[wip] handling env file (still fails)

deployment/check/panel/nixosTest.nix

@@ -245,7 +245,7 @@ in
   nodes.mastodon.virtualisation.memorySize = 4 * 1024;
   nodes.pixelfed.virtualisation.memorySize = 4 * 1024;
   nodes.peertube.virtualisation.memorySize = 5 * 1024;
-  nodes.attic.virtualisation.memorySize = 2 * 1024;
+  nodes.attic.virtualisation.memorySize = 4 * 1024;
 
   ## FIXME: The test of presence of the services are very simple: we only
   ## check that there is a systemd service of the expected name on the

npins/sources.json

@@ -116,14 +116,14 @@
       "type": "Git",
       "repository": {
         "type": "GitHub",
-        "owner": "lassulus",
+        "owner": "KiaraGrouwstra",
         "repo": "nix-templating"
       },
-      "branch": "master",
+      "branch": "lib-default-arg",
       "submodules": false,
-      "revision": "437fd19b727e963560980fc4026f79400c440e39",
+      "revision": "e1ff247d508b4efd057a4d6bb13cf45b62c2512f",
-      "url": "https://github.com/lassulus/nix-templating/archive/437fd19b727e963560980fc4026f79400c440e39.tar.gz",
+      "url": "https://github.com/KiaraGrouwstra/nix-templating/archive/e1ff247d508b4efd057a4d6bb13cf45b62c2512f.tar.gz",
-      "hash": "000gdd9a4w6gh9lgklsb4dzchgd0fpdkxlhgvpmw0m6ssmrxivkb"
+      "hash": "0g59h4r029jw8vlvn8da62fk9m737s80fg2qk57322iv9lkqlvp0"
     },
     "nix-unit": {
       "type": "Git",
@@ -155,14 +155,14 @@
       "type": "Git",
       "repository": {
         "type": "GitHub",
-        "owner": "lassulus",
+        "owner": "kiaragrouwstra",
         "repo": "vars"
       },
-      "branch": "main",
+      "branch": "templates",
       "submodules": false,
-      "revision": "856c18f0e7b95e262ac88ba9ddebf506a16fd4a5",
+      "revision": "6ff942bf2b514edaa1022a92edb6552ac32a09d1",
-      "url": "https://github.com/lassulus/vars/archive/856c18f0e7b95e262ac88ba9ddebf506a16fd4a5.tar.gz",
+      "url": "https://github.com/kiaragrouwstra/vars/archive/6ff942bf2b514edaa1022a92edb6552ac32a09d1.tar.gz",
-      "hash": "095dmc67pf5idj4pgnibjbgfxpkm73px3sc6hylc9j0sqh3379q7"
+      "hash": "1h1q3l1l1c1j4ak5lcj2yh85jwqww74ildiak2dkd4h1js9v6cvw"
     }
   },
   "version": 5

services/fediversity/attic/default.nix

@@ -7,14 +7,6 @@
 let
   inherit (lib) mkIf mkMerge;
   sources = import ../../../npins;
-  inherit
-    (import "${sources.nix-templating}/lib.nix" {
-      inherit pkgs;
-      nix_templater = pkgs.callPackage "${sources.nix-templating}/pkgs/nix_templater" { };
-    })
-    fileContents
-    template_text
-    ;
 in
 {
   imports = with sources; [
@@ -48,7 +40,7 @@ in
             attic = {
               inherit (config.fediversity.attic) s3AccessKeyFile s3SecretKeyFile;
               ensureAccess = {
-                attic-cache = {
+                attic = {
                   read = true;
                   write = true;
                   owner = true;
@@ -84,11 +76,45 @@ in
         8080
       ];
 
+      vars.settings.on-machine.enable = true;
+      vars.generators."templates" = rec {
+        dependencies = [ "attic" ];
+        runtimeInputs = [
+          pkgs.coreutils
+          pkgs.gnused
+        ];
+        script = lib.concatStringsSep "\n" (
+          lib.mapAttrsToList (template: _: ''
+            cp "$templates/${template}" "$out/${template}"
+            echo "filling placeholders in template ${template}..."
+            ${lib.concatStringsSep "\n" (
+              lib.mapAttrsToList (
+                parent:
+                { placeholder, ... }:
+                ''
+                  sed -i "s/${placeholder}/$(cat "$in/attic/${parent}")/g" "$out/${template}"
+                  echo "- substituted ${parent}"
+                ''
+              ) config.vars.generators."attic".files
+            )}
+          '') files
+        );
+
+        files."attic.env" = {
+          secret = true;
+          template = pkgs.writeText "attic.env" ''
+            ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=${config.vars.generators.attic.files.token.placeholder}
+            AWS_ACCESS_KEY_ID=$(cat ${config.fediversity.attic.s3AccessKeyFile})
+            AWS_SECRET_ACCESS_KEY=$(cat ${config.fediversity.attic.s3SecretKeyFile})
+          '';
+        };
+      };
+
       vars.generators.attic = {
         runtimeInputs = [ pkgs.openssl ];
         files.token.secret = true;
         script = ''
-          genrsa -traditional 4096 | base64 -w0 > $out/token
+          genrsa -traditional 4096 | base64 -w0 > "$out"/token
         '';
       };
 
@@ -97,17 +123,7 @@ in
         # one `monolithic` and any number of `api-server` nodes
         mode = "monolithic";
 
-        environmentFile = "${
+        environmentFile = config.vars.generators."templates".files."attic.env".path;
-          template_text {
-            name = "attic.env";
-            outPath = "./attic.env";
-            text = ''
-              ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=${fileContents config.vars.generators.attic.files.token.path}
-              AWS_ACCESS_KEY_ID=$(cat ${config.fediversity.attic.s3AccessKeyFile})
-              AWS_SECRET_ACCESS_KEY=$(cat ${config.fediversity.attic.s3SecretKeyFile})
-            '';
-          }
-        }/bin/attic.env";
 
         # https://github.com/zhaofengli/attic/blob/main/server/src/config-template.toml
         settings = {