Merge pull request 'Migrate trusted-nix-caches to clanServices' (#3949) from migrate-nix-caches into main

Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3949
2025-06-16 09:03:08 +00:00
parent ced9d2223e 56fef67fd5
commit 84f7f6e277
7 changed files with 107 additions and 1 deletions
--- a/clanModules/trusted-nix-caches/README.md
+++ b/clanModules/trusted-nix-caches/README.md
@@ -1,3 +1,5 @@
 ---
 description = "This module sets the `clan.lol` and `nix-community` cache up as a trusted cache."
----
+categories = ["System", "Network"]
+features = [ "deprecated" ]
+---
--- a/clanServices/trusted-nix-caches/README.md
+++ b/clanServices/trusted-nix-caches/README.md
@@ -0,0 +1,15 @@
+Sets up nix to trust and use the clan cache
+
+## Usage
+
+```nix
+inventory.instances = {
+  clan-cache = {
+    module = {
+      name = "trusted-nix-caches";
+      input = "clan";
+    };
+    roles.default.machines.draper = { };
+  };
+}
+```
--- a/clanServices/trusted-nix-caches/default.nix
+++ b/clanServices/trusted-nix-caches/default.nix
@@ -0,0 +1,27 @@
+{ ... }:
+{
+  _class = "clan.service";
+  manifest.name = "clan-core/trusted-nix-caches";
+  manifest.description = "This module sets the `clan.lol` and `nix-community` cache up as a trusted cache.";
+  manifest.categories = [ "System" ];
+
+  roles.default = {
+
+    perInstance =
+      { ... }:
+      {
+        nixosModule =
+          { ... }:
+          {
+            nix.settings.trusted-substituters = [
+              "https://cache.clan.lol"
+              "https://nix-community.cachix.org"
+            ];
+            nix.settings.trusted-public-keys = [
+              "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+              "cache.clan.lol-1:3KztgSAB5R1M+Dz7vzkBGzXdodizbgLXGXKXlcQLA28="
+            ];
+          };
+      };
+  };
+}
--- a/clanServices/trusted-nix-caches/flake-module.nix
+++ b/clanServices/trusted-nix-caches/flake-module.nix
@@ -0,0 +1,17 @@
+{ lib, self, ... }:
+{
+  clan.modules = {
+    trusted-nix-caches = lib.modules.importApply ./default.nix { };
+  };
+  perSystem =
+    { pkgs, ... }:
+    {
+      checks = lib.optionalAttrs (pkgs.stdenv.isLinux) {
+        trusted-nix-caches = import ./tests/vm/default.nix {
+          inherit pkgs;
+          clan-core = self;
+          nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { };
+        };
+      };
+    };
+}
--- a/clanServices/trusted-nix-caches/tests/vm/default.nix
+++ b/clanServices/trusted-nix-caches/tests/vm/default.nix
@@ -0,0 +1,40 @@
+{
+  pkgs,
+  nixosLib,
+  clan-core,
+  ...
+}:
+nixosLib.runTest (
+  { ... }:
+  {
+    imports = [
+      clan-core.modules.nixosVmTest.clanTest
+    ];
+
+    hostPkgs = pkgs;
+
+    name = "trusted-nix-caches";
+
+    clan = {
+      directory = ./.;
+      modules."@clan/trusted-nix-caches" = ../../default.nix;
+      inventory = {
+        machines.server = { };
+
+        instances = {
+          trusted-nix-caches = {
+            module.name = "@clan/trusted-nix-caches";
+            roles.default.machines."server" = { };
+          };
+        };
+      };
+    };
+
+    nodes.server = { };
+
+    testScript = ''
+      start_all()
+      server.succeed("grep -q 'cache.clan.lol' /etc/nix/nix.conf")
+    '';
+  }
+)
--- a/clanServices/trusted-nix-caches/tests/vm/sops/users/admin/key.json
+++ b/clanServices/trusted-nix-caches/tests/vm/sops/users/admin/key.json
@@ -0,0 +1,4 @@
+{
+  "publickey": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
+  "type": "age"
+}
--- a/docs/mkdocs.yml
+++ b/docs/mkdocs.yml
@@ -94,6 +94,7 @@ nav:
          - reference/clanServices/localsend.md
          - reference/clanServices/mycelium.md
          - reference/clanServices/sshd.md
+          - reference/clanServices/trusted-nix-caches.md
          - reference/clanServices/users.md
          - reference/clanServices/hello-world.md
          - reference/clanServices/wifi.md