diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..f84e468 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +files/attic.tar.xz filter=lfs diff=lfs merge=lfs -text diff --git a/files/attic.tar.xz b/files/attic.tar.xz new file mode 100644 index 0000000..052ce62 Binary files /dev/null and b/files/attic.tar.xz differ diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index b97e018..a925ea2 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -15,3 +15,10 @@ woodpecker_host: "{{ vault_woodpecker_host }}" woodpecker_agent_secret: "{{ vault_woodpecker_agent_secret }}" woodpecker_client_id: "{{ vault_woodpecker_client_id }}" woodpecker_client_secret: "{{ vault_woodpecker_client_secret }}" + +# Attic +attic_token: "{{ vault_attic_token }}" +s3_bucket: "prymn-cache" +s3_endpoint: "https://75178f9eca227dea51b3db4db2c15a5a.r2.cloudflarestorage.com" +s3_access_key_id: "{{ vault_s3_access_key_id }}" +s3_secret_access_key: "{{ vault_s3_secret_access_key }}" diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 4d9a511..f0314ec 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,25 +1,45 @@ $ANSIBLE_VAULT;1.1;AES256 -65383031316433643562663739616639343335663234666236633361633537633331373764376162 -6562326338313831313463313431613462323833343837390a656664353131353562623637666266 -31373932396161333563663562336435353537333532373663366463393035353739656166656164 -3630616566626563320a623263613263636162623033643637656431396330663531366133613565 -64663462376332316262383762343639333632353939393030383930333065346463363365366165 -61333835613663633433343335323134316463646331306463633537626635336134326537376632 -62333338666364303131666131386437326534613038386530646262613338303162633134663131 -30633861373063623737633766333930313230663666363263386432386331373665343162666638 -33646264323663396462376639613864613936613962656264386133633330396132333166336464 -36303262313163313266353537333861306631376335343561306439356633376439396133366566 -62383336353665633263643331613033633932383461343934633466353463303430396337383165 -38666230376563653763626566616431396232393062383133363737356637326361663166636334 -65316466323032333930386439373935616430343836323632626266376239613339646433363064 -65313562393236323239373832306164366662353736643638366239343733306263316565333036 -64313633303533333937613933353262326139303662353339353661336162373032366666623664 -30353064633232393965613835313939663233646336663164323236303439316239643431303366 -37633432343864373463356465326230363661666432323065343765643362306637306262353835 -37323933313030663234386131613333373730303537663839616663356263666163633437643830 -39363265346532663230626238333563323337363262613834303735393231656334666333346239 -32616134323636643331373735643365313536626662303731373136346466613731623266636438 -66336137376436393239303234613764316361653730313463363135363236313339656361373334 -65303036303533396261333764633061313463623063383239333165663939343033306263653364 -64633961373131393139633363366230613336663732613132316134656635366163666264383263 -61306361303466396636 +39336333366236356239623062636364663831633864353733343532393165303336366365383237 +3763316534363437643533313137353765393137356365350a323538353163303536366636363136 +63393261336165396139313731643466373434363661393536633132636637383639396131383063 +3339383836386339370a306636323139323766616563623336643163323836353230346531323563 +63336339306632336234646435613031626438653562643137383938386630343261623637633462 +36316438356239333031656639366333613731633836613961366639326135336534626233303435 +36366233616262306632346434666339376665326337663539663533353735646134653164376238 +65356261646638326465633165393535353434613833363235346132363230623837343432613539 +61646135663131396261376333373236643535333838663833353265326262336632616335643266 +65306435303164633937313932373261613733366561343636326530366338633931383435623739 +33353339653165616637616563343930613564303134353333636561613935326232366532356638 +39393566343032336535363033656630316361346332636538393530346537306238633135313762 +31636336646638363937373133396630666562326330636339663265353833353636633561626561 +34336331326433643636386439666234663936343633323935323232653534643962616336643438 +66656331363038303838356337376439303430656333623834393236366238353536656363623830 +39643963666464646436663065626533343261303536353464343464326238373839346161343733 +66333762343535376331343931663833363831633934623537643535646661633232393333373430 +66336136613964373931383936343730613665373231393765316264363163353338313134623939 +62393165386130316461653637666662313163313132633663363336396232316466383938643265 +39656636633561653333383762313362333032633665633836323637616133626662633934343430 +35623632656234333262366131633534653364623835656238373464313963663238313831633163 +37613166313336346365323466346666366433303934343635323938663431363130373231626233 +65323738663565653063623863393135666363306337653634623866626536656134613763376634 +30663136643537376235663736313765323864633137373131326165653336663066623931626264 +38666539356130303036653933373965343537303032333039646530363734623031356565633764 +34623236343365363761613435393961343436343632633632323338333530303735633037326563 +37393231303064653239653062356238376463333139326261343765353136396334316537656566 +39386433636538663230346439303961396463353937383237363536376562336664646665663362 +64653164373166323165656264616666353633333435336432616466303539636362663835643762 +63386336343334663834336536336134363830383962633738623831663436383265663031656362 +33356365393035333136653662646535333963663333653535353532636639313264666265323532 +31656530313464376165666338613633336364613131356539386239373161643134386634396462 +63306264313262643735393031393936303832363261633561343534396438613630373163383365 +35633639623931383431386232366562616236363737363936646335383161623634623331316637 +36656438393736366566323938366338646166353161666237653835306232313465626337613336 +30363564336231613034653839326638623262353236663431336131336633633134363165636534 +63616532613530663762663263633737323937353636366338616137643237623339396366333535 +33613065363563366639643236663538313263336535663437653234653635646633636365363439 +62373135363162633666336138616637353836393664323264653365306431333835363130343933 +62356563623731323936613635623463633436333835626633343866333835643337666132356464 +62303638386332666162386435346166666236313932613635303139356565393464623131633833 +37343632393332623037323237623839633962653735383732343232346238396566323663356263 +35393561636566623234346631356236316434633135353361366437653539623833643664336339 +39393765643930636261 diff --git a/install_attic.yml b/install_attic.yml new file mode 100644 index 0000000..00be1f0 --- /dev/null +++ b/install_attic.yml @@ -0,0 +1,39 @@ +--- +- name: Install attic + hosts: ulna + + tasks: + - name: Unarchive + ansible.builtin.unarchive: + src: attic.tar.xz + dest: /usr/local + become: true + + - name: Install service file + ansible.builtin.template: + src: templates/attic/attic.service.j2 + dest: /etc/systemd/system/attic.service + become: true + + - name: Install config file + ansible.builtin.template: + src: templates/attic/attic-server.toml.j2 + dest: /etc/attic-server.toml + become: true + + - name: Create share directory + ansible.builtin.file: + path: /usr/local/share/attic + mode: "0700" + owner: root + group: root + state: directory + become: true + + - name: Restart systemd + ansible.builtin.systemd: + state: restarted + name: attic + enabled: true + daemon_reload: true + become: true diff --git a/templates/attic/attic-server.toml.j2 b/templates/attic/attic-server.toml.j2 new file mode 100644 index 0000000..c661866 --- /dev/null +++ b/templates/attic/attic-server.toml.j2 @@ -0,0 +1,136 @@ +# Socket address to listen on +listen = "[::]:8080" + +# Allowed `Host` headers +# +# This _must_ be configured for production use. If unconfigured or the +# list is empty, all `Host` headers are allowed. +allowed-hosts = [] + +# The canonical API endpoint of this server +# +# This is the endpoint exposed to clients in `cache-config` responses. +# +# This _must_ be configured for production use. If not configured, the +# API endpoint is synthesized from the client's `Host` header which may +# be insecure. +# +# The API endpoint _must_ end with a slash (e.g., `https://domain.tld/attic/` +# not `https://domain.tld/attic`). +#api-endpoint = "https://your.domain.tld/" + +# Whether to soft-delete caches +# +# If this is enabled, caches are soft-deleted instead of actually +# removed from the database. Note that soft-deleted caches cannot +# have their names reused as long as the original database records +# are there. +#soft-delete-caches = false + +# Whether to require fully uploading a NAR if it exists in the global cache. +# +# If set to false, simply knowing the NAR hash is enough for +# an uploader to gain access to an existing NAR in the global +# cache. +#require-proof-of-possession = true + +# JWT signing token +# +# Set this to the Base64 encoding of some random data. +# You can also set it via the `ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64` environment +# variable. +token-hs256-secret-base64 = "{{ attic_token }}" + +# Database connection +[database] +# Connection URL +# +# For production use it's recommended to use PostgreSQL. +url = "sqlite:///usr/local/share/attic/server.db" + +# Whether to enable sending on periodic heartbeat queries +# +# If enabled, a heartbeat query will be sent every minute +#heartbeat = false + +# File storage configuration +[storage] +# Storage type +# +# Can be "local" or "s3". +type = "s3" + +# ## Local storage + +# The directory to store all files under +# path = "/home/nikos/.local/share/attic/storage" + +# ## S3 Storage (set type to "s3" and uncomment below) + +# The AWS region +region = "auto" + +# The name of the bucket +bucket = "{{ s3_bucket }}" + +# Custom S3 endpoint +# +# Set this if you are using an S3-compatible object storage (e.g., Minio). +endpoint = "{{ s3_endpoint }}" + +# Credentials +# +# If unset, the credentials are read from the `AWS_ACCESS_KEY_ID` and +# `AWS_SECRET_ACCESS_KEY` environment variables. +[storage.credentials] +access_key_id = "{{ s3_access_key_id }}" +secret_access_key = "{{ s3_secret_access_key }}" + +# Data chunking +# +# Warning: If you change any of the values here, it will be +# difficult to reuse existing chunks for newly-uploaded NARs +# since the cutpoints will be different. As a result, the +# deduplication ratio will suffer for a while after the change. +[chunking] +# The minimum NAR size to trigger chunking +# +# If 0, chunking is disabled entirely for newly-uploaded NARs. +# If 1, all NARs are chunked. +nar-size-threshold = 65536 # chunk files that are 64 KiB or larger + +# The preferred minimum size of a chunk, in bytes +min-size = 16384 # 16 KiB + +# The preferred average size of a chunk, in bytes +avg-size = 65536 # 64 KiB + +# The preferred maximum size of a chunk, in bytes +max-size = 262144 # 256 KiB + +# Compression +[compression] +# Compression type +# +# Can be "none", "brotli", "zstd", or "xz" +type = "zstd" + +# Compression level +#level = 8 + +# Garbage collection +[garbage-collection] +# The frequency to run garbage collection at +# +# By default it's 12 hours. You can use natural language +# to specify the interval, like "1 day". +# +# If zero, automatic garbage collection is disabled, but +# it can still be run manually with `atticd --mode garbage-collector-once`. +interval = "12 hours" + +# Default retention period +# +# Zero (default) means time-based garbage-collection is +# disabled by default. You can enable it on a per-cache basis. +#default-retention-period = "6 months" diff --git a/templates/attic/attic.service.j2 b/templates/attic/attic.service.j2 new file mode 100644 index 0000000..341e633 --- /dev/null +++ b/templates/attic/attic.service.j2 @@ -0,0 +1,10 @@ +[Unit] +Description=Attic Daemon + +[Service] +Type=simple +ExecStart=/usr/local/bin/atticd -f /etc/attic-server.toml +Restart=always + +[Install] +WantedBy=multi-user.target