ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

add attic back in #1

Merged
ahuston-0 merged 22 commits from feature/attic into main 2025-01-26 13:28:26 -05:00
Conversation 0 Commits 22 Files Changed 14 +194 -43
14 changed files with 194 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.github/workflows/flake-health-checks.yml vendored
View File

@ -15,6 +15,13 @@ jobs:
os: [ubuntu-latest]
steps:
- uses: DeterminateSystems/nix-installer-action@main
- uses: DeterminateSystems/magic-nix-cache-action@main
- name: Setup Attic cache
uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ secrets.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
skip-push: "true"
- uses: actions/checkout@v4
- run: nix flake check --accept-flake-config
- run: nix ./utils/attic-push.bash

7
.github/workflows/flake-update.yml vendored
View File

@ -21,7 +21,12 @@ jobs:
extra_nix_config: |
experimental-features = nix-command flakes
install_url: https://releases.nixos.org/nix/nix-2.19.0/install
- uses: DeterminateSystems/magic-nix-cache-action@main
- name: Setup Attic cache
uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ secrets.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
- name: Calculate pre-drv
run: nix ./utils/eval-to-drv.sh pre
# - name: Pull latest docker images

7
.github/workflows/nix-fmt.yml vendored
View File

@ -12,6 +12,11 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: DeterminateSystems/nix-installer-action@main
- uses: DeterminateSystems/magic-nix-cache-action@main
- name: Setup Attic cache
uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ secrets.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
- uses: actions/checkout@v4
- run: nix fmt -- --check .

4
flake.nix
View File

@ -5,15 +5,17 @@
substituters = [
"https://cache.nixos.org/?priority=1&want-mass-query=true"
"https://nix-community.cachix.org/?priority=10&want-mass-query=true"
"https://attic.alicehuston.xyz/nix-cache"
];
trusted-substituters = [
"https://cache.nixos.org"
"https://attic.alicehuston.xyz/cache-nix-dot"
"https://nix-community.cachix.org"
"https://attic.alicehuston.xyz/nix-cache"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nix-cache:trR+y5nwpQHR4hystoogubFmp97cewkjWeqqbygRQRs="
];
trusted-users = [ "root" ];
};

1
systems/artemision/programs.nix
View File

@ -3,6 +3,7 @@
environment.systemPackages = with pkgs; [
act
alacritty
attic-client
amdgpu_top
bat
bitwarden-cli

2
systems/palatine-hill/attic/default.nix
View File

@ -19,7 +19,7 @@
settings = {
listen = "[::]:8183";
allowed-hosts = [ "attic.alicehuston.xyz" ];
api-endpoint = "https://attic.alicehuston.xyz";
api-endpoint = "https://attic.alicehuston.xyz/";
compression.type = "none"; # let ZFS do the compressing
database = {
url = "postgres://atticd?host=/run/postgresql";

50
systems/palatine-hill/docker/act-runner.nix
View File

@ -8,7 +8,8 @@ let
act_path = vars.primary_act;
in
{
virtualisation.oci-containers.containers.act-stable-latest-1 = {
virtualisation.oci-containers.containers = {
act-stable-latest-1 = {
image = "gitea/act_runner:latest";
extraOptions = [
"--stop-signal=SIGINT"
@ -31,6 +32,53 @@ in
log-driver = "local";
};
act-stable-latest-2 = {
image = "gitea/act_runner:latest";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "act-runner";
};
# ports = [ "8088:8088" ];
volumes = [
"${act_path}/stable-latest-2/config.yaml:/config.yaml"
"${act_path}/stable-latest-2/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {
CONFIG_FILE = "/config.yaml";
GITEA_RUNNER_NAME = "stable-latest-2";
};
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
log-driver = "local";
};
act-stable-latest-3 = {
image = "gitea/act_runner:latest";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "act-runner";
};
# ports = [ "8088:8088" ];
volumes = [
"${act_path}/stable-latest-3/config.yaml:/config.yaml"
"${act_path}/stable-latest-3/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {
CONFIG_FILE = "/config.yaml";
GITEA_RUNNER_NAME = "stable-latest-3";
};
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
log-driver = "local";
};
};
systemd = {
timers."custom-watchtower@act-runner" = {
wantedBy = [ "timers.target" ];

2
systems/palatine-hill/docker/default.nix
View File

@ -15,7 +15,7 @@
#./foundry.nix
./glances.nix
# ./haproxy.nix
# ./minecraft.nix
./minecraft.nix
./nextcloud.nix
# ./postgres.nix
# ./restic.nix

41
systems/palatine-hill/docker/minecraft.nix
View File

@ -9,6 +9,7 @@ let
divinejourney = "dj.alicehuston.xyz";
rlcraft = "rlcraft.alicehuston.xyz";
arcanum-institute = "arcanum.alicehuston.xyz";
bcg-plus = "bcg.alicehuston.xyz";
};
defaultServer = "rlcraft";
@ -27,8 +28,7 @@ let
defaultOptions = [
"--stop-signal=SIGTERM"
"--stop-timeout=30m"
"--restart=unless-stopped"
"--stop-timeout=1800"
"--network=minecraft-net"
];
@ -40,7 +40,6 @@ in
mc-router = {
image = "itzg/mc-router:latest";
extraOptions = [
"--restart=always"
"--network=haproxy-net"
"--network=minecraft-net"
];
@ -51,18 +50,36 @@ in
)
];
};
rlcraft = {
image = "itzg/minecraft-server:java8";
# rlcraft = {
# image = "itzg/minecraft-server:java8";
# volumes = [
# "${minecraft_path}/rlcraft/modpacks:/modpacks:ro"
# "${minecraft_path}/rlcraft/data:/data"
# ];
# hostname = "rlcraft";
# environment = defaultEnv // {
# VERSION = "1.12.2";
# CF_SLUG = "rlcraft";
# DIFFICULTY = "hard";
# ENABLE_COMMAND_BLOCK = "true";
# };
# extraOptions = defaultOptions;
# log-driver = "local";
# environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
# };
bcg-plus = {
image = "itzg/minecraft-server:java17";
volumes = [
"${minecraft_path}/rlcraft/modpacks:/modpacks:ro"
"${minecraft_path}/rlcraft/data:/data"
"${minecraft_path}/bcg-plus/modpacks:/modpacks:ro"
"${minecraft_path}/bcg-plus/data:/data"
];
hostname = "rlcraft";
hostname = "bcg-plus";
environment = defaultEnv // {
VERSION = "1.12.2";
CF_SLUG = "rlcraft";
DIFFICULTY = "hard";
ENABLE_COMMAND_BLOCK = "true";
VERSION = "1.17";
CF_SLUG = "bcg";
DIFFICULTY = "normal";
DEBUG = "true";
# ENABLE_COMMAND_BLOCK = "true";
};
extraOptions = defaultOptions;
log-driver = "local";

3
systems/palatine-hill/firewall.nix
View File

@ -18,6 +18,9 @@
2222
2223
8088
# attic
8183
];
}

7
systems/palatine-hill/secrets.yaml
View File

@ -16,6 +16,7 @@ minio:
credentials: ENC[AES256_GCM,data:5Z/cTmxSuMq8BfRgYLGZZJ7o6AtmrQM3yNjR17YHr29S7ZWvGsjfM7DsLKectem01nvv3HoT4uyWSdhkOmZahzDb5OF1NEgjJhLqkKlCETMu0mmpwe1cx6iOd7kjB3E6Az/MWpXqZ/TrryL9FrQD2nnx9bHyWWIHRQv8,iv:jiYZXfU+OssC0rh/3yFZLEzD1+5mVDDl6gQ3oyk76E4=,tag:bevDszFv1zSa+/2qQIgC0w==,type:str]
loki: ENC[AES256_GCM,data:ShC6hfsKifVaxLWRo1fqaOpsrYh4+w==,iv:KVSlPd0mBvPZikg/Agnl6q0UhxTmsNOeYdercYOhqMg=,tag:cj6ex9m7vDjInTJDGUlqFQ==,type:str]
docker:
minecraft: ENC[AES256_GCM,data:2k/m0ksnE92fACxQuBlOO72b19T7Nbnr58ezRddmKUVvePEgrdSnIsR3sh7PnmzwmG/ez0WTD+NKbtkQmRMDQ25vruA8gCf8Ig==,iv:X2SUidKTNAPZfbyiXFKprUbAhBxJcbF5bz+YTy4nuEA=,tag:AAvLXO888r9XvtnNfQgCpA==,type:str]
foundry: ENC[AES256_GCM,data:5Z0FvVhJBzTwDPRN6c//caZokiTnkdqiLGFFuyen+tYsdjbQ3AXH5y7HfxKbxsJvU5uShOuIg0jVMvow2NYmzyYDDKBKPOz0bgXOmFq06wzCJubjyZmR/mDcWBBDzAFzaazpyW8=,iv:6wLS00zhX0tjJUe5uADAjzEshJP8QOkF2i4Aw+Y9RSk=,tag:sNr/exY1u3evYGcImyCUlA==,type:str]
nextcloud: ENC[AES256_GCM,data:dm2Cha+CvFORgdcBvJAzzdOGcJ95vLJYTZcUJnjNp6HOQIIoJrDone1NOAYJh9rdWG/17/ntOmd+TysAj4AsD0dw/PatZmy3I+dcVghkt2XNTc7jD64QjctIHzR+om1joAbKemG1R3St7qDU68TWYxoxIfYZcJvg3ds/lJcYgFRh079UZ/IRlGVR6sWPEXyY+UUrwtk0Fr+y8UtwwWZiLp0akUbIV06huRGiAp/PeWETuPPuacl2++ayIgJFZkJjUl/a52RI1Q0nLG5iyK6QYpY1JSRJTOkiQQ4PB5GRdLCdoM5/ZXTQ6gGcoM5jXFllsTn+yRicNRucuBp7Z2achbk6eITCdjjdXVI7zM4YXpzVLu5fJckLAu07aEIGYCBT7ZXd7TRgfB68POwtwaJGBozg+nuhq8xEH04yi8jFODH6aFplIgJ+bbaP72zw+92lzZa33FEtOwKdtx+YUv0eLLDJs+8Z6Sn6RyN8prwIz1/9LuIMx39g4R7id9W2bV2MXqTU4nN8f0TXWqe+hnb5pDLBaZOBMkwbRka6Vptsi4dbL5Lnexa2DoIHZ2unyxZ+4SkRt9LH39j8fXf2w5JPFCSLstf7+Zu7xzRS0TTCug7k,iv:oOWcFdQJb/+KZKJmQChhJ5jOCcM3o+ojZSMyiRnO9n8=,tag:PWGQkwPe0juLgAdlKiWKpg==,type:str]
redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str]
@ -39,8 +40,8 @@ sops:
cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At
LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-30T05:36:05Z"
mac: ENC[AES256_GCM,data:WkcqAulJAH4tUkjz5pao90rsy48cO12ipb9I/BS8/t9PR6/TIvfBORQ7JBA0/R5djfsYl1WqWTPMzBCYzLz5Os2CmJzGyd7oB70BJE9FG9xysb10I63KDRRWcRaq8KZN/0gdSZi3J1kJAKFp/3j1O68UPn8wacwRL1Sl2Za0ZVk=,iv:Kce1zXjr9LFfiffzPAKu4NzCEv4gBgXr2J/6ZNlu4Wc=,tag:p9UItj4J7bRG6Zs0iiOLug==,type:str]
lastmodified: "2025-01-26T16:14:28Z"
mac: ENC[AES256_GCM,data:U8jDmNzZBnTqS+Ru5vf0KdQPYtSsyUuLq3ugLI4z1d8BrDvEWCLHCjLkr7QoTnrd3qlcCfSBQKb3934C/vAMo/4vaJ7lsoCj4F0d/YCakW22FEhV8Jn3snZYrDpLk0mu9vIZ7U6M1Au7s+jYhYz/X5kORUs+YlYNuqAnt46B4vE=,iv:OFucEOgsoYPGOe1+hzWYI+wpu65BHCW2atcfufl9mNs=,tag:VumO9W8r/Mvv2+X00bqIWQ==,type:str]
pgp:
- created_at: "2024-11-28T18:56:39Z"
enc: |-
@ -55,4 +56,4 @@ sops:
-----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
unencrypted_suffix: _unencrypted
version: 3.9.1
version: 3.9.3

10
users/alice/secrets.yaml
View File

@ -4,6 +4,10 @@ alice:
#ENC[AES256_GCM,data:vUMcowHjlQA0RWflfaQhZKkalO39epYi6N9PPW8=,iv:6DFqHlQR+mi+ZkfMUhlhwvpMwnxXNfQV6+sYgPzSj4I=,tag:Pz1zJayscGckPO8Q2ZVb4g==,type:comment]
gha-hydra-token: ENC[AES256_GCM,data:rYDYIn7MAF4pSZQj+Nln2z9J+AxvuSzumthL86njpKETutArrw+9iX2hHJt5t513NHH03tMtZOFqM60/pzWg4YXVQOSpQmq8QOelD7qCdfCr4Z2QSeOHqXqwKy21iWtoVbxOXWunVxLzkWMJrpHkpVsiBA75Nv66ftKEjN80QNGik6xQE1iPsCB2JHeqYNIr8gtPkCr7H5Pt4yBBO/1rsyONrbNlwmzVX78eqXxmc43XOiNVjEsk8ekJxJ9mn5S6JcPNehBcnZA0kWAIxvtDIPYKnz4YBIXoilBbjgytXL8nw3PkEX27x5yeg9KfxPxO/4CGoi5wfKsYuEynBdWbHtj6a3H0AvA9KIZzktTRNJFU3ZW8UveSCXY4YHl0NREJ8kbIUgkkE7PWeyzGenGFTPMahTA0rKSa+tWPQ1c00lvo9VS3/7pfeJfZEKS7R2xBaEDZrfffHyB5PLTQOGpWl5y40wTn4HdBlyQwoREvobOaKVZEyWtVvJcUeHDPepgEHGVDzwyTelX8Btb6ZNA0Fur8xvpkLZcLmMhbvCdkjq84ztJ36nQQ5JZthecyqcZTWPyfWtPeoUPVIaxn31oLjwsriDwdQmID6twTjC9PT8nBZD/u0JebOCdeYf8fm9q49SaN2w/ZMdSRWucHUsRXeN9O149vYoOqR28H+8v/tYJdqofJpHKrIBs=,iv:GcEV6f4rqkrpCafeaLNMqqU/vBNE0xHbqokL2gMXHYw=,tag:sCHvUgq1w8npedjIAninrA==,type:str]
wakatime-api-key: ENC[AES256_GCM,data:ITu5pRySYGCJ6q9IQ35NfpGX2FyIJRYHGDeBiq0btzIrqitxcFox1Vc=,iv:HsXpyFHV7dG5qORk26BtD+kFo4Jdq2c4fozMpoqyDfU=,tag:uaQoXvvYqNfmRXVDVH8AoQ==,type:str]
attic-nix-cache-creator: ENC[AES256_GCM,data:P0iBdy4IYrxcq7v4wTgwwZvAfVdRFo08pi0zvpY9cP9BDCwbBnp+3qDKWL29rC7OxsaLtmRkvPmbkF3ZX3Yu5OaptwVg2Xi0vNqhk3gu5Fdj8ygPigB0ZtimkfWv1QkctoVoXKXuLv6Xd4XKPCWOOIekWlJsBRcyfyzkyFURkU9tBBkXyEAWItho/J8hJr6r00eA3EN4rTe8Ge+PGpfTfpZVpnoGrC35xPnGLq19+b44DectHDTkMZrZKxiCaVIgKUZDLaFgi6a6PsX+L1HQAIZukXJu3m4BPdvzzby+zgX24pVJOYjAUB2BwO9jUlMS6+7qo0p6k01uLicryfKx/ajdAHcy39tFHX7naA4JriC2/FgI2HlFGp0Lc+g0pfdCYwLs5QBfRaOHyrbFWUDG,iv:OBrgnewqBaug00ygAXs0eFs3LqcHqo1EW96N5I38A0o=,tag:V+Gn47O6AH1RwL9qJLpAkw==,type:str]
attic-nix-cache-reader: ENC[AES256_GCM,data:DWIkRri3lHJOVXIAbHWJL7cCV4FHjB91bbpPAib/5ZDKap3xjnxUjwswc7wjO1hCoV3+gmep1a64kma6MJts4bcAug5bPyrrPy//rVpCYvSbSmbPz5k4sW5GLU/Sf4NyBevsQo9KRrphpoSUQEFQB27vabYDjjkB051/qJo1B9B7nqmrSyd3np4YdyHAgUiMyJt0oqx8nXySz3XZU+DIM8/OhMZILpnEWIgyP2K7j8JNNpZZJ5sD/icUy6Vba/4LcKjtmYtfQ+HO1soyF6aMiQSjhp7fzJHktwa9kgB3oDzIg3KyCJYS2RNW7mW9Dd1T,iv:fvhGFU22KgknMpJbOkA3v29bKzRVX6hi7V7xJgSUjPg=,tag:TjGSUl0XXS7jlhP/NG4cvQ==,type:str]
attic-nix-cache-writer: ENC[AES256_GCM,data:vxSeys7EJDyatZFpeyxeDzaKGqDtm3atpVly6+BPHUFTrlLaVl86roGZjpBB9wwOMuP007qJNva0HQcTONbSyNw/snUU5JpaFWLT87Eu81V8gdulzHwm61caQ4A/e1ylKkdtwalNymBSyWi9b+SOWXTgralrg9L3OHw+nVuZaAi8QXF2ImLoZ2vXl7MGNXParflV2KK2uqfRatDZMbSSFipT0tQpkNTBTA6l8woILK3BKrHdYq+D8n4EmRowSuMWuN1uknyctb4+Ap3AeBITvyJjKejocQ9qK9plP6CChiC4Z1mmt/HOrfXYXiJO+Va64rOYRywMga8=,iv:bAx7iR24dpIOudkiFOc/xmIG73rcaMDdhWjiBO4BsBM=,tag:gtTyldhdRV97YJREG5lPjA==,type:str]
attic-nix-cache-admin: ENC[AES256_GCM,data:OP02nJTo0cx8M9cR+P7cpI1gEXCKqXWehlaL+dYGwGSUnQ6iSC25vpdZ5SSnjyhiBZe+VnYld+b5PO+OOt7NMGxVvQ0zcuvrG7qfhEpIfGrbx9S9cEV2eAMchG/Hua609MUTbFYKvpwWw6tFZD2dYYQv2gXI7mYSeN0Tw4i2x1f/+cKDtV+ak+UHRgEe/f5OdE8v5I6dRXUQGVOBSRAQkfYDFuI2JUz4oNJsz66YkdMtgudhqWi4mekODD3v2Gcg/zAv1PogaHaIH1BHNvLQ/DsNVcvLsnTb6inM3cTCyPpHcx+VwPO7g9kYNV8xcCRkAIvX6aFzRVT0tJcEXFWStMnKS8nr8HoKFQ==,iv:ftmN3jK5qa6SwrSyhhL3PZls2hTG6xGa0LW7ycdkYxQ=,tag:TQCELzJQjsMfAJseZ7tB4w==,type:str]
sops:
kms: []
gcp_kms: []
@ -37,8 +41,8 @@ sops:
ZERFTlFyNjhOb3VCaW43ZXFHT1Vxc0UK7YV+BU7dCEOZxpqkQA394eDsnthvorj6
7bqrCdeU+6DU7DmFs6++BrNO2tx8vvOa1im+ZGrM/gZAJdv/7R2d6Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-20T23:15:03Z"
mac: ENC[AES256_GCM,data:VnLd4N2l7JTKA7f4eh9EKilW2f8mmEmLc06WbHASOn6N+MIGPHwyLjLbPVECuXiVl95cs0+uWsFOPEbLiS6XTB/gZE1OZMYqk0x7FVkQNxMdWwcVAQnncC6i/cdBTAx+GW1iF6Cf2eLY1wNNiASk/Bz8u3r4UJ4QFXuMovPsfxw=,iv:Cr1bAYrwlK+ClRFDsiUdEIqXDU7onubthDEQDlTM3S4=,tag:EyfcNB0xKrFRjbp517akpg==,type:str]
lastmodified: "2025-01-26T04:17:36Z"
mac: ENC[AES256_GCM,data:BJ5d3iqdIBwqtnYOYfmsFqnJDXz67uzJ4UKWrjVUEgr4Nc95tE8mEyV40poZk/wAJGJMSDdRhsPmZI4H1xztkjkTsUCUJ2rR+SZ6gP1VhSEXu7bSvv63+bnajZQi9kZrfN0EZN8TLzzVHVvSVHcNEfbq9STWkZq6zCk9E2cUfhk=,iv:MQ/lQkNi/S3bfz1PegcVfwy06RsxdQwZIU6sdOjkhgU=,tag:l5tK1SUwjTolliPkbfNDHg==,type:str]
pgp:
- created_at: "2024-09-05T06:10:22Z"
enc: |-
@ -53,4 +57,4 @@ sops:
-----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
unencrypted_suffix: _unencrypted
version: 3.9.0
version: 3.9.3

22
utils/attic-push.bash Executable file
View File

@ -0,0 +1,22 @@
#!/usr/bin/env nix
#! nix shell nixpkgs#bash nixpkgs#jq nixpkgs#gnused nixpkgs#nixVersions.latest nixpkgs#attic-client --command bash
#set -x
#set -v
set -e
# retrieve all paths under 100M
nix_paths=$(nix path-info --json --all --closure-size \
| jq 'map_values(.closureSize | select(. < 1e8)) | to_entries | sort_by(.value)' \
| jq 'map(.key) | join("\n")' | sed -E -e 's/\\n/\n/g;s/^"//g;s/"$//g')
readarray -t nix_path_array < <(echo "$nix_paths")
batchsize=1000
for((i=0; i < ${#nix_path_array[@]}; i+=batchsize))
do
part=( "${nix_path_array[@]:i:batchsize}" )
attic push nix-cache "${part[@]}"
done

36
utils/attic-token.bash Executable file
View File

@ -0,0 +1,36 @@
#!/usr/bin/env bash
if (( $# != 3 )); then
echo "usage: $0 <cache/cache group> <cache pattern> <token type>"
exit 1
fi
cache="$1"
cache_pattern="$2"
token_type="$3"
case $token_type in
"cache-creator")
atticd-atticadm make-token --sub "$cache-cache-creator" --validity "1y" \
--pull "$cache_pattern" --push "$cache_pattern" --delete "$cache_pattern" \
--create-cache "$cache_pattern" --configure-cache "$cache_pattern" \
--configure-cache-retention "$cache_pattern" --destroy-cache "$cache_pattern"
;;
"admin")
atticd-atticadm make-token --sub "$cache-admin" --validity "1y" --pull "$cache_pattern" \
--push "$cache_pattern" --configure-cache "$cache_pattern" \
--configure-cache-retention "$cache_pattern"
;;
"writer")
atticd-atticadm make-token --sub "$cache-writer" --validity "1y" --pull "$cache_pattern" \
--push "$cache_pattern"
;;
"reader")
atticd-atticadm make-token --sub "$cache-reader" --validity "1y" --pull "$cache_pattern"
;;
*)
echo "invalid token type: $token_type"
echo "available options: cache-creator, admin, writer, reader"
exit 1
;;
esac