nikos/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add attic

Browse source
This commit is contained in:
Nikos Papadakis 2023-10-15 14:12:28 +03:00
parent 00a5445d0c
commit 7bbcfa28af
Signed by untrusted user who does not match committer: nikos
GPG key ID: 78871F9905ADFF02
7 changed files with 237 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitattributes vendored Normal file
View file

@ -0,0 +1 @@
files/attic.tar.xz filter=lfs diff=lfs merge=lfs -text

BIN
files/attic.tar.xz Normal file
View file

Binary file not shown.

7
group_vars/all/vars.yml
View file

@ -15,3 +15,10 @@ woodpecker_host: "{{ vault_woodpecker_host }}"
woodpecker_agent_secret: "{{ vault_woodpecker_agent_secret }}" woodpecker_agent_secret: "{{ vault_woodpecker_agent_secret }}"
woodpecker_client_id: "{{ vault_woodpecker_client_id }}" woodpecker_client_id: "{{ vault_woodpecker_client_id }}"
woodpecker_client_secret: "{{ vault_woodpecker_client_secret }}" woodpecker_client_secret: "{{ vault_woodpecker_client_secret }}"
# Attic
attic_token: "{{ vault_attic_token }}"
s3_bucket: "prymn-cache"
s3_endpoint: "https://75178f9eca227dea51b3db4db2c15a5a.r2.cloudflarestorage.com"
s3_access_key_id: "{{ vault_s3_access_key_id }}"
s3_secret_access_key: "{{ vault_s3_secret_access_key }}"

68
group_vars/all/vault.yml
View file

@ -1,25 +1,45 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
65383031316433643562663739616639343335663234666236633361633537633331373764376162 39336333366236356239623062636364663831633864353733343532393165303336366365383237
6562326338313831313463313431613462323833343837390a656664353131353562623637666266 3763316534363437643533313137353765393137356365350a323538353163303536366636363136
31373932396161333563663562336435353537333532373663366463393035353739656166656164 63393261336165396139313731643466373434363661393536633132636637383639396131383063
3630616566626563320a623263613263636162623033643637656431396330663531366133613565 3339383836386339370a306636323139323766616563623336643163323836353230346531323563
64663462376332316262383762343639333632353939393030383930333065346463363365366165 63336339306632336234646435613031626438653562643137383938386630343261623637633462
61333835613663633433343335323134316463646331306463633537626635336134326537376632 36316438356239333031656639366333613731633836613961366639326135336534626233303435
62333338666364303131666131386437326534613038386530646262613338303162633134663131 36366233616262306632346434666339376665326337663539663533353735646134653164376238
30633861373063623737633766333930313230663666363263386432386331373665343162666638 65356261646638326465633165393535353434613833363235346132363230623837343432613539
33646264323663396462376639613864613936613962656264386133633330396132333166336464 61646135663131396261376333373236643535333838663833353265326262336632616335643266
36303262313163313266353537333861306631376335343561306439356633376439396133366566 65306435303164633937313932373261613733366561343636326530366338633931383435623739
62383336353665633263643331613033633932383461343934633466353463303430396337383165 33353339653165616637616563343930613564303134353333636561613935326232366532356638
38666230376563653763626566616431396232393062383133363737356637326361663166636334 39393566343032336535363033656630316361346332636538393530346537306238633135313762
65316466323032333930386439373935616430343836323632626266376239613339646433363064 31636336646638363937373133396630666562326330636339663265353833353636633561626561
65313562393236323239373832306164366662353736643638366239343733306263316565333036 34336331326433643636386439666234663936343633323935323232653534643962616336643438
64313633303533333937613933353262326139303662353339353661336162373032366666623664 66656331363038303838356337376439303430656333623834393236366238353536656363623830
30353064633232393965613835313939663233646336663164323236303439316239643431303366 39643963666464646436663065626533343261303536353464343464326238373839346161343733
37633432343864373463356465326230363661666432323065343765643362306637306262353835 66333762343535376331343931663833363831633934623537643535646661633232393333373430
37323933313030663234386131613333373730303537663839616663356263666163633437643830 66336136613964373931383936343730613665373231393765316264363163353338313134623939
39363265346532663230626238333563323337363262613834303735393231656334666333346239 62393165386130316461653637666662313163313132633663363336396232316466383938643265
32616134323636643331373735643365313536626662303731373136346466613731623266636438 39656636633561653333383762313362333032633665633836323637616133626662633934343430
66336137376436393239303234613764316361653730313463363135363236313339656361373334 35623632656234333262366131633534653364623835656238373464313963663238313831633163
65303036303533396261333764633061313463623063383239333165663939343033306263653364 37613166313336346365323466346666366433303934343635323938663431363130373231626233
64633961373131393139633363366230613336663732613132316134656635366163666264383263 65323738663565653063623863393135666363306337653634623866626536656134613763376634
61306361303466396636 30663136643537376235663736313765323864633137373131326165653336663066623931626264
38666539356130303036653933373965343537303032333039646530363734623031356565633764
34623236343365363761613435393961343436343632633632323338333530303735633037326563
37393231303064653239653062356238376463333139326261343765353136396334316537656566
39386433636538663230346439303961396463353937383237363536376562336664646665663362
64653164373166323165656264616666353633333435336432616466303539636362663835643762
63386336343334663834336536336134363830383962633738623831663436383265663031656362
33356365393035333136653662646535333963663333653535353532636639313264666265323532
31656530313464376165666338613633336364613131356539386239373161643134386634396462
63306264313262643735393031393936303832363261633561343534396438613630373163383365
35633639623931383431386232366562616236363737363936646335383161623634623331316637
36656438393736366566323938366338646166353161666237653835306232313465626337613336
30363564336231613034653839326638623262353236663431336131336633633134363165636534
63616532613530663762663263633737323937353636366338616137643237623339396366333535
33613065363563366639643236663538313263336535663437653234653635646633636365363439
62373135363162633666336138616637353836393664323264653365306431333835363130343933
62356563623731323936613635623463633436333835626633343866333835643337666132356464
62303638386332666162386435346166666236313932613635303139356565393464623131633833
37343632393332623037323237623839633962653735383732343232346238396566323663356263
35393561636566623234346631356236316434633135353361366437653539623833643664336339
39393765643930636261

39
install_attic.yml Normal file
View file

@ -0,0 +1,39 @@
---
- name: Install attic
hosts: ulna
tasks:
- name: Unarchive
ansible.builtin.unarchive:
src: attic.tar.xz
dest: /usr/local
become: true
- name: Install service file
ansible.builtin.template:
src: templates/attic/attic.service.j2
dest: /etc/systemd/system/attic.service
become: true
- name: Install config file
ansible.builtin.template:
src: templates/attic/attic-server.toml.j2
dest: /etc/attic-server.toml
become: true
- name: Create share directory
ansible.builtin.file:
path: /usr/local/share/attic
mode: "0700"
owner: root
group: root
state: directory
become: true
- name: Restart systemd
ansible.builtin.systemd:
state: restarted
name: attic
enabled: true
daemon_reload: true
become: true

136
templates/attic/attic-server.toml.j2 Normal file
View file

@ -0,0 +1,136 @@
# Socket address to listen on
listen = "[::]:8080"
# Allowed `Host` headers
#
# This _must_ be configured for production use. If unconfigured or the
# list is empty, all `Host` headers are allowed.
allowed-hosts = []
# The canonical API endpoint of this server
#
# This is the endpoint exposed to clients in `cache-config` responses.
#
# This _must_ be configured for production use. If not configured, the
# API endpoint is synthesized from the client's `Host` header which may
# be insecure.
#
# The API endpoint _must_ end with a slash (e.g., `https://domain.tld/attic/`
# not `https://domain.tld/attic`).
#api-endpoint = "https://your.domain.tld/"
# Whether to soft-delete caches
#
# If this is enabled, caches are soft-deleted instead of actually
# removed from the database. Note that soft-deleted caches cannot
# have their names reused as long as the original database records
# are there.
#soft-delete-caches = false
# Whether to require fully uploading a NAR if it exists in the global cache.
#
# If set to false, simply knowing the NAR hash is enough for
# an uploader to gain access to an existing NAR in the global
# cache.
#require-proof-of-possession = true
# JWT signing token
#
# Set this to the Base64 encoding of some random data.
# You can also set it via the `ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64` environment
# variable.
token-hs256-secret-base64 = "{{ attic_token }}"
# Database connection
[database]
# Connection URL
#
# For production use it's recommended to use PostgreSQL.
url = "sqlite:///usr/local/share/attic/server.db"
# Whether to enable sending on periodic heartbeat queries
#
# If enabled, a heartbeat query will be sent every minute
#heartbeat = false
# File storage configuration
[storage]
# Storage type
#
# Can be "local" or "s3".
type = "s3"
# ## Local storage
# The directory to store all files under
# path = "/home/nikos/.local/share/attic/storage"
# ## S3 Storage (set type to "s3" and uncomment below)
# The AWS region
region = "auto"
# The name of the bucket
bucket = "{{ s3_bucket }}"
# Custom S3 endpoint
#
# Set this if you are using an S3-compatible object storage (e.g., Minio).
endpoint = "{{ s3_endpoint }}"
# Credentials
#
# If unset, the credentials are read from the `AWS_ACCESS_KEY_ID` and
# `AWS_SECRET_ACCESS_KEY` environment variables.
[storage.credentials]
access_key_id = "{{ s3_access_key_id }}"
secret_access_key = "{{ s3_secret_access_key }}"
# Data chunking
#
# Warning: If you change any of the values here, it will be
# difficult to reuse existing chunks for newly-uploaded NARs
# since the cutpoints will be different. As a result, the
# deduplication ratio will suffer for a while after the change.
[chunking]
# The minimum NAR size to trigger chunking
#
# If 0, chunking is disabled entirely for newly-uploaded NARs.
# If 1, all NARs are chunked.
nar-size-threshold = 65536 # chunk files that are 64 KiB or larger
# The preferred minimum size of a chunk, in bytes
min-size = 16384 # 16 KiB
# The preferred average size of a chunk, in bytes
avg-size = 65536 # 64 KiB
# The preferred maximum size of a chunk, in bytes
max-size = 262144 # 256 KiB
# Compression
[compression]
# Compression type
#
# Can be "none", "brotli", "zstd", or "xz"
type = "zstd"
# Compression level
#level = 8
# Garbage collection
[garbage-collection]
# The frequency to run garbage collection at
#
# By default it's 12 hours. You can use natural language
# to specify the interval, like "1 day".
#
# If zero, automatic garbage collection is disabled, but
# it can still be run manually with `atticd --mode garbage-collector-once`.
interval = "12 hours"
# Default retention period
#
# Zero (default) means time-based garbage-collection is
# disabled by default. You can enable it on a per-cache basis.
#default-retention-period = "6 months"

10
templates/attic/attic.service.j2 Normal file
View file

@ -0,0 +1,10 @@
[Unit]
Description=Attic Daemon
[Service]
Type=simple
ExecStart=/usr/local/bin/atticd -f /etc/attic-server.toml
Restart=always
[Install]
WantedBy=multi-user.target