From af914e1edc0f650b8c8c1a30b6a6de349f0391e6 Mon Sep 17 00:00:00 2001 From: Dmitriy Kholkin Date: Thu, 15 Jun 2023 01:53:59 +0300 Subject: [PATCH] change atticd config --- profiles/servers/atticd.nix | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/profiles/servers/atticd.nix b/profiles/servers/atticd.nix index 964c0b6..e388c41 100644 --- a/profiles/servers/atticd.nix +++ b/profiles/servers/atticd.nix @@ -5,28 +5,48 @@ services.atticd = { enable = true; credentialsFile = config.secrets.attic.decrypted; + user = "atticd"; + group = "atticd"; settings = { - # listen = "[::]:8080"; listen = "127.0.0.1:8083"; + database.url = "postgresql:///atticd?host=/run/postgresql"; allowed-hosts = [ "cache.ataraxiadev.com" ]; api-endpoint = "https://cache.ataraxiadev.com/"; require-proof-of-possession = false; garbage-collection = { - interval = "7 days"; - default-retention-period = "2 months"; + interval = "3 days"; + default-retention-period = "1 month"; }; - # Data chunking chunking = { nar-size-threshold = 64 * 1024; # 64 KiB - # The preferred minimum size of a chunk, in bytes min-size = 16 * 1024; # 16 KiB - # The preferred average size of a chunk, in bytes avg-size = 64 * 1024; # 64 KiB - # The preferred maximum size of a chunk, in bytes max-size = 256 * 1024; # 256 KiB }; }; }; - persist.state.directories = [ "/var/lib/private/atticd" ]; + users.groups.atticd = {}; + users.users.atticd = { + isSystemUser = true; + group = "atticd"; + hashedPassword = "$y$j9T$ZC44T3XYOPapB26cyPsA4.$8wlYEbwXFszC9nrg0vafqBZFLMPabXdhnzlT3DhUit6"; + }; + + systemd.services.atticd = { + serviceConfig.DynamicUser = lib.mkForce false; + }; + + services.postgresql = { + enable = true; + ensureUsers = [{ + name = "atticd"; + ensurePermissions = { + "DATABASE atticd" = "ALL PRIVILEGES"; + }; + }]; + ensureDatabases = [ "atticd" ]; + }; + + persist.state.directories = [ "/var/lib/atticd" ]; } \ No newline at end of file