hosts/TITAN: cachix-upload -> attic-upload

2023-08-22 16:42:37 +02:00 · 2023-08-22 16:42:37 +02:00 · 7e1b33d2bc
commit 7e1b33d2bc
parent dacf2bf346
6 changed files with 53 additions and 36 deletions
--- a/hosts/TITAN/extras/attic-upload-daemon.nix
+++ b/hosts/TITAN/extras/attic-upload-daemon.nix
@ -0,0 +1,38 @@
+{ config, pkgs, inputs, ... }:
+
+let
+  toml = pkgs.formats.toml {};
+  atticConfig = toml.generate "attic-upload-config.toml" {
+    default-server = "cache";
+    servers.cache.endpoint = "https://cache-api.privatevoid.net";
+  };
+
+  inherit (inputs.attic.packages.${pkgs.system}) attic;
+in
+
+{
+  age.secrets.attic-upload-key = {
+    file = ../../../secrets/attic-upload-key.age;
+    mode = "0400";
+  };
+
+  systemd.services.attic-upload = {
+    description = "Attic Uploader";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network-online.target" ];
+    path = [ config.nix.package ];
+    environment.XDG_CONFIG_HOME = "/tmp/attic-upload";
+    preStart = ''
+      install -dm700 "$XDG_CONFIG_HOME/attic"
+      cp --no-preserve=mode ${atticConfig} "$XDG_CONFIG_HOME/attic/config.toml"
+      echo "token = \"$ATTIC_TOKEN\"" >> "$XDG_CONFIG_HOME/attic/config.toml"
+    '';
+    serviceConfig = {
+      ExecStart = "${attic}/bin/attic watch-store nix-store";
+      Restart = "always";
+      RestartSec = "10s";
+      DynamicUser = true;
+      EnvironmentFile = config.age.secrets.attic-upload-key.path;
+    };
+  };
+}
--- a/hosts/TITAN/extras/cachix-upload-daemon.nix
+++ b/hosts/TITAN/extras/cachix-upload-daemon.nix
@ -1,21 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  age.secrets.cachix-upload-key = {
-    file = ../../../secrets/cachix-upload-key.age;
-    mode = "0400";
-  };
-
-  systemd.services.cachix-upload = {
-    description = "Cachix Uploader";
-    wantedBy = [ "multi-user.target" ];
-    after = [ "network-online.target" ];
-    path = [ config.nix.package ];
-    serviceConfig = {
-      ExecStart = "${pkgs.cachix}/bin/cachix watch-store max";
-      Restart = "always";
-      DynamicUser = true;
-      EnvironmentFile = config.age.secrets.cachix-upload-key.path;
-    };
-  };
-}
--- a/hosts/TITAN/system.nix
+++ b/hosts/TITAN/system.nix
@ -7,7 +7,7 @@ in

  imports = [
    ./hardware-configuration.nix
-    ./extras/cachix-upload-daemon.nix
+    ./extras/attic-upload-daemon.nix
    ./extras/custom-kernel.nix
    ./extras/ddcci-backlight.nix
    ./extras/fbi-downloader.nix
--- a/secrets/attic-upload-key.age
+++ b/secrets/attic-upload-key.age
@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 NO562A OgAfkFt4Ci04p79LJfpiQXwncb+sGhq0X/mzFAZOnVg
+zRzcS6oJV4oJ0O7mMnqPEJg/guM7GIMwzfSDE74Nuqk
+-> ssh-ed25519 5/zT0w qbRtOTh2C07+k2J22PJoXiYFKWXgJ18DfA29eqxkrwI
+BGoqjK6cpdQtZj6UeOZh687YoygiUieaqOiUZddo/UU
+-> ssh-ed25519 OxDh5w eey4Vi1yMtWsjPwkyAzRP7tTVX8VcgTN9FQzvEV+l28
+Ju7/bk0cyMxVbLaOAGOJwGepTUxPH8ZTHLCHkl3b2lc
+-> ~/d9](zV-grease .@B2-29 5[@V }' a}
+uk1w2UeRswloABr+O5qT4r5wnw0i6buVut1xBngqftw7/kKfELL734vVKq0tAwXH
+iHCzaekooAIHSmIEfRI6wGKO
+--- 0gf7R4wx3Md3blNkOd5m25d4yiDjmepv0ZPCT11qFUc
+Iã¶_\i<>3Ceã’>©
+«~üé¬—>f|NBó‘áM¡t2…ÿ<ê¦FËúq¤N£\ÇïN&Ö
¤#!X‘¶¼4.[yÍþö§ 3ë=P 40oÑ<6F>Ú0}<7D>>ÿÝö»}ù½û8Iº6m˜IÚ0cX¸lõE<C3B5>ÎAð{¦ÒJ‡Êõˆ8s_’LEH]íô®lQúA"acW½9Ð¡B\¿¾Û¬!"õh>ê© <20>7kü<6B>áN~÷ý4—ÂìC ¹ôÅÝù‹Eã‘Êà¾v–CítmbkTÔ…Eþ¡12g8}¼«T$¶!¸=Åé3Úû
--- a/secrets/cachix-upload-key.age
+++ b/secrets/cachix-upload-key.age
@ -1,13 +0,0 @@
-age-encryption.org/v1
-> ssh-ed25519 NO562A wdYUFvxvT7qtZ2GjKvH5LMqwst83kiWb4wLfx7T6QSs
-4Bpe9C3B11Hmqv8bk7khao+AeG+qrDBe4io477y+mCg
-> ssh-ed25519 5/zT0w r7KSc3LLqCQiGXBNgnav0StNfnVg5F9VIw2Pzw8UQhI
-pMkSqshAwDLsy2IhP00E8xYTZOMDPUNRJiisH9ArUoU
-> ssh-ed25519 OxDh5w mb6tt+K0i73aGmPUzwR7+d+vjOQGfJcxHx2udZ6Q9nw
-1icXi5j9nOI5zkwVzu/1K22CxBpbp6ioU9j3uNZgpBo
-> 9s8B-grease %Dt pw[YavZ RY((bY>
-WL92Bw95H0c3dM+H0iUhYtoefQbM0guP69x1vCX8zxT+NTdKtAeK/Nu1RVaR4qdL
-/yj5
--- psVhYZPeJN0cgQi882QC7JSj6IejJUTAkdnCHw5cRQQ
-\¦Ýe˜ÑR¦
lËÚYÄÑ*^9ÍYÔJÍË%¿©‘«Í¢—JßŠí¾ÎATWE:MEÁQñ:ÃIx	ÿø}î<´vß)p¬,®0Ñ`Ø$
¿‚,§ñw´e°aúNÑéŸ80öÑo‰‹é×šÁ6Ü¸¼£aÃ+B¼"¬
¾tþz~Ì{æé jƒç<ÊÈ²ë\„
-_"õ‚+8‰2\ò)<û	ßeFd2sKèS…£þ€Œ“Y—Z,	5U×ÙníZµW>»'
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -5,7 +5,7 @@ let
 in with hosts;
 {
  "builder_key.age".publicKeys = max ++ map systemKeys [ TITAN jericho ];
-  "cachix-upload-key.age".publicKeys = max ++ map systemKeys [ TITAN ];
+  "attic-upload-key.age".publicKeys = max ++ map systemKeys [ TITAN ];
  "hyprspace-key-TITAN.age".publicKeys = max ++ map systemKeys [ TITAN ];
  "hyprspace-key-jericho.age".publicKeys = max ++ map systemKeys [ jericho ];
  "ipfs-cluster-secret.age".publicKeys = max ++ map systemKeys [ TITAN ];