Setup postgresql for atticd

This commit is contained in:
alejandro-angulo 2026-02-14 22:17:04 -08:00
parent c1d7b2b819
commit 431a7e9767

View file

@ -5,6 +5,7 @@
... ...
}: }:
let let
attic_cfg = config.services.atticd;
cfg = config.${namespace}.services.atticd; cfg = config.${namespace}.services.atticd;
in in
{ {
@ -22,6 +23,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
age.secrets.atticd.file = ../../../../secrets/atticd.age; age.secrets.atticd.file = ../../../../secrets/atticd.age;
services.atticd = { services.atticd = {
enable = true; enable = true;
# ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64: The base64-encoded RSA PEM PKCS1 of the RS256 JWT secret. Generate it with openssl genrsa -traditional 4096 | base64 -w0. # ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64: The base64-encoded RSA PEM PKCS1 of the RS256 JWT secret. Generate it with openssl genrsa -traditional 4096 | base64 -w0.
@ -39,9 +41,27 @@ in
api-endpoint = "https://attic.kilonull.com/"; api-endpoint = "https://attic.kilonull.com/";
listen = "[::]:8080"; listen = "[::]:8080";
garbage-collection.retention-period = "30d"; garbage-collection.retention-period = "30d";
database.url = "postgresql://atticd/?host=/run/postgresql";
}; };
}; };
services.postgresql = {
enable = true;
ensureDatabases = [ "atticd" ];
ensureUsers = [
{
name = attic_cfg.user;
ensureDBOwnership = true;
}
];
identMap = ''
attic attic attic
'';
authentication = ''
local all attic peer map=attic
'';
};
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts."attic.kilonull.com" = { virtualHosts."attic.kilonull.com" = {