ops/nix-cache-login
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: ops:main
Branches Tags
ops:main
ops:v0.1.0
..
compare: ops:v0.1.0
Branches Tags
ops:main
ops:v0.1.0

No commits in common. "main" and "v0.1.0" have entirely different histories.
main ... v0.1.0

3 changed files with 0 additions and 123 deletions
Download patch file Download diff file Expand all files Collapse all files

32
flake.nix
View file

@ -44,37 +44,5 @@
];
};
});
nixosModules = {
# Workstation: systemd user timer+service running `nix-cache-login refresh`
default =
{
config,
lib,
pkgs,
...
}:
{
imports = [ ./nixos-module.nix ];
services.nix-cache-login.package =
lib.mkDefault
self.packages.${pkgs.stdenv.hostPlatform.system}.default;
};
# Server: system-level timer+service running `nix-cache-login service-account`
server =
{
config,
lib,
pkgs,
...
}:
{
imports = [ ./nixos-module-server.nix ];
services.nix-cache-login-server.package =
lib.mkDefault
self.packages.${pkgs.stdenv.hostPlatform.system}.default;
};
};
};
}

49
nixos-module-server.nix
View file

@ -1,49 +0,0 @@
{ config, lib, ... }:
let
cfg = config.services.nix-cache-login-server;
in
{
options.services.nix-cache-login-server = {
enable = lib.mkEnableOption "nix-cache-login service-account token refresh";
package = lib.mkOption {
type = lib.types.package;
description = "The nix-cache-login package to use.";
};
configFile = lib.mkOption {
type = lib.types.path;
description = ''
Path to the nix-cache-login config.toml file. Must include
client_secret_file pointing to a readable credentials file.
'';
example = "/etc/nix-cache-login/config.toml";
};
refreshInterval = lib.mkOption {
type = lib.types.str;
default = "15min";
description = ''
Interval between token refresh attempts, as a systemd time span.
On failure the service logs an error and the timer retries on schedule.
'';
example = "1h";
};
};
config = lib.mkIf cfg.enable {
systemd.services.nix-cache-login = {
description = "Nix cache login - service account token refresh";
serviceConfig = {
Type = "oneshot";
ExecStart = "${cfg.package}/bin/nix-cache-login --config ${cfg.configFile} service-account";
};
};
systemd.timers.nix-cache-login = {
description = "Nix cache login - periodic service account token refresh";
timerConfig = {
OnBootSec = "2min";
OnUnitActiveSec = cfg.refreshInterval;
};
wantedBy = [ "timers.target" ];
};
};
}

42
nixos-module.nix
View file

@ -1,42 +0,0 @@
{ config, lib, ... }:
let
cfg = config.services.nix-cache-login;
in
{
options.services.nix-cache-login = {
enable = lib.mkEnableOption "nix-cache-login automatic token refresh";
package = lib.mkOption {
type = lib.types.package;
description = "The nix-cache-login package to use.";
};
refreshInterval = lib.mkOption {
type = lib.types.str;
default = "15min";
description = ''
Interval between token refresh attempts, as a systemd time span.
If no valid session exists, the service logs an error and the timer
retries on the next interval. Run nix-cache-login to log in.
'';
example = "1h";
};
};
config = lib.mkIf cfg.enable {
systemd.user.services.nix-cache-login = {
description = "Nix cache login - refresh access token";
serviceConfig = {
Type = "oneshot";
ExecStart = "${cfg.package}/bin/nix-cache-login refresh";
};
};
systemd.user.timers.nix-cache-login = {
description = "Nix cache login - periodic token refresh";
timerConfig = {
OnBootSec = "2min";
OnUnitActiveSec = cfg.refreshInterval;
};
wantedBy = [ "timers.target" ];
};
};
}