From 1a553c859178a8e9881fb560fae5c49ef70f05a5 Mon Sep 17 00:00:00 2001
From: ahuston-0 <aliceghuston@gmail.com>
Date: Thu, 27 Feb 2025 00:05:20 -0500
Subject: [PATCH 1/2] migrate lego to dnsimple

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
---
 systems/palatine-hill/acme.nix     | 6 +++---
 systems/palatine-hill/secrets.yaml | 7 ++++---
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/systems/palatine-hill/acme.nix b/systems/palatine-hill/acme.nix
index 1180099..150946b 100644
--- a/systems/palatine-hill/acme.nix
+++ b/systems/palatine-hill/acme.nix
@@ -11,8 +11,8 @@
     acceptTerms = true;
     defaults.email = "aliceghuston@gmail.com";
     certs."nayeonie.com" = {
-      dnsProvider = "bunny";
-      environmentFile = config.sops.secrets."acme/bunny".path;
+      dnsProvider = "dnsimple";
+      environmentFile = config.sops.secrets."acme/dnsimple".path;
       dnsPropagationCheck = false;
       group = "haproxy";
       extraDomainNames = [
@@ -36,7 +36,7 @@
   );
 
   sops.secrets = {
-    "acme/bunny" = {
+    "acme/dnsimple" = {
       owner = "root";
     };
   };
diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml
index 90cd8f0..21fae25 100644
--- a/systems/palatine-hill/secrets.yaml
+++ b/systems/palatine-hill/secrets.yaml
@@ -23,6 +23,7 @@ docker:
     act-runner: ENC[AES256_GCM,data:gdrqXBBzdMW26MgNfP6P1c/m7pLANCXjcZLvVsxlWcgpAZd8IaO2FUqomL3xFI3UDPveQh0UvC3044ueoWhYJOq7ZmKJGvdf0ZrpP1MkXZKvjFjbTsuf/6/SYKhPqnP28HqznUWIVJYcRmP+A2oVeJY=,iv:/yOqJYDpxbqCm1whqcypp7Ba1Xlaebrv+h6lHr57Qa8=,tag:PzVqxP+QwQq69jqhmagj3w==,type:str]
 acme:
     bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str]
+    dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str]
 server-validation:
     webhook: ENC[AES256_GCM,data:Lwqy4UhyFutpXjai7EJPKp8MDlI+ayDna4T8jluvC6qkeJ7o1UaaDCOsgLy4Fw7LC77tXhJtkcmep9w37JaiHp2CoDOfy2iAaq8o9CCSi/a0zqMJx+HdZYZNemvmpc6E/be0K+JDrFZLbjr3unSpCidQ3whccC6XyY013R12swN3bFZIu1gtzXCgUZ4U,iv:pVbrRwH3ziu4+R5BfimPV7N71QmyerJEc9M5K4eofOc=,tag:zNrCXrIioQWPEPVz/wMDpQ==,type:str]
 sops:
@@ -40,8 +41,8 @@ sops:
             cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At
             LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-01-26T16:14:28Z"
-    mac: ENC[AES256_GCM,data:U8jDmNzZBnTqS+Ru5vf0KdQPYtSsyUuLq3ugLI4z1d8BrDvEWCLHCjLkr7QoTnrd3qlcCfSBQKb3934C/vAMo/4vaJ7lsoCj4F0d/YCakW22FEhV8Jn3snZYrDpLk0mu9vIZ7U6M1Au7s+jYhYz/X5kORUs+YlYNuqAnt46B4vE=,iv:OFucEOgsoYPGOe1+hzWYI+wpu65BHCW2atcfufl9mNs=,tag:VumO9W8r/Mvv2+X00bqIWQ==,type:str]
+    lastmodified: "2025-02-27T05:04:04Z"
+    mac: ENC[AES256_GCM,data:9vPO2e4hsgxR+guksSb0yL9PHfpliaDX4NLEnMOFrLxbPqObwukmj8mFfIfC4nHFXMNhSY5PD5FRU0AJwWGwv9jEkBaiJKCtFlDl4eQ21vsWgiuhkC8FoG58w04XHCrlA2LoqQnv8N2stuM+gsmDulY5H/ugk11MyCSRp7To2uk=,iv:9PBi0Ah+Ay6m0oeGskWR+6xPK8/1uf88uv3oP/S8+YU=,tag:GbQDG6894ZmCEu7AMS6BhA==,type:str]
     pgp:
         - created_at: "2024-11-28T18:56:39Z"
           enc: |-
@@ -56,4 +57,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
     unencrypted_suffix: _unencrypted
-    version: 3.9.3
+    version: 3.9.4
-- 
2.48.1


From b5f47c5638140f71f597732971a61c2fd0c3fda1 Mon Sep 17 00:00:00 2001
From: ahuston-0 <aliceghuston@gmail.com>
Date: Thu, 27 Feb 2025 01:01:13 -0500
Subject: [PATCH 2/2] move action cache to nayeonie.com

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
---
 flake.nix             | 4 ++--
 utils/attic-push.bash | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/flake.nix b/flake.nix
index 761f8e6..a2aa8cc 100644
--- a/flake.nix
+++ b/flake.nix
@@ -5,12 +5,12 @@
     substituters = [
       "https://cache.nixos.org/?priority=1&want-mass-query=true"
       "https://nix-community.cachix.org/?priority=10&want-mass-query=true"
-      "https://attic.alicehuston.xyz/nix-cache"
+      "https://attic.nayeonie.com/nix-cache"
     ];
     trusted-substituters = [
       "https://cache.nixos.org"
       "https://nix-community.cachix.org"
-      "https://attic.alicehuston.xyz/nix-cache"
+      "https://attic.nayeonie.com/nix-cache"
     ];
     trusted-public-keys = [
       "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
diff --git a/utils/attic-push.bash b/utils/attic-push.bash
index 0200a0c..80755ba 100755
--- a/utils/attic-push.bash
+++ b/utils/attic-push.bash
@@ -5,9 +5,9 @@
 #set -v
 set -e
 
-# retrieve all paths under 100M
+# retrieve all paths under 2G
 nix_paths=$(nix path-info --json --all --closure-size \
-  | jq 'map_values(.closureSize | select(. < 5e8)) | to_entries | sort_by(.value)' \
+  | jq 'map_values(.closureSize | select(. < 2e9)) | to_entries | sort_by(.value)' \
   | jq 'map(.key) | join("\n")' | sed -E -e 's/\\n/\n/g;s/^"//g;s/"$//g')
 
 readarray -t nix_path_array < <(echo "$nix_paths")
-- 
2.48.1