From 07bd5766284927f1283c4bcd7b617b4815134d37 Mon Sep 17 00:00:00 2001 From: Abel Luck Date: Thu, 26 Feb 2026 19:11:53 +0100 Subject: [PATCH] add initial nixos modules --- flake.nix | 32 +++++++++++++++++++++++++++ nixos-module-server.nix | 49 +++++++++++++++++++++++++++++++++++++++++ nixos-module.nix | 42 +++++++++++++++++++++++++++++++++++ 3 files changed, 123 insertions(+) create mode 100644 nixos-module-server.nix create mode 100644 nixos-module.nix diff --git a/flake.nix b/flake.nix index e1c0ef9..a5a5919 100644 --- a/flake.nix +++ b/flake.nix @@ -44,5 +44,37 @@ ]; }; }); + + nixosModules = { + # Workstation: systemd user timer+service running `nix-cache-login refresh` + default = + { + config, + lib, + pkgs, + ... + }: + { + imports = [ ./nixos-module.nix ]; + services.nix-cache-login.package = + lib.mkDefault + self.packages.${pkgs.stdenv.hostPlatform.system}.default; + }; + + # Server: system-level timer+service running `nix-cache-login service-account` + server = + { + config, + lib, + pkgs, + ... + }: + { + imports = [ ./nixos-module-server.nix ]; + services.nix-cache-login-server.package = + lib.mkDefault + self.packages.${pkgs.stdenv.hostPlatform.system}.default; + }; + }; }; } diff --git a/nixos-module-server.nix b/nixos-module-server.nix new file mode 100644 index 0000000..74bac7f --- /dev/null +++ b/nixos-module-server.nix @@ -0,0 +1,49 @@ +{ config, lib, ... }: +let + cfg = config.services.nix-cache-login-server; +in +{ + options.services.nix-cache-login-server = { + enable = lib.mkEnableOption "nix-cache-login service-account token refresh"; + package = lib.mkOption { + type = lib.types.package; + description = "The nix-cache-login package to use."; + }; + configFile = lib.mkOption { + type = lib.types.path; + description = '' + Path to the nix-cache-login config.toml file. Must include + client_secret_file pointing to a readable credentials file. + ''; + example = "/etc/nix-cache-login/config.toml"; + }; + refreshInterval = lib.mkOption { + type = lib.types.str; + default = "15min"; + description = '' + Interval between token refresh attempts, as a systemd time span. + On failure the service logs an error and the timer retries on schedule. + ''; + example = "1h"; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services.nix-cache-login = { + description = "Nix cache login - service account token refresh"; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${cfg.package}/bin/nix-cache-login --config ${cfg.configFile} service-account"; + }; + }; + + systemd.timers.nix-cache-login = { + description = "Nix cache login - periodic service account token refresh"; + timerConfig = { + OnBootSec = "2min"; + OnUnitActiveSec = cfg.refreshInterval; + }; + wantedBy = [ "timers.target" ]; + }; + }; +} diff --git a/nixos-module.nix b/nixos-module.nix new file mode 100644 index 0000000..ab0e12a --- /dev/null +++ b/nixos-module.nix @@ -0,0 +1,42 @@ +{ config, lib, ... }: +let + cfg = config.services.nix-cache-login; +in +{ + options.services.nix-cache-login = { + enable = lib.mkEnableOption "nix-cache-login automatic token refresh"; + package = lib.mkOption { + type = lib.types.package; + description = "The nix-cache-login package to use."; + }; + refreshInterval = lib.mkOption { + type = lib.types.str; + default = "15min"; + description = '' + Interval between token refresh attempts, as a systemd time span. + If no valid session exists, the service logs an error and the timer + retries on the next interval. Run nix-cache-login to log in. + ''; + example = "1h"; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.user.services.nix-cache-login = { + description = "Nix cache login - refresh access token"; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${cfg.package}/bin/nix-cache-login refresh"; + }; + }; + + systemd.user.timers.nix-cache-login = { + description = "Nix cache login - periodic token refresh"; + timerConfig = { + OnBootSec = "2min"; + OnUnitActiveSec = cfg.refreshInterval; + }; + wantedBy = [ "timers.target" ]; + }; + }; +}