Zuckerberg
fb17d81d49
Replace nix-serve-only setup with Attic for managed binary caching with upstream filtering and GC. Move gitea actions runner from host into an isolated NixOS container with private networking. nix-serve kept alongside Attic during migration.
32 lines
852 B
Nix
32 lines
852 B
Nix
{ config, lib, ... }:
|
|
|
|
{
|
|
config = lib.mkIf (config.thisMachine.hasRole."binary-cache") {
|
|
services.atticd = {
|
|
enable = true;
|
|
environmentFile = config.age.secrets.atticd-credentials.path;
|
|
settings = {
|
|
listen = "[::]:28338";
|
|
|
|
chunking = {
|
|
nar-size-threshold = 64 * 1024; # 64 KiB
|
|
|
|
# The preferred minimum size of a chunk, in bytes
|
|
min-size = 16 * 1024; # 16 KiB
|
|
|
|
# The preferred average size of a chunk, in bytes
|
|
avg-size = 64 * 1024; # 64 KiB
|
|
|
|
# The preferred maximum size of a chunk, in bytes
|
|
max-size = 256 * 1024; # 256 KiB
|
|
};
|
|
|
|
compression.type = "zstd";
|
|
garbage-collection.default-retention-period = "6 months";
|
|
};
|
|
};
|
|
|
|
age.secrets.atticd-credentials.file = ../../secrets/atticd-credentials.age;
|
|
};
|
|
}
|