From 510e3505a81e5102d1c6501767fc4fc879fa14c2 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Wed, 25 Mar 2026 12:06:13 +0100
Subject: [PATCH 1/2] feat(attic): add nginx proxy cache to reduce S3 egress

Caches GET/HEAD responses up to 10 GB on disk with 30-day eviction.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 systems/x86_64-linux/attic/default.nix | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/systems/x86_64-linux/attic/default.nix b/systems/x86_64-linux/attic/default.nix
index 40148d6..328bc37 100644
--- a/systems/x86_64-linux/attic/default.nix
+++ b/systems/x86_64-linux/attic/default.nix
@@ -56,6 +56,14 @@
     enable = true;
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
+    appendHttpConfig = ''
+      proxy_cache_path /var/cache/nginx/attic
+        levels=1:2
+        keys_zone=attic:10m
+        max_size=10g
+        inactive=30d
+        use_temp_path=off;
+    '';
     virtualHosts."attic.teepot.org" = {
       forceSSL = true;
       enableACME = true;
@@ -64,6 +72,11 @@
         proxyWebsockets = true;
         extraConfig = ''
           client_max_body_size 0;
+          proxy_cache attic;
+          proxy_cache_valid 200 30d;
+          proxy_cache_use_stale error timeout updating;
+          proxy_cache_methods GET HEAD;
+          proxy_cache_bypass $request_method;
         '';
       };
     };

From 13a386fe98b5b2bb500a6b371f026e1b1101cbd6 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Wed, 25 Mar 2026 12:07:44 +0100
Subject: [PATCH 2/2] feat(attic): add daily garbage collection timer

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 systems/x86_64-linux/attic/atticd.nix | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/systems/x86_64-linux/attic/atticd.nix b/systems/x86_64-linux/attic/atticd.nix
index 1c5cfad..232c1ea 100644
--- a/systems/x86_64-linux/attic/atticd.nix
+++ b/systems/x86_64-linux/attic/atticd.nix
@@ -61,4 +61,25 @@
       };
     };
   };
+
+  systemd.services.atticd-gc = {
+    description = "Attic garbage collection";
+    requires = [ "atticd.service" ];
+    after = [ "atticd.service" ];
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = "${pkgs.attic-server}/bin/atticd-atticadm gc";
+      EnvironmentFile = "/etc/atticd.env";
+    };
+  };
+
+  systemd.timers.atticd-gc = {
+    description = "Daily Attic garbage collection";
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnCalendar = "daily";
+      Persistent = true;
+      RandomizedDelaySec = "1h";
+    };
+  };
 }