md5
|
host nextcloud nextcloud all md5
|
||||||
host hedgedoc hedgedoc all md5
|
host hedgedoc hedgedoc all md5
|
||||||
host paperless paperless all md5
|
host paperless paperless all md5
|
||||||
|
host attic attic all md5
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -16,6 +16,9 @@ forgejo:
|
||||||
lfsJwtSecret: ENC[AES256_GCM,data:TZaptdiX/3HT2Q5lHqAOEQBkT3gV49dD6+RIludIcJVA6AevijgDonuVQA==,iv:hwU0K4JjFs8LaSNe5Dqmsj5Vz/w3sOWgSrnEW22bM/M=,tag:RJTDtYqRQdGVQ6PO2V+31g==,type:str]
|
lfsJwtSecret: ENC[AES256_GCM,data:TZaptdiX/3HT2Q5lHqAOEQBkT3gV49dD6+RIludIcJVA6AevijgDonuVQA==,iv:hwU0K4JjFs8LaSNe5Dqmsj5Vz/w3sOWgSrnEW22bM/M=,tag:RJTDtYqRQdGVQ6PO2V+31g==,type:str]
|
||||||
internalToken: ENC[AES256_GCM,data:28sIm0OW2G48ZECjCf5WM9/O5kbo54S96aD20MYfGrK0pbxgAwLjL8jXO/dNobSQ+26vet2WKfLbC9MPdBjhsQ5zC/keGHUFw6TPqnuhFchTLnP+JvMoqNZzcRo2kHi/EM93luG6xQvy,iv:Iy+1EVS7lvLust4MPkxyFonna/q1NVzRyMcTSJ3F5oM=,tag:v075jl/jtqcjSkEhRZVO2g==,type:str]
|
internalToken: ENC[AES256_GCM,data:28sIm0OW2G48ZECjCf5WM9/O5kbo54S96aD20MYfGrK0pbxgAwLjL8jXO/dNobSQ+26vet2WKfLbC9MPdBjhsQ5zC/keGHUFw6TPqnuhFchTLnP+JvMoqNZzcRo2kHi/EM93luG6xQvy,iv:Iy+1EVS7lvLust4MPkxyFonna/q1NVzRyMcTSJ3F5oM=,tag:v075jl/jtqcjSkEhRZVO2g==,type:str]
|
||||||
runnerToken: ENC[AES256_GCM,data:F6PsbkhT1epKfi9MpLpMqDosloVkhIiq/olBi/bbt8k88qxfw0vwvg==,iv:I/LH8V0Um+PCpjSrcjiZAN71nXcqv1m84wBUPLWT33Q=,tag:Y3qhbt7OqkRbHOCXRKLUeg==,type:str]
|
runnerToken: ENC[AES256_GCM,data:F6PsbkhT1epKfi9MpLpMqDosloVkhIiq/olBi/bbt8k88qxfw0vwvg==,iv:I/LH8V0Um+PCpjSrcjiZAN71nXcqv1m84wBUPLWT33Q=,tag:Y3qhbt7OqkRbHOCXRKLUeg==,type:str]
|
||||||
|
atticd:
|
||||||
|
jwtToken: ENC[AES256_GCM,data:DTiREnIdZxsewzLXeZgERBJKorUuqI71TgmUyKyc8iH6ioJLciU/9wfLiO+ltUA+3eEnuyuJHTpFwtLS0Wrjh5G4kYNkiX6Mw1bEJZnR+x2xJAJmfa4sJw==,iv:8jJfPosy02vezJOA0oKSphUItWqQ0Pr1cc8rBSuSawE=,tag:p+dZBP5+EYHjtTH9EkdYsw==,type:str]
|
||||||
|
databaseURL: ENC[AES256_GCM,data:beyFNmbapw9asGHZN52taNx6klO3IQJ7wXbYTvo1NMaFyvo5qk2osocrwkeVv3w8bUWGgbQ/LKLuvg==,iv:qGFwhuLj0ApY9EpclM0x1nVBqXjv8XZC58cy6AE3AtQ=,tag:an+slq4Wlh7/sunX44yxOQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -31,8 +34,8 @@ sops:
|
||||||
dVBPbkRib1M1cmVKZzl4TWpoSml2WDQK45jJDXpPXIBoaANhjZSWYVZ8mI51LAin
|
dVBPbkRib1M1cmVKZzl4TWpoSml2WDQK45jJDXpPXIBoaANhjZSWYVZ8mI51LAin
|
||||||
EqgBj7VKY+CQbw1gMd1Fdh8iDYraowwcLyd/ZhZ/M0kIdkCc5E1a5g==
|
EqgBj7VKY+CQbw1gMd1Fdh8iDYraowwcLyd/ZhZ/M0kIdkCc5E1a5g==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-04-17T21:16:56Z"
|
lastmodified: "2024-04-27T18:37:27Z"
|
||||||
mac: ENC[AES256_GCM,data:ICOsWZ7F7boyYhkFGgqJZOCY9aPXI5YvQfqcKkj4Pt/LoU9+PDi2iSDN47VTTloqIXap4PhEMEi7He6AV3r9DTHKT5PxQcWxESGffLlUlK7Q3a/H1V63Sdy9Ct1PycKupjEEWylYXWTWG5/dGe9qh6u1ZS7adz5fHxA3Y8MT6Dg=,iv:61IexBQQse6iShry10toUAjc3gLf588PKJFK+aJWCbY=,tag:wrSM4ipHBMXIEfLLLGe/Tw==,type:str]
|
mac: ENC[AES256_GCM,data:LP0gbW3AI0hKE3dfVdDC0+BMtz2fRbtgfxVF7zPZ6cg09cXaOlNPExAxEIzp0pBtTN7114hL3MNzczov64ES9YvP8XIXDcEZzQxVqUgkacgrCIfm1Zd2o1sIT9ORreK04+S4gnvMgbXq9TAEnxnK2SVhvthwmLVw3MXjBb2+/wc=,iv:Nf7c+AdaU8yCnhHYKwERdMzFw0qY0y0c8VMxa/Hcg50=,tag:SRvJ0YqimkswD8Ljp69jog==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
Loading…
Reference in a new issue