2026-02-26 19:11:53 +01:00
|
|
|
{ config, lib, ... }:
|
|
|
|
|
let
|
|
|
|
|
cfg = config.services.nix-cache-login-server;
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
options.services.nix-cache-login-server = {
|
|
|
|
|
enable = lib.mkEnableOption "nix-cache-login service-account token refresh";
|
|
|
|
|
package = lib.mkOption {
|
|
|
|
|
type = lib.types.package;
|
|
|
|
|
description = "The nix-cache-login package to use.";
|
|
|
|
|
};
|
|
|
|
|
configFile = lib.mkOption {
|
|
|
|
|
type = lib.types.path;
|
|
|
|
|
description = ''
|
|
|
|
|
Path to the nix-cache-login config.toml file. Must include
|
|
|
|
|
client_secret_file pointing to a readable credentials file.
|
|
|
|
|
'';
|
|
|
|
|
example = "/etc/nix-cache-login/config.toml";
|
|
|
|
|
};
|
|
|
|
|
refreshInterval = lib.mkOption {
|
|
|
|
|
type = lib.types.str;
|
|
|
|
|
default = "15min";
|
|
|
|
|
description = ''
|
|
|
|
|
Interval between token refresh attempts, as a systemd time span.
|
|
|
|
|
On failure the service logs an error and the timer retries on schedule.
|
|
|
|
|
'';
|
|
|
|
|
example = "1h";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config = lib.mkIf cfg.enable {
|
2026-02-27 08:39:18 +01:00
|
|
|
environment.systemPackages = [ cfg.package ];
|
2026-02-26 19:11:53 +01:00
|
|
|
systemd.services.nix-cache-login = {
|
|
|
|
|
description = "Nix cache login - service account token refresh";
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
Type = "oneshot";
|
|
|
|
|
ExecStart = "${cfg.package}/bin/nix-cache-login --config ${cfg.configFile} service-account";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.timers.nix-cache-login = {
|
|
|
|
|
description = "Nix cache login - periodic service account token refresh";
|
|
|
|
|
timerConfig = {
|
|
|
|
|
OnBootSec = "2min";
|
|
|
|
|
OnUnitActiveSec = cfg.refreshInterval;
|
|
|
|
|
};
|
|
|
|
|
wantedBy = [ "timers.target" ];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
