Merge pull request 'Migrate trusted-nix-caches to clanServices' (#3949) from migrate-nix-caches into main

Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/3949
2025-06-16 09:03:08 +00:00
parent ced9d2223e 56fef67fd5
commit 84f7f6e277
7 changed files with 107 additions and 1 deletions
--- a/clanModules/trusted-nix-caches/README.md
+++ b/clanModules/trusted-nix-caches/README.md
@@ -1,3 +1,5 @@
 ---
 description = "This module sets the `clan.lol` and `nix-community` cache up as a trusted cache."
----
+categories = ["System", "Network"]
 features = [ "deprecated" ]
 ---
--- a/clanServices/trusted-nix-caches/README.md
+++ b/clanServices/trusted-nix-caches/README.md
@@ -0,0 +1,15 @@
 Sets up nix to trust and use the clan cache
 ## Usage
 ```nix
 inventory.instances = {
  clan-cache = {
    module = {
      name = "trusted-nix-caches";
      input = "clan";
    };
    roles.default.machines.draper = { };
  };
 }
 ```
--- a/clanServices/trusted-nix-caches/default.nix
+++ b/clanServices/trusted-nix-caches/default.nix
@@ -0,0 +1,27 @@
 { ... }:
 {
  _class = "clan.service";
  manifest.name = "clan-core/trusted-nix-caches";
  manifest.description = "This module sets the `clan.lol` and `nix-community` cache up as a trusted cache.";
  manifest.categories = [ "System" ];
  roles.default = {
    perInstance =
      { ... }:
      {
        nixosModule =
          { ... }:
          {
            nix.settings.trusted-substituters = [
              "https://cache.clan.lol"
              "https://nix-community.cachix.org"
            ];
            nix.settings.trusted-public-keys = [
              "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
              "cache.clan.lol-1:3KztgSAB5R1M+Dz7vzkBGzXdodizbgLXGXKXlcQLA28="
            ];
          };
      };
  };
 }
--- a/clanServices/trusted-nix-caches/flake-module.nix
+++ b/clanServices/trusted-nix-caches/flake-module.nix
@@ -0,0 +1,17 @@
 { lib, self, ... }:
 {
  clan.modules = {
    trusted-nix-caches = lib.modules.importApply ./default.nix { };
  };
  perSystem =
    { pkgs, ... }:
    {
      checks = lib.optionalAttrs (pkgs.stdenv.isLinux) {
        trusted-nix-caches = import ./tests/vm/default.nix {
          inherit pkgs;
          clan-core = self;
          nixosLib = import (self.inputs.nixpkgs + "/nixos/lib") { };
        };
      };
    };
 }
--- a/clanServices/trusted-nix-caches/tests/vm/default.nix
+++ b/clanServices/trusted-nix-caches/tests/vm/default.nix
@@ -0,0 +1,40 @@
 {
  pkgs,
  nixosLib,
  clan-core,
  ...
 }:
 nixosLib.runTest (
  { ... }:
  {
    imports = [
      clan-core.modules.nixosVmTest.clanTest
    ];
    hostPkgs = pkgs;
    name = "trusted-nix-caches";
    clan = {
      directory = ./.;
      modules."@clan/trusted-nix-caches" = ../../default.nix;
      inventory = {
        machines.server = { };
        instances = {
          trusted-nix-caches = {
            module.name = "@clan/trusted-nix-caches";
            roles.default.machines."server" = { };
          };
        };
      };
    };
    nodes.server = { };
    testScript = ''
      start_all()
      server.succeed("grep -q 'cache.clan.lol' /etc/nix/nix.conf")
    '';
  }
 )
--- a/clanServices/trusted-nix-caches/tests/vm/sops/users/admin/key.json
+++ b/clanServices/trusted-nix-caches/tests/vm/sops/users/admin/key.json
@@ -0,0 +1,4 @@
 {
  "publickey": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
  "type": "age"
 }
--- a/docs/mkdocs.yml
+++ b/docs/mkdocs.yml
@@ -94,6 +94,7 @@ nav:
          - reference/clanServices/localsend.md
          - reference/clanServices/mycelium.md
          - reference/clanServices/sshd.md
          - reference/clanServices/trusted-nix-caches.md
          - reference/clanServices/users.md
          - reference/clanServices/hello-world.md
          - reference/clanServices/wifi.md