feat(attic): add daily garbage collection timer

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

systems/x86_64-linux/attic/atticd.nix

@@ -61,4 +61,25 @@
       };
     };
   };
+
+  systemd.services.atticd-gc = {
+    description = "Attic garbage collection";
+    requires = [ "atticd.service" ];
+    after = [ "atticd.service" ];
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = "${pkgs.attic-server}/bin/atticd-atticadm gc";
+      EnvironmentFile = "/etc/atticd.env";
+    };
+  };
+
+  systemd.timers.atticd-gc = {
+    description = "Daily Attic garbage collection";
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnCalendar = "daily";
+      Persistent = true;
+      RandomizedDelaySec = "1h";
+    };
+  };
 }

systems/x86_64-linux/attic/default.nix

@@ -56,6 +56,14 @@
     enable = true;
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
+    appendHttpConfig = ''
+      proxy_cache_path /var/cache/nginx/attic
+        levels=1:2
+        keys_zone=attic:10m
+        max_size=10g
+        inactive=30d
+        use_temp_path=off;
+    '';
     virtualHosts."attic.teepot.org" = {
       forceSSL = true;
       enableACME = true;
@@ -64,6 +72,11 @@
         proxyWebsockets = true;
         extraConfig = ''
           client_max_body_size 0;
+          proxy_cache attic;
+          proxy_cache_valid 200 30d;
+          proxy_cache_use_stale error timeout updating;
+          proxy_cache_methods GET HEAD;
+          proxy_cache_bypass $request_method;
         '';
       };
     };