Radish alpha
r
radicle-infra
rad:z254T5p17bdFPmzfDojsdjo4HjpoZ
Radicle Infrastructure as Code (NixOS, OpenTofu, …)
Radicle
Git
Commits d690ab6
seed: Enable Attic
Lorenz Leutgeb committed 10 months ago
commit d690ab66998cd22e950c76feba133314e044284d
parent 1b0c498
4 files changed +65 -0
added os/host/seed/attic.nix
@@ -0,0 +1,42 @@
+ 
{config, ...}: let
+ 
  domain = "attic.radicle.xyz";
+ 
  port = 54862;
+ 
  secret = "atticd.env";
+ 
in {
+ 
  sops.secrets.${secret} = {
+ 
    sopsFile = ./sops/atticd.env;
+ 
    format = "dotenv";
+ 
  };
+
+ 
  services = {
+ 
    atticd = {
+ 
      enable = true;
+ 
      environmentFile = config.sops.secrets.${secret}.path;
+ 
      settings = {
+ 
        listen = "127.0.0.1:${builtins.toString port}";
+
+ 
        storage = {
+ 
          bucket = "radicle-attic";
+ 
          type = "s3";
+ 
          region = "eu-central";
+ 
          endpoint = "https://hel1.your-objectstorage.com";
+ 
        };
+
+ 
        garbage-collection.interval = "48 hours";
+
+ 
        api-endpoint = "https://${domain}/";
+ 
      };
+ 
    };
+ 
    nginx.virtualHosts.${domain} = {
+ 
      addSSL = true;
+ 
      enableACME = true;
+ 
      serverName = domain;
+ 
      locations."/" = {
+ 
        proxyPass = "http://127.0.0.1:${builtins.toString port}";
+ 
        extraConfig = ''
+ 
          client_max_body_size 512m;
+ 
        '';
+ 
      };
+ 
    };
+ 
  };
+ 
}
modified os/host/seed/default.nix
@@ -13,6 +13,7 @@
    ../../mixin/sops.nix

    ../../mixin/users.nix
+ 
    ./attic.nix

    ./ssh.nix

    ./tor.nix

    ./radicle.nix
added os/host/seed/sops/README.md
@@ -0,0 +1,7 @@
+ 
# attic
+
+ 
Generated according to <https://docs.attic.rs/admin-guide/deployment/nixos.html>:
+
+ 
```
+ 
echo "ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=\"$(nix run nixpkgs#openssl -- genrsa -traditional 4096 | base64 -w0)\"" | sops --input-type dotenv --output-type dotenv --encrypt --filename-override atticd.env /dev/stdin > atticd.env
+ 
```
added os/host/seed/sops/atticd.env
@@ -0,0 +1,15 @@
+ 
AWS_ACCESS_KEY_ID=ENC[AES256_GCM,data:wYeacjBaA8cNHLn2/WFH5kDyGQxaGg==,iv:pxAQ5Xspo1Ypc9C6L4ForarorsjcYPCaR43BY95EMPo=,tag:yogfcwbFXTFdSTAmk/vSWw==,type:str]
+ 
AWS_SECRET_ACCESS_KEY=ENC[AES256_GCM,data:kMO1htvj8LO6XaSlu9cKOa9q68zw+xy5EFKdFih40IKaU0WXDo4zDGeV,iv:a+4IYJzq93++bLhTCRKslFRD/68aefFhIrs6wCf5CwM=,tag:amBQyEcQht7EglyeVOhEXQ==,type:str]
+ 
ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=ENC[AES256_GCM,data:JyilKU3oo0mZ0X6mH6vUd2mK9bxSlsWJfEQs5ZIdFK9FduQRsvx+G4nAXKLJaY8yqspiS0YEoXwsVtY49ldWEh4qNocHw3K/oCBk5FLT9BTi+yKnAhxLb2h4kDB7L6NaIjPwMBkMuESXxrd0mdbStXwJYI1t9Xm3ylW2AW8YkBORbZKGcmwS4iA5K3ssRas1HOJBS6JIMuEDYBaUSEHnDTccmbLZ6yR53ubFM9u1hxYxPaf+HUvEXz0jeCtLvJKL3CYIKdhIcOKwAU64COc9lpFlTuFz7f3GaVfZQNBMAgciKnJjybXeS11Cwp30Qe0h46NFMhVfQmf91Ko4JONBOfH8cWowEfT8boGwb2EXZB979nnLiMJC808OhABVo69L4UPqtIZZgsIGe6ImQWtM5x9yAT+SJOpTgZzEOzDXwzROcWC0bIEpgFucyG1aiqUvOd9Kf51Xffx4wxbtHYfgTR+Cwl8HpT5PuOrg2L2beeoFhtpnBASE4E4B6wlzV7l0OyQS8RP/ZitftjkDFE9A+R6vY7Q19auVxS8TGL7/q2OLFGvIPdW8uYNZ4oEWOzv1XCgzLsX2w6bLVhCL3STafCioPH4ApsgV4Kj6a9uvf5mgvI7Oo05PemnPjG3XFRrYxS6HVDFZyR29JTnQJkDT6k6JlUfhI3+SQ5ARxHxTIR5c1KAgzw4kZSsw8LKnZ9D0VqNBSyaxzPKdh9mh86bgEJLkCtXB2RsVb0fZ1Pwrzyjnqu9rH21FRFhRkSnImjloZzB2u5gaEYoddwBeMUMmxUD30QOpotjPhCwV4CGg0DERyQjgK3GJFSXsLl1ZI5xfSyWjlAGNHszCywxP4WPbiOj4i/y61DOOIuD35OiTSyK6Ujgo5gRUrLJ6Xme9EMaZV/UrknsiQln4fflEF1Ff6Pj7ilznsLIpb5/XW3rJqTRKdCyArwRxKqvUmL50UXMzyk2YJizIhCmQbuIcqQkpWq7lzog0RELbQPwmTtT3XkrZ+TyI/dRvnBY49+Fcl0iFTf5h2dJ8jjxB5R2rzEcfW7S8NCB5m501Ncb7SXsj/R8SW5x7ekuHvQX1XvP4EjM7aA9HQCIzVZoni6kOs1yow4TLc1dKTWglYejyFUFM2k+XpOB/TWb+XoSdr9pDP8jlyF6GOQHW+f5aXbC6s7LgYRI6ZfPJgk/8L+KGjLBtrmIXUaC1eLASoYf/l4qllEOsP91uPxHExxR6hxtJvznEGRryfL3nQE5UPDNDKAusP4ruPuy4pfekwK8EeMtuExrEBLjwCZfVKSXA6KMWwB5H8vb9d9YyCICZXRvqVAmOQDJ6LcLAALx+JlkBhiDvbsn61Hsg6aa5ftXoO8kxblMv88P4eVjU2rTF1QmO3ooGPz0FJCnd0jDsCQMfBizTNhnInrk6McCVy7nVQp7qhiUSn2CPPcg0Fw1g9arK5uTzve43EbtjRxm13JTLUcNNmRv4+8rSUT6MaK4SYCt/sMtYasG8g60/qeZ+UG6Yx5m56CHjS1COmf7frN9ark/6qlj9VmHwSc/zAJLPEWCHyNrYnwys8uAXHYXoQgUWK+fJw3YGIhcwLlDQ5cj3vv43tpC3aw3R0hkVR60PuajqmGYk92ZcKAYTp5VL1HVjkDiRzRobDydrYG9tieNu9WvgS2ky5NQ0xSnpp0IWdB1T/NuDriIjBW6PiX+xlC97BdFIRRnhPiGuNozm+i+kMoOlp0EQ7pfwPF6ga5Ymm0xAcX33IyTt1QFQak6JRdKgskFUr1BO6/LPnY16ItIGomn09pxdKuQm+kEPqgU9Evk3mcOyrijG4AXQqRHw+tlSCwJutrCx0/zaRQnZf/CBk80oRfL+gtGFnjoCgoQ4XkWPXIqLK9wF240ltMu8zAWSp/PqM8Uhc5TwBAzB+j820TNybpIdR+riJwr/h28e6ZW+HGW0bI95CmoBELBbxGzftpxGkeiQodSVf4RzEyPuqsgdNQ0XHyku+68LmvnJ1ENDsyWRkkWNFjW4qnpJMvkrvzvLlrXLHjAqYKj/SgzGOCcuH1v+BZtoVENn8u8+hoWg3iBMq6N9Su5xy5VM88nP3ukcdDYB+4nZ+MCO6Sl0tfOxDSsFEz2Le3zsrzgL43We/CpdAU3UMMHqn/sLgc4e7dYh5/1JLGiin+fBLd68BlVVovmjJTaWEZDjin4GSlvL5+70dH5Po3U42JH6QUPcWEmMSuqRcgb9jLzpzc+iORJE4Y1rJjQocFFteDruz2E2YD4wCEeOqVqhHnXCnli3u4Eab91Xkkpq5DXKUhsdnCmugtaeYw4mbVFbXOGxHPU6KIovoe3m5Ly3tzbV+9ylKLQg5Ndjat3jfhOLaSww8S5l25M8SKjnXMP6AiEX6R7wnddzankoCG97qoM/3GLuWOPX5nhedOQq4BgC0SILVUTYfbQRlCPLNoAFHDYNjBHoORoAZZ+I+BUNnEAdzp/wjpzZk5+zLd/RkKvrBgJVF6bsMkAYak0ybf5C4++22fPND4ooOFDBAo3ATb1ZIcCmaVipfGbiOK8mFZjCBweNBUWb2kS0poRvBxvmWkdnO4RpjbElFfc3Tr9jVBNwnTihak5n69+7t5fKdadogJb1iGzK7JF7HLssyDu2WgVa+ye6e+6re7Q3X+rNgCjjslTa6SGs3oRT61L6cSAiBSr8Lmra79Yt+Ovj9xVTROfdhocPZhlWDClQHsWkQGS7hL7G7GX45Js6e3l6/OlU0/dm+ogO8Rje0SlRUcSVy8jz/c6nEArjy22iFBQtKP0Qjm2dxvHRbqXIbD5yFn3LGOgsgz5cjd9dJmXRs0aqTIkQcvM8LOdvX8dgFr8yrtRfpJ8t1/3hwjGFvexCSlNHZVODglMfeeETy6gbVXTbq6YkyT0w3rXtcruVC/LlOSdT4D9To2nbAmx+3sensyBpK3eDirhkVBteHfEjhV2dZzKTcW1N7XgsNwh3MBnWBrUMqQED92D1S5Zn62mFXZVr60QNT5hUBTp+UlEJTtyQopsTnsueGlwOO5n8CJWS007mWFV7B9Ok3idE4SM68Qt63BBHAshXLiWMdEHaJ5ww6J70hVYGDx5UoiRq7QncvCf7Tx688p7Q57sjczFuj7J2T4IxcjSLQ3F5em6bSTdl7dn0faJCMwxA5OStZ3FhrwBqq6DJW4MSj+tYxQAJRtj98N34dQyMKn4n9mUmdhLHAJuqnVBqNnRBt32UfSXOd0vmylX8bF5jK62fNaj9KKo/t4X7IRzpkPi6xOCSo2zlulfiAek0n7UIRm2w6O4t0PiKB6PflHVdUiIa4bVli9fLVb5EIbsb1MoO/f89yVbcLIaOBrVKOndhC+rzCM00Ln9rdgIq2qY6Lkc1DYnW8Io1lFiHy4yKbt8IacM7GqF26lxp8WlvEjRx6eHiPY/EOZeTDagp1pqS8gEv6Gsc8Hc2+uvKIKmcTEvxzJ6iB6TOMzhaaXk5GpfMT0C11jp2QnNtlaNNmNODXq3DMpQQcZUXXrT3pgP7gZLGxpeJ3bKxiNIQ/aHw6navg6d5f5RJDNCykzcbs05092zEMb/d/cYaIAfn5LwJNz21a/xKx1UkByLA64iLrrF91ypAy1QbgPLY2DX3jkhNLwXggEhE6w5m26K+K0byPM8qzYDom0tz+Cv7LSkZi3nYaOwnqlRQo3brimajHQZkGtUTZ8BVpQeQZ82wXG0KLZTJQWnvrYtjRBnkQznO+J3jS6jkJNym/L849qSzM+ECBLJdg9OnSaLzRChBJgjfCyAQN+EvDVIfoxnnsTLuDwbu2An0LOa10MJIiF5aZ4ti2e8FTvTJQ1PPlazH+gkMa9tsRRIt21sTbXuEyIMf4RFlnr9O+06gm4KUQ48ToHYcsJuEuJAU1Wd/H37vjdZYsTaFEAOfW6iigWDFCJ7B9xLNH1K6ILHDx/MD6wiiGt8BKgErXITM1hV1EDH8CPo7SCYm3kzjG32T1+pxWHeJuC6OXeHeFMg3FRlbBCs4iHGqtmE8xdPxxPJe3isbqsqI53ceed/hTfdtVKtsE+Y0AILL99rGzw2Kb97yFSBH/U3W8JreUSuhSHPX/A1XHwHtd9GUpD60Pd8Q/e0RYRUI4Y08xYvx/yjDt7tdRae9DIUzEpj13gTUW8lQCt3CKYydazHinAQ9ps6psmCR0vDdmFdxHkiZJ7VWatUICMlHpwpvgaKm1tWWryn2SmVee36bxoFUndBDKbEDjlc9hoY+szSmAHnWT+jiC5dgM2jztTqcqxnwfM06IB7b2QQbd8Aq8cgZyolKtgeiDzLBzNoMPxj9rXo7BWokEdacvTAV5l+MEJLpFR7XWPWHYzva4ig0w2Uy/az0auAmcmBlZdQXaYH2NnkwaLX4Q7S4zGXKIGi7/2Ww1E4bT+rlJZJ8XlxJejYrFo2FrjYgo42WQqdVHlRMZeY1Bp1czNKMV7cGKdRso5gbrIXAPXs8k7lZwa1l2r7sJmJBKg++Bv2eTGUHl15kkpbO6rTCQIt0gSKbR9nERzpqoMXIFItnu5LrWrCdsn8OPXjPxOLqJDztX1NAt5Cv2Ca4y0bCIyqZ0IaiFXpQiYfHQAwW2qPOaj+DUezGyuh7JKW0WtNySPnb4fjxAlbTSb0pkCpPk72U2nzobn87A+CzSAH4ZR5UcvNRGTiYJCElAIJLYZb18E4gDhoa0+gxSSiMXt74DlkTLGpOB0KTBIam1shblLZUANmUodwRoOcUHn5rF+5Loz3JKLB6HZZUsp5Kzih2yYYywh+J6dIn+KIWQ5sq0EPfR/wP6tcOGxukjeeLmquIuY6ZY99mD2aJfMJ82Ck3P5BYnDjwP/tZl6jLYHDU79ViZ4ibtWgNWuVgdvRfegxiLEgv2rlEVrQ76adjUtvXDooZx9Kz1g2X4UKwLoqXzpXPuUwHHGZGOpeZBrJRcDCb3jWPmbKIGqUzhhvXTIyymEgNyVvtByNxc92F6yex1RbgtsD7o2ExsL4PPPbxwDsOgtT1wIpvEmCoISkHuS6uilIlD5BAPuSYhuen3WnNsIEhM/r5u+uFtjf2Reim6PG2cHwBWy4MThwNZ7CMQE5sXH3I0qOogQqgFuzHRUgOk02wNAi1HxSTx6dmvOcWBAR6JsxSd1QbKPa1vWRsG7XNe5d8KNamn4JEDhXtRH8a1DQH30dPpIDGYxMV+AcbJ2dbRkB0ehJoz5VZqbDr03Fbt2jkFp+0QMUyPr7VxDuaw3grLQL2tbhEF48ZFGNhn97mob06jaQyBFQMOy33hyEU2AJkZdZsb2QLh1bmT44D5GkLH804mPbSBdVr2TGYsZqF9tlT5kOIkLvg7bLQIEqpo0ykOjr1c22N+qCQaehnN9ZfKn2KaprPqz/1JpcvrglT0hmkLmRvjAxmlHdjHmhKvp6r0qFcxYfWOgDVtXFMNKM46jd6Jnl/DYYJjbb9To2AjP1/IQazcB+aIsjz/Yll46Tw4zCqohlXbCny7rWap+Gns8IYKb+VHzcsAiOU5A8/ZVASRUO4L0URfUsTmgy9zIslbOgaQa991S8KDCVPH4D2Qledqi5oWyj+MaHbX9PVIBxXqLVXwDFkLS3qbRcS8DTcjhV5tIW1fNaePmRvZF+TCPLsRSwvlTGyw2zVg2EQLmTHiv79q+xYLYs4nTYJUaENEVq8aisCLFgiF3/iN9n/Rc0z/jvSrR5nEFNjUFTLUhruWBWSNj1ruMGMRjVTXcOKip/vEp8fVb2EoOdWt4po2KYr9x2WkcCQIXlYn363aOqTlmzR6Oo=,iv:c1JfPUkfHPSL1BGdQBx49C/H9i+w/+W2RZdYYzVFe3M=,tag:5z6b2SgxzvS3wzpjhI+FEg==,type:str]
+ 
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6aXdySHF3WEVvOEJtSkhw\nYS9WL0VWa3d1cjF2OEFRZHo4U28wdExsOFVrCjlLczc0NjR1SUh0SG82NnpmdUcw\nTUp1Y3RqelRlMU43VVM4S0FQeW1TSE0KLS0tICtxNVI5Wk5qL08wNS85ZGQrcHor\nQmhQT28wN2M5eFhxRVJsSDU5SE5IQjAKzBP+0Bz5eTSksZVtcm0cQcy+gdRuFZo6\nmbG46bAD/qljCYY/fh9UBo0obAL2Dzk5DxlR9apv3QDrWxkZAhckMw==\n-----END AGE ENCRYPTED FILE-----\n
+ 
sops_age__list_0__map_recipient=age1c0g6s6daxy79dlm9uqczwlkh0hvjpghw5h8zzljc3vs275rvvqus30hv9l
+ 
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEaTlNaDkrWnhMR0lVdTFV\nRkU2THgzVEt1N3hBb1pTSW1vc0VFQjBqSjBNCnhqM1RTc2xsUDhpc0dvMjE5M0Ja\nemdwYjBhK3k1YlZwTGNZZE9qcHYxSlkKLS0tIDF5SGVrVm40L1pRUFplaDBrNXB2\nMVczVWdMdEhvZ3BtaE5veE90VjRDMVkK3/I0ymsAJF+4B7rF2bfKnGtLkUYDQBA/\n42cnzqE2vbyZUKID/hnAaSAjsT+T4sQ/3P/UyKQVBPwfaZquTfDfaw==\n-----END AGE ENCRYPTED FILE-----\n
+ 
sops_age__list_1__map_recipient=age15fd8ljdtzkphz3gf9ezpz58u5fhc7260h68nn32znn4m00ank45skd3luy
+ 
sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5aytrNUFrTUxua2p4YUpz\neCtNWFp0WEZ4UkZ5a2h2NEU2RkR0aHUyRlVNCnplMy9RWXhXL3BWQ2pudWxiNk1C\nQTJYWmZ0U0wrVnRHcm8vSmVmTFVyZGsKLS0tIFRZVFBpQ3RvU0FtMGhkSHg5K0E1\nUlFqV3ZtTDMzSXhQOHFwb2RQMXJjR0EKbbZKum0xP2OomoJ7O4SYgejEbc6wGskG\n4yZUojl/MO1QRtR1tzoJBuUOQ3/KDnvouotMd4rMpx8Nh0zyXuXY3Q==\n-----END AGE ENCRYPTED FILE-----\n
+ 
sops_age__list_2__map_recipient=age1kygyyrr6m43lgmy8pq57nc0jfmzr38uv8p5udg956p39ghs4qvnsdzs6nm
+ 
sops_age__list_3__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLZXRFclBTRmlzcGtpS2VZ\nZTRuSTJSOUpuUXpNbHltczV1N0RtTFFMd1NFCktvTGhrc0RJbGorOENKVjE0Mno5\nVDVnYlFNc3hHVHJkMlM4b24vMG9hWVkKLS0tIE1HZ05Qb2tpbzVNRDJjTk9VS2Ux\nWWFIVklQSGxuV3RvOUdVQTFOaEplcmcKfp3CC0Aj94vSEHwG1v9/fYrx/O0uA2k/\nRtwZfYnqAUeFbUKAi9ttF1bJNAuTjdA5JSKwmjcaJtE8a4oHyTLWQw==\n-----END AGE ENCRYPTED FILE-----\n
+ 
sops_age__list_3__map_recipient=age1jemy54kqt4xgglg5f3g3sda5tndsqhjynvdugpy0yknefnw69u7qwymfj4
+ 
sops_lastmodified=2025-06-05T10:03:06Z
+ 
sops_mac=ENC[AES256_GCM,data:nhnq7QeH9PoHrTHI8arecxgjd62nneAe+GGQ4e2wR4LFLx8QXSNTnNIEH9SAmESqRtnK+lTR0Fd8LdMcKBP8u0bgDfDWtMM7Pkk659OyuJjqyNw+BGbFamHPOWesOJBaeMkETbiSQ9RiOBW4E+y6FUDMTg5N34TBIUilFpwp2kI=,iv:KjKcELRosjglTMNCsE06iEUJINL6EMMpZ43wLaP/12o=,tag:jjt0tWPHwe8DAGiP5UOtNw==,type:str]
+ 
sops_unencrypted_suffix=_unencrypted
+ 
sops_version=3.10.2