ops/nix-cache-login
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: ops:v0.1.0
Branches Tags
ops:main
ops:v0.1.0
..
compare: ops:main
Branches Tags
ops:main
ops:v0.1.0

1 commit
v0.1.0 ... main

Author SHA1 Message Date
Abel Luck
07bd576628 add initial nixos modules
All checks were successful
buildbot/nix-eval Build done.
Details
buildbot/nix-build gitea:ops/nix-cache-login#checks.x86_64-linux.devShell Build done.
Details
buildbot/nix-build gitea:ops/nix-cache-login#checks.x86_64-linux.tests Build done.
Details
buildbot/nix-build Build done.
Details
buildbot/nix-effects Build done.
Details
2026-02-26 19:11:53 +01:00
3 changed files with 123 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

32
flake.nix
View file

@ -44,5 +44,37 @@
]; ];
}; };
}); });
nixosModules = {
# Workstation: systemd user timer+service running `nix-cache-login refresh`
default =
{
config,
lib,
pkgs,
...
}:
{
imports = [ ./nixos-module.nix ];
services.nix-cache-login.package =
lib.mkDefault
self.packages.${pkgs.stdenv.hostPlatform.system}.default;
};
# Server: system-level timer+service running `nix-cache-login service-account`
server =
{
config,
lib,
pkgs,
...
}:
{
imports = [ ./nixos-module-server.nix ];
services.nix-cache-login-server.package =
lib.mkDefault
self.packages.${pkgs.stdenv.hostPlatform.system}.default;
};
};
}; };
} }

49
nixos-module-server.nix Normal file
View file

@ -0,0 +1,49 @@
{ config, lib, ... }:
let
cfg = config.services.nix-cache-login-server;
in
{
options.services.nix-cache-login-server = {
enable = lib.mkEnableOption "nix-cache-login service-account token refresh";
package = lib.mkOption {
type = lib.types.package;
description = "The nix-cache-login package to use.";
};
configFile = lib.mkOption {
type = lib.types.path;
description = ''
Path to the nix-cache-login config.toml file. Must include
client_secret_file pointing to a readable credentials file.
'';
example = "/etc/nix-cache-login/config.toml";
};
refreshInterval = lib.mkOption {
type = lib.types.str;
default = "15min";
description = ''
Interval between token refresh attempts, as a systemd time span.
On failure the service logs an error and the timer retries on schedule.
'';
example = "1h";
};
};
config = lib.mkIf cfg.enable {
systemd.services.nix-cache-login = {
description = "Nix cache login - service account token refresh";
serviceConfig = {
Type = "oneshot";
ExecStart = "${cfg.package}/bin/nix-cache-login --config ${cfg.configFile} service-account";
};
};
systemd.timers.nix-cache-login = {
description = "Nix cache login - periodic service account token refresh";
timerConfig = {
OnBootSec = "2min";
OnUnitActiveSec = cfg.refreshInterval;
};
wantedBy = [ "timers.target" ];
};
};
}

42
nixos-module.nix Normal file
View file

@ -0,0 +1,42 @@
{ config, lib, ... }:
let
cfg = config.services.nix-cache-login;
in
{
options.services.nix-cache-login = {
enable = lib.mkEnableOption "nix-cache-login automatic token refresh";
package = lib.mkOption {
type = lib.types.package;
description = "The nix-cache-login package to use.";
};
refreshInterval = lib.mkOption {
type = lib.types.str;
default = "15min";
description = ''
Interval between token refresh attempts, as a systemd time span.
If no valid session exists, the service logs an error and the timer
retries on the next interval. Run nix-cache-login to log in.
'';
example = "1h";
};
};
config = lib.mkIf cfg.enable {
systemd.user.services.nix-cache-login = {
description = "Nix cache login - refresh access token";
serviceConfig = {
Type = "oneshot";
ExecStart = "${cfg.package}/bin/nix-cache-login refresh";
};
};
systemd.user.timers.nix-cache-login = {
description = "Nix cache login - periodic token refresh";
timerConfig = {
OnBootSec = "2min";
OnUnitActiveSec = cfg.refreshInterval;
};
wantedBy = [ "timers.target" ];
};
};
}