diff --git a/.github/workflows/flake-health-checks.yml b/.github/workflows/flake-health-checks.yml index 6fd56c1..dcd7145 100644 --- a/.github/workflows/flake-health-checks.yml +++ b/.github/workflows/flake-health-checks.yml @@ -15,6 +15,13 @@ jobs: os: [ubuntu-latest] steps: - uses: DeterminateSystems/nix-installer-action@main - - uses: DeterminateSystems/magic-nix-cache-action@main + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 + with: + endpoint: ${{ secrets.ATTIC_ENDPOINT }} + cache: ${{ secrets.ATTIC_CACHE }} + token: ${{ secrets.ATTIC_TOKEN }} + skip-push: "true" - uses: actions/checkout@v4 - run: nix flake check --accept-flake-config + - run: nix ./utils/attic-push.bash diff --git a/.github/workflows/flake-update.yml b/.github/workflows/flake-update.yml index cdc8180..394ce9d 100644 --- a/.github/workflows/flake-update.yml +++ b/.github/workflows/flake-update.yml @@ -21,7 +21,12 @@ jobs: extra_nix_config: | experimental-features = nix-command flakes install_url: https://releases.nixos.org/nix/nix-2.19.0/install - - uses: DeterminateSystems/magic-nix-cache-action@main + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 + with: + endpoint: ${{ secrets.ATTIC_ENDPOINT }} + cache: ${{ secrets.ATTIC_CACHE }} + token: ${{ secrets.ATTIC_TOKEN }} - name: Calculate pre-drv run: nix ./utils/eval-to-drv.sh pre # - name: Pull latest docker images diff --git a/.github/workflows/nix-fmt.yml b/.github/workflows/nix-fmt.yml index 374ea92..e2c2e3e 100644 --- a/.github/workflows/nix-fmt.yml +++ b/.github/workflows/nix-fmt.yml @@ -12,6 +12,11 @@ jobs: runs-on: ubuntu-latest steps: - uses: DeterminateSystems/nix-installer-action@main - - uses: DeterminateSystems/magic-nix-cache-action@main + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 + with: + endpoint: ${{ secrets.ATTIC_ENDPOINT }} + cache: ${{ secrets.ATTIC_CACHE }} + token: ${{ secrets.ATTIC_TOKEN }} - uses: actions/checkout@v4 - run: nix fmt -- --check . diff --git a/flake.nix b/flake.nix index 0b33a2f..bec683c 100644 --- a/flake.nix +++ b/flake.nix @@ -5,15 +5,17 @@ substituters = [ "https://cache.nixos.org/?priority=1&want-mass-query=true" "https://nix-community.cachix.org/?priority=10&want-mass-query=true" + "https://attic.alicehuston.xyz/nix-cache" ]; trusted-substituters = [ "https://cache.nixos.org" - "https://attic.alicehuston.xyz/cache-nix-dot" "https://nix-community.cachix.org" + "https://attic.alicehuston.xyz/nix-cache" ]; trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "nix-cache:trR+y5nwpQHR4hystoogubFmp97cewkjWeqqbygRQRs=" ]; trusted-users = [ "root" ]; }; diff --git a/systems/artemision/programs.nix b/systems/artemision/programs.nix index 982ed58..6695404 100644 --- a/systems/artemision/programs.nix +++ b/systems/artemision/programs.nix @@ -3,6 +3,7 @@ environment.systemPackages = with pkgs; [ act alacritty + attic-client amdgpu_top bat bitwarden-cli diff --git a/systems/palatine-hill/attic/default.nix b/systems/palatine-hill/attic/default.nix index e061931..35c3aa5 100644 --- a/systems/palatine-hill/attic/default.nix +++ b/systems/palatine-hill/attic/default.nix @@ -19,7 +19,7 @@ settings = { listen = "[::]:8183"; allowed-hosts = [ "attic.alicehuston.xyz" ]; - api-endpoint = "https://attic.alicehuston.xyz"; + api-endpoint = "https://attic.alicehuston.xyz/"; compression.type = "none"; # let ZFS do the compressing database = { url = "postgres://atticd?host=/run/postgresql"; diff --git a/systems/palatine-hill/docker/act-runner.nix b/systems/palatine-hill/docker/act-runner.nix index be6476a..f0cfa57 100644 --- a/systems/palatine-hill/docker/act-runner.nix +++ b/systems/palatine-hill/docker/act-runner.nix @@ -8,27 +8,75 @@ let act_path = vars.primary_act; in { - virtualisation.oci-containers.containers.act-stable-latest-1 = { - image = "gitea/act_runner:latest"; - extraOptions = [ - "--stop-signal=SIGINT" - ]; - labels = { - "com.centurylinklabs.watchtower.enable" = "true"; - "com.centurylinklabs.watchtower.scope" = "act-runner"; + virtualisation.oci-containers.containers = { + act-stable-latest-1 = { + image = "gitea/act_runner:latest"; + extraOptions = [ + "--stop-signal=SIGINT" + ]; + labels = { + "com.centurylinklabs.watchtower.enable" = "true"; + "com.centurylinklabs.watchtower.scope" = "act-runner"; + }; + ports = [ "8088:8088" ]; + volumes = [ + "${act_path}/stable-latest-1/config.yaml:/config.yaml" + "${act_path}/stable-latest-1/data:/data" + "/var/run/docker.sock:/var/run/docker.sock" + ]; + environment = { + CONFIG_FILE = "/config.yaml"; + GITEA_RUNNER_NAME = "stable-latest-1"; + }; + environmentFiles = [ config.sops.secrets."docker/act-runner".path ]; + log-driver = "local"; }; - ports = [ "8088:8088" ]; - volumes = [ - "${act_path}/stable-latest-1/config.yaml:/config.yaml" - "${act_path}/stable-latest-1/data:/data" - "/var/run/docker.sock:/var/run/docker.sock" - ]; - environment = { - CONFIG_FILE = "/config.yaml"; - GITEA_RUNNER_NAME = "stable-latest-1"; + + act-stable-latest-2 = { + image = "gitea/act_runner:latest"; + extraOptions = [ + "--stop-signal=SIGINT" + ]; + labels = { + "com.centurylinklabs.watchtower.enable" = "true"; + "com.centurylinklabs.watchtower.scope" = "act-runner"; + }; + # ports = [ "8088:8088" ]; + volumes = [ + "${act_path}/stable-latest-2/config.yaml:/config.yaml" + "${act_path}/stable-latest-2/data:/data" + "/var/run/docker.sock:/var/run/docker.sock" + ]; + environment = { + CONFIG_FILE = "/config.yaml"; + GITEA_RUNNER_NAME = "stable-latest-2"; + }; + environmentFiles = [ config.sops.secrets."docker/act-runner".path ]; + log-driver = "local"; + }; + + act-stable-latest-3 = { + image = "gitea/act_runner:latest"; + extraOptions = [ + "--stop-signal=SIGINT" + ]; + labels = { + "com.centurylinklabs.watchtower.enable" = "true"; + "com.centurylinklabs.watchtower.scope" = "act-runner"; + }; + # ports = [ "8088:8088" ]; + volumes = [ + "${act_path}/stable-latest-3/config.yaml:/config.yaml" + "${act_path}/stable-latest-3/data:/data" + "/var/run/docker.sock:/var/run/docker.sock" + ]; + environment = { + CONFIG_FILE = "/config.yaml"; + GITEA_RUNNER_NAME = "stable-latest-3"; + }; + environmentFiles = [ config.sops.secrets."docker/act-runner".path ]; + log-driver = "local"; }; - environmentFiles = [ config.sops.secrets."docker/act-runner".path ]; - log-driver = "local"; }; systemd = { diff --git a/systems/palatine-hill/docker/default.nix b/systems/palatine-hill/docker/default.nix index cfa3eb7..40ca5ce 100644 --- a/systems/palatine-hill/docker/default.nix +++ b/systems/palatine-hill/docker/default.nix @@ -15,7 +15,7 @@ #./foundry.nix ./glances.nix # ./haproxy.nix - # ./minecraft.nix + ./minecraft.nix ./nextcloud.nix # ./postgres.nix # ./restic.nix diff --git a/systems/palatine-hill/docker/minecraft.nix b/systems/palatine-hill/docker/minecraft.nix index 6a6f120..141fbe0 100644 --- a/systems/palatine-hill/docker/minecraft.nix +++ b/systems/palatine-hill/docker/minecraft.nix @@ -9,6 +9,7 @@ let divinejourney = "dj.alicehuston.xyz"; rlcraft = "rlcraft.alicehuston.xyz"; arcanum-institute = "arcanum.alicehuston.xyz"; + bcg-plus = "bcg.alicehuston.xyz"; }; defaultServer = "rlcraft"; @@ -27,8 +28,7 @@ let defaultOptions = [ "--stop-signal=SIGTERM" - "--stop-timeout=30m" - "--restart=unless-stopped" + "--stop-timeout=1800" "--network=minecraft-net" ]; @@ -40,7 +40,6 @@ in mc-router = { image = "itzg/mc-router:latest"; extraOptions = [ - "--restart=always" "--network=haproxy-net" "--network=minecraft-net" ]; @@ -51,18 +50,36 @@ in ) ]; }; - rlcraft = { - image = "itzg/minecraft-server:java8"; + # rlcraft = { + # image = "itzg/minecraft-server:java8"; + # volumes = [ + # "${minecraft_path}/rlcraft/modpacks:/modpacks:ro" + # "${minecraft_path}/rlcraft/data:/data" + # ]; + # hostname = "rlcraft"; + # environment = defaultEnv // { + # VERSION = "1.12.2"; + # CF_SLUG = "rlcraft"; + # DIFFICULTY = "hard"; + # ENABLE_COMMAND_BLOCK = "true"; + # }; + # extraOptions = defaultOptions; + # log-driver = "local"; + # environmentFiles = [ config.sops.secrets."docker/minecraft".path ]; + # }; + bcg-plus = { + image = "itzg/minecraft-server:java17"; volumes = [ - "${minecraft_path}/rlcraft/modpacks:/modpacks:ro" - "${minecraft_path}/rlcraft/data:/data" + "${minecraft_path}/bcg-plus/modpacks:/modpacks:ro" + "${minecraft_path}/bcg-plus/data:/data" ]; - hostname = "rlcraft"; + hostname = "bcg-plus"; environment = defaultEnv // { - VERSION = "1.12.2"; - CF_SLUG = "rlcraft"; - DIFFICULTY = "hard"; - ENABLE_COMMAND_BLOCK = "true"; + VERSION = "1.17"; + CF_SLUG = "bcg"; + DIFFICULTY = "normal"; + DEBUG = "true"; + # ENABLE_COMMAND_BLOCK = "true"; }; extraOptions = defaultOptions; log-driver = "local"; diff --git a/systems/palatine-hill/firewall.nix b/systems/palatine-hill/firewall.nix index d6033a1..c772c7f 100644 --- a/systems/palatine-hill/firewall.nix +++ b/systems/palatine-hill/firewall.nix @@ -18,6 +18,9 @@ 2222 2223 8088 + + # attic + 8183 ]; } diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index bdfae2d..90cd8f0 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -16,6 +16,7 @@ minio: credentials: ENC[AES256_GCM,data:5Z/cTmxSuMq8BfRgYLGZZJ7o6AtmrQM3yNjR17YHr29S7ZWvGsjfM7DsLKectem01nvv3HoT4uyWSdhkOmZahzDb5OF1NEgjJhLqkKlCETMu0mmpwe1cx6iOd7kjB3E6Az/MWpXqZ/TrryL9FrQD2nnx9bHyWWIHRQv8,iv:jiYZXfU+OssC0rh/3yFZLEzD1+5mVDDl6gQ3oyk76E4=,tag:bevDszFv1zSa+/2qQIgC0w==,type:str] loki: ENC[AES256_GCM,data:ShC6hfsKifVaxLWRo1fqaOpsrYh4+w==,iv:KVSlPd0mBvPZikg/Agnl6q0UhxTmsNOeYdercYOhqMg=,tag:cj6ex9m7vDjInTJDGUlqFQ==,type:str] docker: + minecraft: ENC[AES256_GCM,data:2k/m0ksnE92fACxQuBlOO72b19T7Nbnr58ezRddmKUVvePEgrdSnIsR3sh7PnmzwmG/ez0WTD+NKbtkQmRMDQ25vruA8gCf8Ig==,iv:X2SUidKTNAPZfbyiXFKprUbAhBxJcbF5bz+YTy4nuEA=,tag:AAvLXO888r9XvtnNfQgCpA==,type:str] foundry: ENC[AES256_GCM,data:5Z0FvVhJBzTwDPRN6c//caZokiTnkdqiLGFFuyen+tYsdjbQ3AXH5y7HfxKbxsJvU5uShOuIg0jVMvow2NYmzyYDDKBKPOz0bgXOmFq06wzCJubjyZmR/mDcWBBDzAFzaazpyW8=,iv:6wLS00zhX0tjJUe5uADAjzEshJP8QOkF2i4Aw+Y9RSk=,tag:sNr/exY1u3evYGcImyCUlA==,type:str] nextcloud: ENC[AES256_GCM,data:dm2Cha+CvFORgdcBvJAzzdOGcJ95vLJYTZcUJnjNp6HOQIIoJrDone1NOAYJh9rdWG/17/ntOmd+TysAj4AsD0dw/PatZmy3I+dcVghkt2XNTc7jD64QjctIHzR+om1joAbKemG1R3St7qDU68TWYxoxIfYZcJvg3ds/lJcYgFRh079UZ/IRlGVR6sWPEXyY+UUrwtk0Fr+y8UtwwWZiLp0akUbIV06huRGiAp/PeWETuPPuacl2++ayIgJFZkJjUl/a52RI1Q0nLG5iyK6QYpY1JSRJTOkiQQ4PB5GRdLCdoM5/ZXTQ6gGcoM5jXFllsTn+yRicNRucuBp7Z2achbk6eITCdjjdXVI7zM4YXpzVLu5fJckLAu07aEIGYCBT7ZXd7TRgfB68POwtwaJGBozg+nuhq8xEH04yi8jFODH6aFplIgJ+bbaP72zw+92lzZa33FEtOwKdtx+YUv0eLLDJs+8Z6Sn6RyN8prwIz1/9LuIMx39g4R7id9W2bV2MXqTU4nN8f0TXWqe+hnb5pDLBaZOBMkwbRka6Vptsi4dbL5Lnexa2DoIHZ2unyxZ+4SkRt9LH39j8fXf2w5JPFCSLstf7+Zu7xzRS0TTCug7k,iv:oOWcFdQJb/+KZKJmQChhJ5jOCcM3o+ojZSMyiRnO9n8=,tag:PWGQkwPe0juLgAdlKiWKpg==,type:str] redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str] @@ -39,8 +40,8 @@ sops: cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-30T05:36:05Z" - mac: ENC[AES256_GCM,data:WkcqAulJAH4tUkjz5pao90rsy48cO12ipb9I/BS8/t9PR6/TIvfBORQ7JBA0/R5djfsYl1WqWTPMzBCYzLz5Os2CmJzGyd7oB70BJE9FG9xysb10I63KDRRWcRaq8KZN/0gdSZi3J1kJAKFp/3j1O68UPn8wacwRL1Sl2Za0ZVk=,iv:Kce1zXjr9LFfiffzPAKu4NzCEv4gBgXr2J/6ZNlu4Wc=,tag:p9UItj4J7bRG6Zs0iiOLug==,type:str] + lastmodified: "2025-01-26T16:14:28Z" + mac: ENC[AES256_GCM,data:U8jDmNzZBnTqS+Ru5vf0KdQPYtSsyUuLq3ugLI4z1d8BrDvEWCLHCjLkr7QoTnrd3qlcCfSBQKb3934C/vAMo/4vaJ7lsoCj4F0d/YCakW22FEhV8Jn3snZYrDpLk0mu9vIZ7U6M1Au7s+jYhYz/X5kORUs+YlYNuqAnt46B4vE=,iv:OFucEOgsoYPGOe1+hzWYI+wpu65BHCW2atcfufl9mNs=,tag:VumO9W8r/Mvv2+X00bqIWQ==,type:str] pgp: - created_at: "2024-11-28T18:56:39Z" enc: |- @@ -55,4 +56,4 @@ sops: -----END PGP MESSAGE----- fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.9.3 diff --git a/users/alice/secrets.yaml b/users/alice/secrets.yaml index ad47251..1103242 100644 --- a/users/alice/secrets.yaml +++ b/users/alice/secrets.yaml @@ -4,6 +4,10 @@ alice: #ENC[AES256_GCM,data:vUMcowHjlQA0RWflfaQhZKkalO39epYi6N9PPW8=,iv:6DFqHlQR+mi+ZkfMUhlhwvpMwnxXNfQV6+sYgPzSj4I=,tag:Pz1zJayscGckPO8Q2ZVb4g==,type:comment] gha-hydra-token: ENC[AES256_GCM,data:rYDYIn7MAF4pSZQj+Nln2z9J+AxvuSzumthL86njpKETutArrw+9iX2hHJt5t513NHH03tMtZOFqM60/pzWg4YXVQOSpQmq8QOelD7qCdfCr4Z2QSeOHqXqwKy21iWtoVbxOXWunVxLzkWMJrpHkpVsiBA75Nv66ftKEjN80QNGik6xQE1iPsCB2JHeqYNIr8gtPkCr7H5Pt4yBBO/1rsyONrbNlwmzVX78eqXxmc43XOiNVjEsk8ekJxJ9mn5S6JcPNehBcnZA0kWAIxvtDIPYKnz4YBIXoilBbjgytXL8nw3PkEX27x5yeg9KfxPxO/4CGoi5wfKsYuEynBdWbHtj6a3H0AvA9KIZzktTRNJFU3ZW8UveSCXY4YHl0NREJ8kbIUgkkE7PWeyzGenGFTPMahTA0rKSa+tWPQ1c00lvo9VS3/7pfeJfZEKS7R2xBaEDZrfffHyB5PLTQOGpWl5y40wTn4HdBlyQwoREvobOaKVZEyWtVvJcUeHDPepgEHGVDzwyTelX8Btb6ZNA0Fur8xvpkLZcLmMhbvCdkjq84ztJ36nQQ5JZthecyqcZTWPyfWtPeoUPVIaxn31oLjwsriDwdQmID6twTjC9PT8nBZD/u0JebOCdeYf8fm9q49SaN2w/ZMdSRWucHUsRXeN9O149vYoOqR28H+8v/tYJdqofJpHKrIBs=,iv:GcEV6f4rqkrpCafeaLNMqqU/vBNE0xHbqokL2gMXHYw=,tag:sCHvUgq1w8npedjIAninrA==,type:str] wakatime-api-key: ENC[AES256_GCM,data:ITu5pRySYGCJ6q9IQ35NfpGX2FyIJRYHGDeBiq0btzIrqitxcFox1Vc=,iv:HsXpyFHV7dG5qORk26BtD+kFo4Jdq2c4fozMpoqyDfU=,tag:uaQoXvvYqNfmRXVDVH8AoQ==,type:str] + attic-nix-cache-creator: ENC[AES256_GCM,data:P0iBdy4IYrxcq7v4wTgwwZvAfVdRFo08pi0zvpY9cP9BDCwbBnp+3qDKWL29rC7OxsaLtmRkvPmbkF3ZX3Yu5OaptwVg2Xi0vNqhk3gu5Fdj8ygPigB0ZtimkfWv1QkctoVoXKXuLv6Xd4XKPCWOOIekWlJsBRcyfyzkyFURkU9tBBkXyEAWItho/J8hJr6r00eA3EN4rTe8Ge+PGpfTfpZVpnoGrC35xPnGLq19+b44DectHDTkMZrZKxiCaVIgKUZDLaFgi6a6PsX+L1HQAIZukXJu3m4BPdvzzby+zgX24pVJOYjAUB2BwO9jUlMS6+7qo0p6k01uLicryfKx/ajdAHcy39tFHX7naA4JriC2/FgI2HlFGp0Lc+g0pfdCYwLs5QBfRaOHyrbFWUDG,iv:OBrgnewqBaug00ygAXs0eFs3LqcHqo1EW96N5I38A0o=,tag:V+Gn47O6AH1RwL9qJLpAkw==,type:str] + attic-nix-cache-reader: ENC[AES256_GCM,data:DWIkRri3lHJOVXIAbHWJL7cCV4FHjB91bbpPAib/5ZDKap3xjnxUjwswc7wjO1hCoV3+gmep1a64kma6MJts4bcAug5bPyrrPy//rVpCYvSbSmbPz5k4sW5GLU/Sf4NyBevsQo9KRrphpoSUQEFQB27vabYDjjkB051/qJo1B9B7nqmrSyd3np4YdyHAgUiMyJt0oqx8nXySz3XZU+DIM8/OhMZILpnEWIgyP2K7j8JNNpZZJ5sD/icUy6Vba/4LcKjtmYtfQ+HO1soyF6aMiQSjhp7fzJHktwa9kgB3oDzIg3KyCJYS2RNW7mW9Dd1T,iv:fvhGFU22KgknMpJbOkA3v29bKzRVX6hi7V7xJgSUjPg=,tag:TjGSUl0XXS7jlhP/NG4cvQ==,type:str] + attic-nix-cache-writer: ENC[AES256_GCM,data:vxSeys7EJDyatZFpeyxeDzaKGqDtm3atpVly6+BPHUFTrlLaVl86roGZjpBB9wwOMuP007qJNva0HQcTONbSyNw/snUU5JpaFWLT87Eu81V8gdulzHwm61caQ4A/e1ylKkdtwalNymBSyWi9b+SOWXTgralrg9L3OHw+nVuZaAi8QXF2ImLoZ2vXl7MGNXParflV2KK2uqfRatDZMbSSFipT0tQpkNTBTA6l8woILK3BKrHdYq+D8n4EmRowSuMWuN1uknyctb4+Ap3AeBITvyJjKejocQ9qK9plP6CChiC4Z1mmt/HOrfXYXiJO+Va64rOYRywMga8=,iv:bAx7iR24dpIOudkiFOc/xmIG73rcaMDdhWjiBO4BsBM=,tag:gtTyldhdRV97YJREG5lPjA==,type:str] + attic-nix-cache-admin: ENC[AES256_GCM,data:OP02nJTo0cx8M9cR+P7cpI1gEXCKqXWehlaL+dYGwGSUnQ6iSC25vpdZ5SSnjyhiBZe+VnYld+b5PO+OOt7NMGxVvQ0zcuvrG7qfhEpIfGrbx9S9cEV2eAMchG/Hua609MUTbFYKvpwWw6tFZD2dYYQv2gXI7mYSeN0Tw4i2x1f/+cKDtV+ak+UHRgEe/f5OdE8v5I6dRXUQGVOBSRAQkfYDFuI2JUz4oNJsz66YkdMtgudhqWi4mekODD3v2Gcg/zAv1PogaHaIH1BHNvLQ/DsNVcvLsnTb6inM3cTCyPpHcx+VwPO7g9kYNV8xcCRkAIvX6aFzRVT0tJcEXFWStMnKS8nr8HoKFQ==,iv:ftmN3jK5qa6SwrSyhhL3PZls2hTG6xGa0LW7ycdkYxQ=,tag:TQCELzJQjsMfAJseZ7tB4w==,type:str] sops: kms: [] gcp_kms: [] @@ -37,8 +41,8 @@ sops: ZERFTlFyNjhOb3VCaW43ZXFHT1Vxc0UK7YV+BU7dCEOZxpqkQA394eDsnthvorj6 7bqrCdeU+6DU7DmFs6++BrNO2tx8vvOa1im+ZGrM/gZAJdv/7R2d6Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-20T23:15:03Z" - mac: ENC[AES256_GCM,data:VnLd4N2l7JTKA7f4eh9EKilW2f8mmEmLc06WbHASOn6N+MIGPHwyLjLbPVECuXiVl95cs0+uWsFOPEbLiS6XTB/gZE1OZMYqk0x7FVkQNxMdWwcVAQnncC6i/cdBTAx+GW1iF6Cf2eLY1wNNiASk/Bz8u3r4UJ4QFXuMovPsfxw=,iv:Cr1bAYrwlK+ClRFDsiUdEIqXDU7onubthDEQDlTM3S4=,tag:EyfcNB0xKrFRjbp517akpg==,type:str] + lastmodified: "2025-01-26T04:17:36Z" + mac: ENC[AES256_GCM,data:BJ5d3iqdIBwqtnYOYfmsFqnJDXz67uzJ4UKWrjVUEgr4Nc95tE8mEyV40poZk/wAJGJMSDdRhsPmZI4H1xztkjkTsUCUJ2rR+SZ6gP1VhSEXu7bSvv63+bnajZQi9kZrfN0EZN8TLzzVHVvSVHcNEfbq9STWkZq6zCk9E2cUfhk=,iv:MQ/lQkNi/S3bfz1PegcVfwy06RsxdQwZIU6sdOjkhgU=,tag:l5tK1SUwjTolliPkbfNDHg==,type:str] pgp: - created_at: "2024-09-05T06:10:22Z" enc: |- @@ -53,4 +57,4 @@ sops: -----END PGP MESSAGE----- fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 unencrypted_suffix: _unencrypted - version: 3.9.0 + version: 3.9.3 diff --git a/utils/attic-push.bash b/utils/attic-push.bash new file mode 100755 index 0000000..1855eb2 --- /dev/null +++ b/utils/attic-push.bash @@ -0,0 +1,22 @@ +#!/usr/bin/env nix +#! nix shell nixpkgs#bash nixpkgs#jq nixpkgs#gnused nixpkgs#nixVersions.latest nixpkgs#attic-client --command bash + +#set -x +#set -v +set -e + +# retrieve all paths under 100M +nix_paths=$(nix path-info --json --all --closure-size \ + | jq 'map_values(.closureSize | select(. < 1e8)) | to_entries | sort_by(.value)' \ + | jq 'map(.key) | join("\n")' | sed -E -e 's/\\n/\n/g;s/^"//g;s/"$//g') + +readarray -t nix_path_array < <(echo "$nix_paths") + +batchsize=1000 + +for((i=0; i < ${#nix_path_array[@]}; i+=batchsize)) +do + part=( "${nix_path_array[@]:i:batchsize}" ) + + attic push nix-cache "${part[@]}" +done diff --git a/utils/attic-token.bash b/utils/attic-token.bash new file mode 100755 index 0000000..650ca5b --- /dev/null +++ b/utils/attic-token.bash @@ -0,0 +1,36 @@ +#!/usr/bin/env bash + +if (( $# != 3 )); then + echo "usage: $0 " + exit 1 +fi + +cache="$1" +cache_pattern="$2" +token_type="$3" + +case $token_type in + "cache-creator") + atticd-atticadm make-token --sub "$cache-cache-creator" --validity "1y" \ + --pull "$cache_pattern" --push "$cache_pattern" --delete "$cache_pattern" \ + --create-cache "$cache_pattern" --configure-cache "$cache_pattern" \ + --configure-cache-retention "$cache_pattern" --destroy-cache "$cache_pattern" + ;; + "admin") + atticd-atticadm make-token --sub "$cache-admin" --validity "1y" --pull "$cache_pattern" \ + --push "$cache_pattern" --configure-cache "$cache_pattern" \ + --configure-cache-retention "$cache_pattern" + ;; + "writer") + atticd-atticadm make-token --sub "$cache-writer" --validity "1y" --pull "$cache_pattern" \ + --push "$cache_pattern" + ;; + "reader") + atticd-atticadm make-token --sub "$cache-reader" --validity "1y" --pull "$cache_pattern" + ;; + *) + echo "invalid token type: $token_type" + echo "available options: cache-creator, admin, writer, reader" + exit 1 + ;; +esac