ops/nix-cache-login
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

stop setting netrc-file

Browse source
This commit is contained in:
Abel Luck 2026-04-08 08:43:08 +02:00
parent aa4732af7b
commit d6d6721c16
6 changed files with 95 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

10
CHANGELOG.md
View file

@ -4,6 +4,16 @@
Changes yet to be released are documented here. Changes yet to be released are documented here.
## v0.3.0
- Stop setting `nix.settings.netrc-file` from the Home Manager module
- Document `netrc_path` in `config.toml` as the path operators should wire into their daemon configuration
- Add a module evaluation check to prevent the Home Manager module from reintroducing `nix.settings.netrc-file`
These changes are made to support both cppnix and detsysnix. The latter has [special requirements][additionalnetrcsources] around the `netrc` files.
[additionalnetrcsources]: https://docs.determinate.systems/determinate-nix/#additionalnetrcsources
## v0.2.1 ## v0.2.1
- Fix netrc parsing for one-line entries such as `machine ... login ... password ...` - Fix netrc parsing for one-line entries such as `machine ... login ... password ...`

18
README.md
View file

@ -58,6 +58,14 @@ netrc_path = "$XDG_CONFIG_HOME/nix/netrc"
Path values support environment variable expansion (`$VAR` and `${VAR}`). Path values support environment variable expansion (`$VAR` and `${VAR}`).
`netrc_path` is the path this tool writes tokens to.
Configure Nix to read that same path.
This supports both cppnix and detsysnix. The latter has [special
requirements][additionalnetrcsources] around `netrc` files, so set
`additionalNetrcSources` to include the configured `netrc_path`.
## Usage ## Usage
```bash ```bash
@ -78,6 +86,15 @@ Config path resolution order:
The NixOS server module exports `NIX_CACHE_LOGIN_CONFIG` and installs The NixOS server module exports `NIX_CACHE_LOGIN_CONFIG` and installs
`/etc/nix-cache-login/config.toml` from `services.nix-cache-login-server.configFile`. `/etc/nix-cache-login/config.toml` from `services.nix-cache-login-server.configFile`.
## Module Integration
The Home Manager and NixOS modules in this repo install the package and refresh
services.
Nix and detsysnix daemon configuration stays outside these modules.
Set your daemon to read the `netrc_path` configured in `config.toml`.
## Maintenance ## Maintenance
This tool is actively maintained by [Guardian Project](https://guardianproject.info). This tool is actively maintained by [Guardian Project](https://guardianproject.info).
@ -92,6 +109,7 @@ For security-related issues, please contact us through our [security policy][sec
[issues]: https://guardianproject.dev/ops/nix-cache-login/issues [issues]: https://guardianproject.dev/ops/nix-cache-login/issues
[sec]: https://guardianproject.info/contact/ [sec]: https://guardianproject.info/contact/
[additionalnetrcsources]: https://docs.determinate.systems/determinate-nix/#additionalnetrcsources
## License ## License

1
flake.nix
View file

@ -36,6 +36,7 @@
''; '';
doCheck = true; doCheck = true;
}); });
module-checks = import ./module-checks.nix { inherit self pkgs; };
devShell = self.devShells.${pkgs.stdenv.hostPlatform.system}.default; devShell = self.devShells.${pkgs.stdenv.hostPlatform.system}.default;
} }
// pkgs.lib.optionalAttrs pkgs.stdenv.isLinux { // pkgs.lib.optionalAttrs pkgs.stdenv.isLinux {

1
home-module.nix
View file

@ -26,7 +26,6 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
nix.settings.netrc-file = "${config.xdg.configHome}/nix/netrc";
home.packages = [ cfg.package ]; home.packages = [ cfg.package ];
systemd.user.services.nix-cache-login = { systemd.user.services.nix-cache-login = {
Unit.Description = "Nix cache login - refresh access token"; Unit.Description = "Nix cache login - refresh access token";

65
module-checks.nix Normal file
View file

@ -0,0 +1,65 @@
{ self, pkgs }:
let
lib = pkgs.lib;
fakePackage = pkgs.runCommand "nix-cache-login-fake-package" { } ''
mkdir -p "$out/bin"
touch "$out/bin/nix-cache-login"
chmod +x "$out/bin/nix-cache-login"
'';
hmStubModule =
{ lib, ... }:
{
options = {
home.packages = lib.mkOption {
type = lib.types.listOf lib.types.package;
default = [ ];
};
home.homeDirectory = lib.mkOption {
type = lib.types.str;
default = "/home/tester";
};
xdg.configHome = lib.mkOption {
type = lib.types.str;
default = "/home/tester/.config";
};
nix.settings = lib.mkOption {
type = lib.types.attrsOf lib.types.anything;
default = { };
};
systemd.user.services = lib.mkOption {
type = lib.types.attrsOf lib.types.anything;
default = { };
};
systemd.user.timers = lib.mkOption {
type = lib.types.attrsOf lib.types.anything;
default = { };
};
launchd.agents = lib.mkOption {
type = lib.types.attrsOf lib.types.anything;
default = { };
};
};
};
evalHome =
extraConfig:
lib.evalModules {
modules = [
hmStubModule
./home-module.nix
{
services.nix-cache-login.enable = true;
services.nix-cache-login.package = fakePackage;
}
extraConfig
];
};
homeDefault = evalHome { };
in
pkgs.runCommand "nix-cache-login-module-checks" { } ''
test ${lib.escapeShellArg (builtins.toJSON (builtins.hasAttr "netrc-file" homeDefault.config.nix.settings))} = ${lib.escapeShellArg "false"}
test ${lib.escapeShellArg homeDefault.config.systemd.user.services.nix-cache-login.Service.ExecStart} = ${lib.escapeShellArg "${fakePackage}/bin/nix-cache-login refresh"}
touch "$out"
''

2
package.nix
View file

@ -6,7 +6,7 @@
buildGoModule { buildGoModule {
pname = "nix-cache-login"; pname = "nix-cache-login";
version = "0.2.1"; version = "0.3.0";
src = ./.; src = ./.;
# src = fetchgit { # src = fetchgit {
# url = "https://guardianproject.dev/ops/nix-cache-login.git"; # url = "https://guardianproject.dev/ops/nix-cache-login.git";