mirror of
https://github.com/Swarsel/.dotfiles.git
synced 2026-04-14 21:29:12 +02:00
54 lines
1.4 KiB
Nix
54 lines
1.4 KiB
Nix
{ lib, config, pkgs, globals, ... }:
|
|
|
|
{
|
|
options.swarselmodules.server.attic-setup = lib.mkEnableOption "enable attic setup";
|
|
config = lib.mkIf config.swarselmodules.server.attic-setup {
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
attic-client
|
|
];
|
|
|
|
sops = {
|
|
secrets = {
|
|
attic-cache-key = { };
|
|
};
|
|
templates = {
|
|
"attic-env".content = ''
|
|
DOMAIN=https://${globals.services.attic.domain}
|
|
TOKEN=${config.sops.placeholder.attic-cache-key}
|
|
'';
|
|
};
|
|
};
|
|
|
|
systemd.services.attic-cache-setup = {
|
|
description = "Ensure attic is authenticated to cache";
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [ "network-online.target" ];
|
|
wants = [ "network-online.target" ];
|
|
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
EnvironmentFile = [
|
|
config.sops.templates.attic-env.path
|
|
];
|
|
};
|
|
script =
|
|
let
|
|
attic = lib.getExe pkgs.attic-client;
|
|
in
|
|
''
|
|
set -eu
|
|
if ${attic} cache info ${config.swarselsystems.mainUser} >/dev/null 2>&1; then
|
|
echo "cache already authenticated"
|
|
exit 0
|
|
fi
|
|
echo "cache not authenticated, attempting login..."
|
|
${attic} login ${config.swarselsystems.mainUser} "$DOMAIN" "$TOKEN" --set-default
|
|
${attic} use ${config.swarselsystems.mainUser}
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|