kiara/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

use proper templating

Browse source
This commit is contained in:
Kiara Grouwstra 2025-08-13 11:51:00 +02:00
parent 2f46224f4a
commit bf8ccd16bd
Signed by: kiara
SSH key fingerprint: SHA256:COspvLoLJ5WC5rFb9ZDe5urVCkK4LJZOsjfF4duRJFU
3 changed files with 41 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
deployment/check/common/deployerNode.nix
View file

@ -63,6 +63,7 @@ in
sources.flake-inputs sources.flake-inputs
sources.git-hooks sources.git-hooks
sources.vars sources.vars
sources.nix-templating
pkgs.stdenv pkgs.stdenv
pkgs.stdenvNoCC pkgs.stdenvNoCC

23
npins/sources.json
View file

@ -125,6 +125,19 @@
"url": "https://api.github.com/repos/bigskysoftware/htmx/tarball/v2.0.4", "url": "https://api.github.com/repos/bigskysoftware/htmx/tarball/v2.0.4",
"hash": "1c4zm3b7ym01ijydiss4amd14mv5fbgp1n71vqjk4alc35jlnqy2" "hash": "1c4zm3b7ym01ijydiss4amd14mv5fbgp1n71vqjk4alc35jlnqy2"
}, },
"nix-templating": {
"type": "Git",
"repository": {
"type": "GitHub",
"owner": "KiaraGrouwstra",
"repo": "nix-templating"
},
"branch": "lib-default-arg",
"submodules": false,
"revision": "e1ff247d508b4efd057a4d6bb13cf45b62c2512f",
"url": "https://github.com/KiaraGrouwstra/nix-templating/archive/e1ff247d508b4efd057a4d6bb13cf45b62c2512f.tar.gz",
"hash": "0g59h4r029jw8vlvn8da62fk9m737s80fg2qk57322iv9lkqlvp0"
},
"nix-unit": { "nix-unit": {
"type": "Git", "type": "Git",
"repository": { "repository": {
@ -155,14 +168,14 @@
"type": "Git", "type": "Git",
"repository": { "repository": {
"type": "GitHub", "type": "GitHub",
"owner": "kiaragrouwstra", "owner": "KiaraGrouwstra",
"repo": "vars" "repo": "vars"
}, },
"branch": "templates", "branch": "rights",
"submodules": false, "submodules": false,
"revision": "6ff942bf2b514edaa1022a92edb6552ac32a09d1", "revision": "c268638fd7afc9ba2b53c1fe925374d7cd845fa4",
"url": "https://github.com/kiaragrouwstra/vars/archive/6ff942bf2b514edaa1022a92edb6552ac32a09d1.tar.gz", "url": "https://github.com/KiaraGrouwstra/vars/archive/c268638fd7afc9ba2b53c1fe925374d7cd845fa4.tar.gz",
"hash": "1h1q3l1l1c1j4ak5lcj2yh85jwqww74ildiak2dkd4h1js9v6cvw" "hash": "07l6s66i93vp4vhwl14p8hlj1xlrdr1yac1vwklvd24jcpsj5nr7"
} }
}, },
"version": 5 "version": 5

57
services/fediversity/attic/default.nix
View file

@ -7,6 +7,7 @@
let let
inherit (lib) mkIf mkMerge; inherit (lib) mkIf mkMerge;
sources = import ../../../npins; sources = import ../../../npins;
inherit (import "${sources.nix-templating}/lib.nix" { inherit pkgs; }) fileContents template_text;
in in
{ {
imports = with sources; [ imports = with sources; [
@ -99,57 +100,43 @@ in
}; };
vars.settings.on-machine.enable = true; vars.settings.on-machine.enable = true;
vars.generators."templates" = rec {
dependencies = [ "attic" ];
runtimeInputs = [
pkgs.coreutils
pkgs.gnused
];
script = lib.concatStringsSep "\n" (
lib.mapAttrsToList (template: _: ''
cp "$templates/${template}" "$out/${template}"
echo "filling placeholders in template ${template}..."
${lib.concatStringsSep "\n" (
lib.mapAttrsToList (
parent:
{ placeholder, ... }:
''
sed -i "s/${placeholder}/$(cat "$in/attic/${parent}")/g" "$out/${template}"
echo "- substituted ${parent}"
''
) config.vars.generators."attic".files
)}
'') files
);
files."attic.env" = {
secret = true;
template = pkgs.writeText "attic.env" ''
ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64="${config.vars.generators.attic.files.token.placeholder}"
AWS_ACCESS_KEY_ID="$(cat ${config.fediversity.attic.s3AccessKeyFile})"
AWS_SECRET_ACCESS_KEY="$(cat ${config.fediversity.attic.s3SecretKeyFile})"
'';
};
};
vars.generators.attic = { vars.generators.attic = {
runtimeInputs = [ runtimeInputs = [
pkgs.coreutils pkgs.coreutils
pkgs.openssl pkgs.openssl
]; ];
files.token.secret = true; files.token = {
secret = true;
owner = "atticd";
};
script = '' script = ''
openssl genrsa -traditional 4096 | base64 -w0 > "$out"/token openssl genrsa -traditional 4096 | base64 -w0 > "$out"/token
''; '';
}; };
systemd.services.atticd.serviceConfig = {
EnvironmentFile = lib.mkForce "-/tmp/attic.env";
ExecStartPre = "${
template_text {
# FIXME find a place not public
outPath = "/tmp/attic.env";
text = ''
ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64="${fileContents config.vars.generators.attic.files.token.path}"
AWS_ACCESS_KEY_ID="${fileContents config.fediversity.attic.s3AccessKeyFile}"
AWS_SECRET_ACCESS_KEY="${fileContents config.fediversity.attic.s3SecretKeyFile}"
'';
name = "write";
}
}/bin/write";
};
services.atticd = { services.atticd = {
enable = true; enable = true;
environmentFile = "/dev/null"; # set dummy to overwrite
# one `monolithic` and any number of `api-server` nodes # one `monolithic` and any number of `api-server` nodes
mode = "monolithic"; mode = "monolithic";
environmentFile = config.vars.generators."templates".files."attic.env".path;
# https://github.com/zhaofengli/attic/blob/main/server/src/config-template.toml # https://github.com/zhaofengli/attic/blob/main/server/src/config-template.toml
settings = { settings = {
# Socket address to listen on # Socket address to listen on