hosts/TITAN: cachix-upload -> attic-upload

2023-08-22 16:42:37 +02:00 · 2023-08-22 16:42:37 +02:00 · 7e1b33d2bc
commit 7e1b33d2bc
parent dacf2bf346
6 changed files with 53 additions and 36 deletions
--- a/hosts/TITAN/extras/attic-upload-daemon.nix
+++ b/hosts/TITAN/extras/attic-upload-daemon.nix
@ -0,0 +1,38 @@
 { config, pkgs, inputs, ... }:
 let
  toml = pkgs.formats.toml {};
  atticConfig = toml.generate "attic-upload-config.toml" {
    default-server = "cache";
    servers.cache.endpoint = "https://cache-api.privatevoid.net";
  };
  inherit (inputs.attic.packages.${pkgs.system}) attic;
 in
 {
  age.secrets.attic-upload-key = {
    file = ../../../secrets/attic-upload-key.age;
    mode = "0400";
  };
  systemd.services.attic-upload = {
    description = "Attic Uploader";
    wantedBy = [ "multi-user.target" ];
    after = [ "network-online.target" ];
    path = [ config.nix.package ];
    environment.XDG_CONFIG_HOME = "/tmp/attic-upload";
    preStart = ''
      install -dm700 "$XDG_CONFIG_HOME/attic"
      cp --no-preserve=mode ${atticConfig} "$XDG_CONFIG_HOME/attic/config.toml"
      echo "token = \"$ATTIC_TOKEN\"" >> "$XDG_CONFIG_HOME/attic/config.toml"
    '';
    serviceConfig = {
      ExecStart = "${attic}/bin/attic watch-store nix-store";
      Restart = "always";
      RestartSec = "10s";
      DynamicUser = true;
      EnvironmentFile = config.age.secrets.attic-upload-key.path;
    };
  };
 }
--- a/hosts/TITAN/extras/cachix-upload-daemon.nix
+++ b/hosts/TITAN/extras/cachix-upload-daemon.nix
@ -1,21 +0,0 @@
 { config, pkgs, ... }:
 {
  age.secrets.cachix-upload-key = {
    file = ../../../secrets/cachix-upload-key.age;
    mode = "0400";
  };
  systemd.services.cachix-upload = {
    description = "Cachix Uploader";
    wantedBy = [ "multi-user.target" ];
    after = [ "network-online.target" ];
    path = [ config.nix.package ];
    serviceConfig = {
      ExecStart = "${pkgs.cachix}/bin/cachix watch-store max";
      Restart = "always";
      DynamicUser = true;
      EnvironmentFile = config.age.secrets.cachix-upload-key.path;
    };
  };
 }
--- a/hosts/TITAN/system.nix
+++ b/hosts/TITAN/system.nix
@ -7,7 +7,7 @@ in
  imports = [
    ./hardware-configuration.nix
-    ./extras/cachix-upload-daemon.nix
+    ./extras/attic-upload-daemon.nix
    ./extras/custom-kernel.nix
    ./extras/ddcci-backlight.nix
    ./extras/fbi-downloader.nix
--- a/secrets/attic-upload-key.age
+++ b/secrets/attic-upload-key.age
@ -0,0 +1,13 @@
 age-encryption.org/v1
 -> ssh-ed25519 NO562A OgAfkFt4Ci04p79LJfpiQXwncb+sGhq0X/mzFAZOnVg
 zRzcS6oJV4oJ0O7mMnqPEJg/guM7GIMwzfSDE74Nuqk
 -> ssh-ed25519 5/zT0w qbRtOTh2C07+k2J22PJoXiYFKWXgJ18DfA29eqxkrwI
 BGoqjK6cpdQtZj6UeOZh687YoygiUieaqOiUZddo/UU
 -> ssh-ed25519 OxDh5w eey4Vi1yMtWsjPwkyAzRP7tTVX8VcgTN9FQzvEV+l28
 Ju7/bk0cyMxVbLaOAGOJwGepTUxPH8ZTHLCHkl3b2lc
 -> ~/d9](zV-grease .@B2-29 5[@V }' a}
 uk1w2UeRswloABr+O5qT4r5wnw0i6buVut1xBngqftw7/kKfELL734vVKq0tAwXH
 iHCzaekooAIHSmIEfRI6wGKO
 --- 0gf7R4wx3Md3blNkOd5m25d4yiDjmepv0ZPCT11qFUc
 Iã¶_\i<>3Ceã’>©
 «~üé¬—>f|NBó‘áM¡t2…ÿ<ê¦FËúq¤N£\ÇïN&Ö
¤#!X‘¶¼4.[yÍþö§ 3ë=P 40oÑ<6F>Ú0}<7D>>ÿÝö»}ù½û8Iº6m˜IÚ0cX¸lõE<C3B5>ÎAð{¦ÒJ‡Êõˆ8s_’LEH]íô®lQúA"acW½9Ð¡B\¿¾Û¬!"õh>ê© <20>7kü<6B>áN~÷ý4—ÂìC ¹ôÅÝù‹Eã‘Êà¾v–CítmbkTÔ…Eþ¡12g8}¼«T$¶!¸=Åé3Úû
--- a/secrets/cachix-upload-key.age
+++ b/secrets/cachix-upload-key.age
@ -1,13 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 NO562A wdYUFvxvT7qtZ2GjKvH5LMqwst83kiWb4wLfx7T6QSs
 4Bpe9C3B11Hmqv8bk7khao+AeG+qrDBe4io477y+mCg
 -> ssh-ed25519 5/zT0w r7KSc3LLqCQiGXBNgnav0StNfnVg5F9VIw2Pzw8UQhI
 pMkSqshAwDLsy2IhP00E8xYTZOMDPUNRJiisH9ArUoU
 -> ssh-ed25519 OxDh5w mb6tt+K0i73aGmPUzwR7+d+vjOQGfJcxHx2udZ6Q9nw
 1icXi5j9nOI5zkwVzu/1K22CxBpbp6ioU9j3uNZgpBo
 -> 9s8B-grease %Dt pw[YavZ RY((bY>
 WL92Bw95H0c3dM+H0iUhYtoefQbM0guP69x1vCX8zxT+NTdKtAeK/Nu1RVaR4qdL
 /yj5
 --- psVhYZPeJN0cgQi882QC7JSj6IejJUTAkdnCHw5cRQQ
 \¦Ýe˜ÑR¦
lËÚYÄÑ*^9ÍYÔJÍË%¿©‘«Í¢—JßŠí¾ÎATWE:MEÁQñ:ÃIx	ÿø}î<´vß)p¬,®0Ñ`Ø$
¿‚,§ñw´e°aúNÑéŸ80öÑo‰‹é×šÁ6Ü¸¼£aÃ+B¼"¬
¾tþz~Ì{æé jƒç<ÊÈ²ë\„
 _"õ‚+8‰2\ò)<û	ßeFd2sKèS…£þ€Œ“Y—Z,	5U×ÙníZµW>»'
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -5,7 +5,7 @@ let
 in with hosts;
 {
  "builder_key.age".publicKeys = max ++ map systemKeys [ TITAN jericho ];
-  "cachix-upload-key.age".publicKeys = max ++ map systemKeys [ TITAN ];
+  "attic-upload-key.age".publicKeys = max ++ map systemKeys [ TITAN ];
  "hyprspace-key-TITAN.age".publicKeys = max ++ map systemKeys [ TITAN ];
  "hyprspace-key-jericho.age".publicKeys = max ++ map systemKeys [ jericho ];
  "ipfs-cluster-secret.age".publicKeys = max ++ map systemKeys [ TITAN ];