diff --git a/clanModules/trusted-nix-caches/README.md b/clanModules/trusted-nix-caches/README.md index ab388a66c..aebad59d8 100644 --- a/clanModules/trusted-nix-caches/README.md +++ b/clanModules/trusted-nix-caches/README.md @@ -1,3 +1,5 @@ --- description = "This module sets the `clan.lol` and `nix-community` cache up as a trusted cache." ----- +categories = ["System", "Network"] +features = [ "deprecated" ] +--- diff --git a/clanServices/trusted-nix-caches/README.md b/clanServices/trusted-nix-caches/README.md new file mode 100644 index 000000000..307cc33ab --- /dev/null +++ b/clanServices/trusted-nix-caches/README.md @@ -0,0 +1,15 @@ +Sets up nix to trust and use the clan cache + +## Usage + +```nix +inventory.instances = { + clan-cache = { + module = { + name = "trusted-nix-caches"; + input = "clan"; + }; + roles.default.machines.draper = { }; + }; +} +``` diff --git a/clanServices/trusted-nix-caches/default.nix b/clanServices/trusted-nix-caches/default.nix new file mode 100644 index 000000000..3a04bb49a --- /dev/null +++ b/clanServices/trusted-nix-caches/default.nix @@ -0,0 +1,27 @@ +{ ... }: +{ + _class = "clan.service"; + manifest.name = "clan-core/trusted-nix-caches"; + manifest.description = "This module sets the `clan.lol` and `nix-community` cache up as a trusted cache."; + manifest.categories = [ "System" ]; + + roles.default = { + + perInstance = + { ... }: + { + nixosModule = + { ... }: + { + nix.settings.trusted-substituters = [ + "https://cache.clan.lol" + "https://nix-community.cachix.org" + ]; + nix.settings.trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "cache.clan.lol-1:3KztgSAB5R1M+Dz7vzkBGzXdodizbgLXGXKXlcQLA28=" + ]; + }; + }; + }; +} diff --git a/clanServices/trusted-nix-caches/flake-module.nix b/clanServices/trusted-nix-caches/flake-module.nix new file mode 100644 index 000000000..81c2dc33c --- /dev/null +++ b/clanServices/trusted-nix-caches/flake-module.nix @@ -0,0 +1,17 @@ +{ lib, self, ... }: +{ + clan.modules = { + trusted-nix-caches = lib.modules.importApply ./default.nix { }; + }; + perSystem = + { pkgs, ... }: + { + checks = lib.optionalAttrs (pkgs.stdenv.isLinux) { + trusted-nix-caches = import ./tests/vm/default.nix { + inherit pkgs; + clan-core = self; + nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { }; + }; + }; + }; +} diff --git a/clanServices/trusted-nix-caches/tests/vm/default.nix b/clanServices/trusted-nix-caches/tests/vm/default.nix new file mode 100644 index 000000000..df7245aed --- /dev/null +++ b/clanServices/trusted-nix-caches/tests/vm/default.nix @@ -0,0 +1,40 @@ +{ + pkgs, + nixosLib, + clan-core, + ... +}: +nixosLib.runTest ( + { ... }: + { + imports = [ + clan-core.modules.nixosVmTest.clanTest + ]; + + hostPkgs = pkgs; + + name = "trusted-nix-caches"; + + clan = { + directory = ./.; + modules."@clan/trusted-nix-caches" = ../../default.nix; + inventory = { + machines.server = { }; + + instances = { + trusted-nix-caches = { + module.name = "@clan/trusted-nix-caches"; + roles.default.machines."server" = { }; + }; + }; + }; + }; + + nodes.server = { }; + + testScript = '' + start_all() + server.succeed("grep -q 'cache.clan.lol' /etc/nix/nix.conf") + ''; + } +) diff --git a/clanServices/trusted-nix-caches/tests/vm/sops/users/admin/key.json b/clanServices/trusted-nix-caches/tests/vm/sops/users/admin/key.json new file mode 100644 index 000000000..e408aa96b --- /dev/null +++ b/clanServices/trusted-nix-caches/tests/vm/sops/users/admin/key.json @@ -0,0 +1,4 @@ +{ + "publickey": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg", + "type": "age" +} diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index 7a8d90391..70061cd83 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -93,6 +93,7 @@ nav: - reference/clanServices/localsend.md - reference/clanServices/mycelium.md - reference/clanServices/sshd.md + - reference/clanServices/trusted-nix-caches.md - reference/clanServices/users.md - reference/clanServices/hello-world.md - reference/clanServices/wifi.md