os/host/dev/seed/attic.nix — radicle-infra

rad:z254T5p17bdFPmzfDojsdjo4HjpoZ

Radicle Infrastructure as Code (NixOS, OpenTofu, …)

.. bootstrap sops zone attic.nix default.nix files.nix grafana.nix knot.nix mastodon.nix radicle.nix ssh.nix tor.nix victorialogs.nix

{config, ...}: let
  domain = "attic.radicle.dev";
  port = 54862;
  secret = "atticd.env";
in {
  sops.secrets.${secret} = {
    sopsFile = ./sops/atticd.env;
    format = "dotenv";
  };

  services = {
    atticd = {
      enable = true;
      environmentFile = config.sops.secrets.${secret}.path;
      settings = {
        listen = "127.0.0.1:${builtins.toString port}";

        storage = {
          bucket = "radicle-attic";
          type = "s3";
          region = "eu-central";
          endpoint = "https://hel1.your-objectstorage.com";
        };

        garbage-collection.interval = "48 hours";

        api-endpoint = "https://${domain}/";
      };
    };
    nginx.virtualHosts.${domain} = {
      enableACME = true;
      forceSSL = true;
      serverName = domain;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${builtins.toString port}";
        extraConfig = ''
          client_max_body_size 512m;
        '';
      };
    };
    nginx.virtualHosts."attic.radicle.xyz" = {
      enableACME = true;
      forceSSL = true;
      globalRedirect = domain;
      redirectCode = 302;
    };
  };
}