mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

mkModule migration begin

Browse Source
This commit is contained in:
mjallen18
2025-12-14 22:47:51 -06:00
parent 34539045e5
commit fedba849a7
9 changed files with 302 additions and 667 deletions
Download Patch File Download Diff File Expand all files Collapse all files

280
modules/nixos/services/attic/default.nix
View File

@@ -7,152 +7,152 @@
}:
with lib;
let
cfg = config.${namespace}.services.attic;
in
{
imports = [ ./options.nix ];
name = "attic";
cfg = config.${namespace}.services.${name};
config = mkIf cfg.enable {
services.atticd = {
enable = true;
environmentFile = cfg.environmentFile;
settings = {
listen = "${cfg.listenAddress}:${toString cfg.port}";
};
};
# Open firewall for attic if enabled
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
allowedUDPPorts = [ cfg.port ];
};
# Include the attic watch-store service and rebuild cache services
systemd.services = {
attic-watch-store = {
atticConfig = lib.${namespace}.mkModule {
inherit config name;
description = "attic Service";
options = { };
moduleConfig = {
services.atticd = {
enable = true;
description = "watch store for cache";
serviceConfig = {
Type = "simple";
User = "admin";
Group = "jallen-nas";
WorkingDirectory = "/etc/nixos";
StandardOutput = "journal+console";
StandardError = "journal+console";
Restart = "always";
RestartSec = "5";
};
path = with pkgs; [
bash
attic-client
];
script = ''
#!/usr/bin/env bash
attic watch-store nas-cache
'';
};
nix-rebuild-cache = {
enable = true;
description = "Rebuild NixOS configurations for cache";
serviceConfig = {
Type = "oneshot";
User = "admin";
Group = "jallen-nas";
WorkingDirectory = "/etc/nixos";
StandardOutput = "journal+console";
StandardError = "journal+console";
Restart = "no";
TimeoutStartSec = "2h";
};
path = with pkgs; [
nix
git
coreutils
gnugrep
gnused
openssh
];
script = ''
#!/usr/bin/env bash
if [ -d .git ]; then
git pull || echo "Warning: Could not pull latest changes"
git stash
git pull || echo "Warning: Could not pull latest changes after stash"
return 1
fi
echo "Updating flake at $(date)"
if nix flake update; then
echo "flake updated successfully at $(date)"
else
echo "failed to update flake $(date)"
fi
if nix flake check; then
echo "flake checked successfully at $(date)"
else
echo "flake check failed at $(date)"
git reset --hard
fi
if nh os build --hostname=jallen-nas --out-link=result-nas; then
echo "nas built successfully at $(date)"
fi;
if nh os build --hostname=nuc-nixos --out-link=result-nuc; then
echo "nuc built successfully at $(date)"
fi;
if nh os build --hostname=matt-nixos --out-link=result-desktop; then
echo "desktop built successfully at $(date)"
fi;
if nh os build --hostname=steamdeck --out-link=result-steamdeck; then
echo "steamdeck built successfully at $(date)"
fi;
if nh os build --hostname=pi4 --out-link=result-pi4; then
echo "pi4 built successfully at $(date)"
fi;
if nh os build --hostname=pi5 --out-link=result-pi5; then
echo "pi5 built successfully at $(date)"
fi;
'';
};
};
# Include timers for cache rebuilds
systemd.timers = {
nix-rebuild-cache = {
description = "Timer for rebuilding NixOS configurations cache";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "weekly";
Persistent = true;
RandomizedDelaySec = "24h";
environmentFile = cfg.environmentFile;
settings = {
listen = "${cfg.listenAddress}:${toString cfg.port}";
};
};
};
# Configure distributed builds
nix = {
settings.builders-use-substitutes = true;
distributedBuilds = true;
buildMachines = [
{
hostName = "pi5.local";
system = "aarch64-linux";
maxJobs = 4;
sshUser = "matt";
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
# Include the attic watch-store service and rebuild cache services
systemd.services = {
attic-watch-store = {
enable = true;
description = "watch store for cache";
serviceConfig = {
Type = "simple";
User = "admin";
Group = "jallen-nas";
WorkingDirectory = "/etc/nixos";
StandardOutput = "journal+console";
StandardError = "journal+console";
Restart = "always";
RestartSec = "5";
};
path = with pkgs; [
bash
attic-client
];
}
];
script = ''
#!/usr/bin/env bash
attic watch-store nas-cache
'';
};
nix-rebuild-cache = {
enable = true;
description = "Rebuild NixOS configurations for cache";
serviceConfig = {
Type = "oneshot";
User = "admin";
Group = "jallen-nas";
WorkingDirectory = "/etc/nixos";
StandardOutput = "journal+console";
StandardError = "journal+console";
Restart = "no";
TimeoutStartSec = "2h";
};
path = with pkgs; [
nix
git
coreutils
gnugrep
gnused
openssh
];
script = ''
#!/usr/bin/env bash
if [ -d .git ]; then
git pull || echo "Warning: Could not pull latest changes"
git stash
git pull || echo "Warning: Could not pull latest changes after stash"
return 1
fi
echo "Updating flake at $(date)"
if nix flake update; then
echo "flake updated successfully at $(date)"
else
echo "failed to update flake $(date)"
fi
if nix flake check; then
echo "flake checked successfully at $(date)"
else
echo "flake check failed at $(date)"
git reset --hard
fi
if nh os build --hostname=jallen-nas --out-link=result-nas; then
echo "nas built successfully at $(date)"
fi;
if nh os build --hostname=nuc-nixos --out-link=result-nuc; then
echo "nuc built successfully at $(date)"
fi;
if nh os build --hostname=matt-nixos --out-link=result-desktop; then
echo "desktop built successfully at $(date)"
fi;
if nh os build --hostname=steamdeck --out-link=result-steamdeck; then
echo "steamdeck built successfully at $(date)"
fi;
if nh os build --hostname=pi4 --out-link=result-pi4; then
echo "pi4 built successfully at $(date)"
fi;
if nh os build --hostname=pi5 --out-link=result-pi5; then
echo "pi5 built successfully at $(date)"
fi;
'';
};
};
# Include timers for cache rebuilds
systemd.timers = {
nix-rebuild-cache = {
description = "Timer for rebuilding NixOS configurations cache";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "weekly";
Persistent = true;
RandomizedDelaySec = "24h";
};
};
};
# Configure distributed builds
nix = {
settings.builders-use-substitutes = true;
distributedBuilds = true;
buildMachines = [
{
hostName = "pi5.local";
system = "aarch64-linux";
maxJobs = 4;
sshUser = "matt";
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
}
];
};
};
};
in
{
imports = [ atticConfig ];
}

31
modules/nixos/services/attic/options.nix
View File

@@ -1,31 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.attic = {
enable = mkEnableOption "attic binary cache daemon";
port = mkOption {
type = types.port;
default = 9012;
description = "Port for attic cache daemon";
};
openFirewall = mkOption {
type = types.bool;
default = true;
description = "Whether to open firewall for attic";
};
environmentFile = mkOption {
type = types.nullOr types.path;
default = null;
description = "Path to environment file containing attic secrets";
};
listenAddress = mkOption {
type = types.str;
default = "[::1]";
description = "Address to listen on";
};
};
}