persist attic data

This commit is contained in:
Pim Kunis 2024-04-27 20:53:32 +02:00
parent f8b0e13356
commit 0c57b2deae
4 changed files with 90 additions and 22 deletions

View file

@ -1,5 +1,47 @@
{ pkgs, ... }: {
kubernetes.resources =
let
atticdSettings = {
database.url = "ref+sops://secrets/sops.yaml#atticd/databaseURL";
storage = {
type = "local";
path = "/var/lib/atticd/storage";
};
listen = "[::]:8080";
# Data chunking
#
# Warning: If you change any of the values here, it will be
# difficult to reuse existing chunks for newly-uploaded NARs
# since the cutpoints will be different. As a result, the
# deduplication ratio will suffer for a while after the change.
chunking = {
# The minimum NAR size to trigger chunking
#
# If 0, chunking is disabled entirely for newly-uploaded NARs.
# If 1, all NARs are chunked.
nar-size-threshold = 64 * 1024; # 64 KiB
# The preferred minimum size of a chunk, in bytes
min-size = 16 * 1024; # 16 KiB
# The preferred average size of a chunk, in bytes
avg-size = 64 * 1024; # 64 KiB
# The preferred maximum size of a chunk, in bytes
max-size = 256 * 1024; # 256 KiB
};
};
generatedConfig = (pkgs.formats.toml { }).generate "atticd.toml" atticdSettings;
in
{ {
kubernetes.resources = { configMaps = {
atticd-env.data.ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64 = "ref+sops://secrets/sops.yaml#atticd/jwtToken";
atticd-config.data.config = builtins.readFile generatedConfig;
};
deployments.atticd = { deployments.atticd = {
metadata.labels.app = "atticd"; metadata.labels.app = "atticd";
@ -11,8 +53,27 @@
spec = { spec = {
containers.atticd = { containers.atticd = {
image = "git.kun.is/pim/atticd-nix-image:test"; image = "git.kun.is/home/atticd:fd910d91c2143295e959d2c903e9ea25cf94ba27";
envFrom = [{ configMapRef.name = "atticd-env"; }];
ports.web.containerPort = 8080; ports.web.containerPort = 8080;
args = [ "-f" "/etc/atticd/config.toml" ];
volumeMounts = [
{
name = "data";
mountPath = "/var/lib/atticd/storage";
}
{
name = "config";
mountPath = "/etc/atticd/config.toml";
subPath = "config";
}
];
};
volumes = {
data.persistentVolumeClaim.claimName = "atticd";
config.configMap.name = "atticd-config";
}; };
}; };
}; };
@ -38,5 +99,7 @@
portName = "web"; portName = "web";
}; };
}; };
nfsVolumes.atticd.path = "atticd";
}; };
} }

View file

@ -11,7 +11,7 @@
spec = { spec = {
containers.blog = { containers.blog = {
image = "git.kun.is/home/blog-pim:5a7cb47dd4a8b6286f6987781683b174cd280b95"; image = "git.kun.is/home/blog-pim:fd910d91c2143295e959d2c903e9ea25cf94ba27";
ports.web.containerPort = 80; ports.web.containerPort = 80;
}; };
}; };

View file

@ -31,6 +31,7 @@ let
"/sonarr/config" "/sonarr/config"
"/bazarr/config" "/bazarr/config"
"/minecraft" "/minecraft"
"/atticd"
]; ];
nfsExports = lib.strings.concatLines ( nfsExports = lib.strings.concatLines (
@ -93,6 +94,7 @@ in
host nextcloud nextcloud all md5 host nextcloud nextcloud all md5
host hedgedoc hedgedoc all md5 host hedgedoc hedgedoc all md5
host paperless paperless all md5 host paperless paperless all md5
host attic attic all md5
''; '';
}; };
}; };

View file

@ -16,6 +16,9 @@ forgejo:
lfsJwtSecret: ENC[AES256_GCM,data:TZaptdiX/3HT2Q5lHqAOEQBkT3gV49dD6+RIludIcJVA6AevijgDonuVQA==,iv:hwU0K4JjFs8LaSNe5Dqmsj5Vz/w3sOWgSrnEW22bM/M=,tag:RJTDtYqRQdGVQ6PO2V+31g==,type:str] lfsJwtSecret: ENC[AES256_GCM,data:TZaptdiX/3HT2Q5lHqAOEQBkT3gV49dD6+RIludIcJVA6AevijgDonuVQA==,iv:hwU0K4JjFs8LaSNe5Dqmsj5Vz/w3sOWgSrnEW22bM/M=,tag:RJTDtYqRQdGVQ6PO2V+31g==,type:str]
internalToken: ENC[AES256_GCM,data:28sIm0OW2G48ZECjCf5WM9/O5kbo54S96aD20MYfGrK0pbxgAwLjL8jXO/dNobSQ+26vet2WKfLbC9MPdBjhsQ5zC/keGHUFw6TPqnuhFchTLnP+JvMoqNZzcRo2kHi/EM93luG6xQvy,iv:Iy+1EVS7lvLust4MPkxyFonna/q1NVzRyMcTSJ3F5oM=,tag:v075jl/jtqcjSkEhRZVO2g==,type:str] internalToken: ENC[AES256_GCM,data:28sIm0OW2G48ZECjCf5WM9/O5kbo54S96aD20MYfGrK0pbxgAwLjL8jXO/dNobSQ+26vet2WKfLbC9MPdBjhsQ5zC/keGHUFw6TPqnuhFchTLnP+JvMoqNZzcRo2kHi/EM93luG6xQvy,iv:Iy+1EVS7lvLust4MPkxyFonna/q1NVzRyMcTSJ3F5oM=,tag:v075jl/jtqcjSkEhRZVO2g==,type:str]
runnerToken: ENC[AES256_GCM,data:F6PsbkhT1epKfi9MpLpMqDosloVkhIiq/olBi/bbt8k88qxfw0vwvg==,iv:I/LH8V0Um+PCpjSrcjiZAN71nXcqv1m84wBUPLWT33Q=,tag:Y3qhbt7OqkRbHOCXRKLUeg==,type:str] runnerToken: ENC[AES256_GCM,data:F6PsbkhT1epKfi9MpLpMqDosloVkhIiq/olBi/bbt8k88qxfw0vwvg==,iv:I/LH8V0Um+PCpjSrcjiZAN71nXcqv1m84wBUPLWT33Q=,tag:Y3qhbt7OqkRbHOCXRKLUeg==,type:str]
atticd:
jwtToken: ENC[AES256_GCM,data:DTiREnIdZxsewzLXeZgERBJKorUuqI71TgmUyKyc8iH6ioJLciU/9wfLiO+ltUA+3eEnuyuJHTpFwtLS0Wrjh5G4kYNkiX6Mw1bEJZnR+x2xJAJmfa4sJw==,iv:8jJfPosy02vezJOA0oKSphUItWqQ0Pr1cc8rBSuSawE=,tag:p+dZBP5+EYHjtTH9EkdYsw==,type:str]
databaseURL: ENC[AES256_GCM,data:beyFNmbapw9asGHZN52taNx6klO3IQJ7wXbYTvo1NMaFyvo5qk2osocrwkeVv3w8bUWGgbQ/LKLuvg==,iv:qGFwhuLj0ApY9EpclM0x1nVBqXjv8XZC58cy6AE3AtQ=,tag:an+slq4Wlh7/sunX44yxOQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -31,8 +34,8 @@ sops:
dVBPbkRib1M1cmVKZzl4TWpoSml2WDQK45jJDXpPXIBoaANhjZSWYVZ8mI51LAin dVBPbkRib1M1cmVKZzl4TWpoSml2WDQK45jJDXpPXIBoaANhjZSWYVZ8mI51LAin
EqgBj7VKY+CQbw1gMd1Fdh8iDYraowwcLyd/ZhZ/M0kIdkCc5E1a5g== EqgBj7VKY+CQbw1gMd1Fdh8iDYraowwcLyd/ZhZ/M0kIdkCc5E1a5g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-17T21:16:56Z" lastmodified: "2024-04-27T18:37:27Z"
mac: ENC[AES256_GCM,data:ICOsWZ7F7boyYhkFGgqJZOCY9aPXI5YvQfqcKkj4Pt/LoU9+PDi2iSDN47VTTloqIXap4PhEMEi7He6AV3r9DTHKT5PxQcWxESGffLlUlK7Q3a/H1V63Sdy9Ct1PycKupjEEWylYXWTWG5/dGe9qh6u1ZS7adz5fHxA3Y8MT6Dg=,iv:61IexBQQse6iShry10toUAjc3gLf588PKJFK+aJWCbY=,tag:wrSM4ipHBMXIEfLLLGe/Tw==,type:str] mac: ENC[AES256_GCM,data:LP0gbW3AI0hKE3dfVdDC0+BMtz2fRbtgfxVF7zPZ6cg09cXaOlNPExAxEIzp0pBtTN7114hL3MNzczov64ES9YvP8XIXDcEZzQxVqUgkacgrCIfm1Zd2o1sIT9ORreK04+S4gnvMgbXq9TAEnxnK2SVhvthwmLVw3MXjBb2+/wc=,iv:Nf7c+AdaU8yCnhHYKwERdMzFw0qY0y0c8VMxa/Hcg50=,tag:SRvJ0YqimkswD8Ljp69jog==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1