Compare commits
2 commits
c1d7b2b819
...
c0608d1064
| Author | SHA1 | Date | |
|---|---|---|---|
| c0608d1064 | |||
| 431a7e9767 |
2 changed files with 24 additions and 0 deletions
|
|
@ -17,3 +17,7 @@ jobs:
|
|||
- run: |
|
||||
echo 'Building configuration for ${{ matrix.system }}'
|
||||
nix build .#nixosConfigurations.${{ matrix.system }}.config.system.build.toplevel
|
||||
- name: Push build to attic
|
||||
run: |
|
||||
attic login gospel https://attic.kilonull.com ${{ secrets.ATTIC_PUSH_SECRET }}
|
||||
attic push gospel ./result
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
...
|
||||
}:
|
||||
let
|
||||
attic_cfg = config.services.atticd;
|
||||
cfg = config.${namespace}.services.atticd;
|
||||
in
|
||||
{
|
||||
|
|
@ -22,6 +23,7 @@ in
|
|||
|
||||
config = lib.mkIf cfg.enable {
|
||||
age.secrets.atticd.file = ../../../../secrets/atticd.age;
|
||||
|
||||
services.atticd = {
|
||||
enable = true;
|
||||
# ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64: The base64-encoded RSA PEM PKCS1 of the RS256 JWT secret. Generate it with openssl genrsa -traditional 4096 | base64 -w0.
|
||||
|
|
@ -39,9 +41,27 @@ in
|
|||
api-endpoint = "https://attic.kilonull.com/";
|
||||
listen = "[::]:8080";
|
||||
garbage-collection.retention-period = "30d";
|
||||
database.url = "postgresql://atticd/?host=/run/postgresql";
|
||||
};
|
||||
};
|
||||
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
ensureDatabases = [ "atticd" ];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = attic_cfg.user;
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
identMap = ''
|
||||
attic attic attic
|
||||
'';
|
||||
authentication = ''
|
||||
local all attic peer map=attic
|
||||
'';
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."attic.kilonull.com" = {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue