zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

Compare commits

base: zuckerberg:dd0a89d5cddb341161acaba1120feb6baf4f23ac
Branches Tags
zuckerberg:master zuckerberg:stage zuckerberg:pia-vpn-v2 zuckerberg:kexec_luks2
..
compare: zuckerberg:123f53cf91cd9c82e768398825fcc169f5756261
Branches Tags
zuckerberg:stage zuckerberg:pia-vpn-v2 zuckerberg:master zuckerberg:kexec_luks2

2 Commits
dd0a89d5cd ... 123f53cf91

Author SHA1 Message Date
Zuckerberg
123f53cf91 Speed up attic
All checks were successful
Check Flake / check-flake (push) Successful in 2m15s
Details
2026-02-20 23:24:11 -08:00
Zuckerberg
fb17d81d49 Add Attic binary cache and containerize gitea runner 
Replace nix-serve-only setup with Attic for managed binary caching with
upstream filtering and GC. Move gitea actions runner from host into an
isolated NixOS container with private networking. nix-serve kept alongside
Attic during migration.
 2026-02-20 22:00:49 -08:00
3 changed files with 54 additions and 15 deletions
Expand all files Collapse all files

9
.gitea/workflows/check-flake.yaml
View File

@@ -5,6 +5,7 @@ on: [push]
env: env:
DEBIAN_FRONTEND: noninteractive DEBIAN_FRONTEND: noninteractive
PATH: /run/current-system/sw/bin/ PATH: /run/current-system/sw/bin/
XDG_CONFIG_HOME: ${{ runner.temp }}/.config
jobs: jobs:
check-flake: check-flake:
@@ -15,6 +16,11 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Configure Attic cache
run: |
attic login local "${{ vars.ATTIC_ENDPOINT }}" "${{ secrets.ATTIC_TOKEN }}"
attic use local:nixos
- name: Check Flake - name: Check Flake
run: nix flake check --all-systems --print-build-logs --log-format raw --show-trace run: nix flake check --all-systems --print-build-logs --log-format raw --show-trace
@@ -25,11 +31,8 @@ jobs:
| xargs -I{} nix build ".#nixosConfigurations.{}.config.system.build.toplevel" --no-link --print-build-logs --log-format raw | xargs -I{} nix build ".#nixosConfigurations.{}.config.system.build.toplevel" --no-link --print-build-logs --log-format raw
- name: Push to cache - name: Push to cache
env:
XDG_CONFIG_HOME: ${{ runner.temp }}/.config
run: | run: |
set -euo pipefail set -euo pipefail
attic login local "${{ vars.ATTIC_ENDPOINT }}" "${{ secrets.ATTIC_TOKEN }}"
# Get all system toplevel store paths # Get all system toplevel store paths
toplevels=$(nix eval .#nixosConfigurations --apply 'cs: map (n: "${cs.${n}.config.system.build.toplevel}") (builtins.attrNames cs)' --json | jq -r '.[]') toplevels=$(nix eval .#nixosConfigurations --apply 'cs: map (n: "${cs.${n}.config.system.build.toplevel}") (builtins.attrNames cs)' --json | jq -r '.[]')
echo "Found $(echo "$toplevels" | wc -l) system toplevels" echo "Found $(echo "$toplevels" | wc -l) system toplevels"

52
common/server/atticd.nix
View File

@@ -7,25 +7,55 @@
environmentFile = config.age.secrets.atticd-credentials.path; environmentFile = config.age.secrets.atticd-credentials.path;
settings = { settings = {
listen = "[::]:28338"; listen = "[::]:28338";
database.url = "postgresql:///atticd?host=/run/postgresql";
require-proof-of-possession = false;
# Disable chunking — the dedup savings don't justify the CPU/IO
# overhead for local storage, especially on ZFS which already
# does block-level compression.
chunking = { chunking = {
nar-size-threshold = 64 * 1024; # 64 KiB nar-size-threshold = 0;
min-size = 16 * 1024;
# The preferred minimum size of a chunk, in bytes avg-size = 64 * 1024;
min-size = 16 * 1024; # 16 KiB max-size = 256 * 1024;
# The preferred average size of a chunk, in bytes
avg-size = 64 * 1024; # 64 KiB
# The preferred maximum size of a chunk, in bytes
max-size = 256 * 1024; # 256 KiB
}; };
compression.type = "zstd"; # Let ZFS handle compression instead of double-compressing.
compression.type = "none";
garbage-collection.default-retention-period = "6 months"; garbage-collection.default-retention-period = "6 months";
}; };
}; };
# PostgreSQL for atticd
services.postgresql = {
enable = true;
ensureDatabases = [ "atticd" ];
ensureUsers = [{
name = "atticd";
ensureDBOwnership = true;
}];
};
# Use a static user so the ZFS mountpoint at /var/lib/atticd works
# (DynamicUser conflicts with ZFS mountpoints)
users.users.atticd = {
isSystemUser = true;
group = "atticd";
home = "/var/lib/atticd";
};
users.groups.atticd = { };
systemd.services.atticd = {
after = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
serviceConfig = {
DynamicUser = lib.mkForce false;
User = "atticd";
Group = "atticd";
};
};
age.secrets.atticd-credentials.file = ../../secrets/atticd-credentials.age; age.secrets.atticd-credentials.file = ../../secrets/atticd-credentials.age;
}; };
} }

8
machines/storage/s0/hardware-configuration.nix
View File

@@ -45,6 +45,12 @@
fsType = "zfs"; fsType = "zfs";
options = [ "zfsutil" "X-mount.mkdir" ]; options = [ "zfsutil" "X-mount.mkdir" ];
}; };
fileSystems."/var/lib/atticd" =
{
device = "rpool/nixos/var/lib/atticd";
fsType = "zfs";
options = [ "zfsutil" "X-mount.mkdir" ];
};
fileSystems."/var/log" = fileSystems."/var/log" =
{ {
device = "rpool/nixos/var/log"; device = "rpool/nixos/var/log";
@@ -72,5 +78,5 @@
}; };
}; };
powerManagement.cpuFreqGovernor = "powersave"; powerManagement.cpuFreqGovernor = "schedutil";
} }