From 37b315f5362476b3a3100a0db18be04745a97303 Mon Sep 17 00:00:00 2001
From: Dmitry Voronin <account@voronind.com>
Date: Sun, 10 Mar 2024 07:54:10 +0300
Subject: [PATCH] RemoteBuilder : Add auto key gen.

---
 module/NixServe.nix      |  9 ---------
 module/RemoteBuild.nix   |  2 +-
 module/RemoteBuilder.nix | 16 ++++++++++++++--
 3 files changed, 15 insertions(+), 12 deletions(-)
 delete mode 100644 module/NixServe.nix

diff --git a/module/NixServe.nix b/module/NixServe.nix
deleted file mode 100644
index bb6cb8b..0000000
--- a/module/NixServe.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ pkgs, ... }: {
-	services.nix-serve = {
-		enable        = true;
-		bindAddress   = "0.0.0.0";
-		package       = pkgs.nix-serve-ng;
-		port          = 5000;
-		secretKeyFile = "/root/.nixcache/secret-key-file"; # Generate with: nix-store --generate-binary-cache-key nixcache.voronind.com secret-key-file public-key-file
-	};
-}
diff --git a/module/RemoteBuild.nix b/module/RemoteBuild.nix
index 4fed3d8..10ee2e4 100644
--- a/module/RemoteBuild.nix
+++ b/module/RemoteBuild.nix
@@ -17,6 +17,6 @@
 		builders-use-substitutes = true
 		extra-substituters = ssh-ng://home
 		extra-trusted-substituters = ssh-ng://home
-		extra-trusted-public-keys = nixcache.voronind.com:i9dE2VZI40/LCM/mmUGs8kwal1bQo3xbSjrzxhInmOw=
+		extra-trusted-public-keys = home-1:Skghjixd8lPzNe2ZEgYLM9Pu/wF9wiZtZGsdm3bo9h0=
 	'';
 }
diff --git a/module/RemoteBuilder.nix b/module/RemoteBuilder.nix
index 567becb..9d19549 100644
--- a/module/RemoteBuilder.nix
+++ b/module/RemoteBuilder.nix
@@ -1,6 +1,18 @@
-{ ... }: {
+{ pkgs, ... }: let
+	keyPath = "/root/.nixcache";
+in {
+	systemd.services.generate-nix-cache-key = {
+		wantedBy = [ "multi-user.target" ];
+		serviceConfig.Type = "oneshot";
+		path = [ pkgs.nix ];
+		script = ''
+			[[ -f "${keyPath}/private-key" ]] && exit
+			mkdir ${keyPath} || true
+			nix-store --generate-binary-cache-key "$HOSTNAME-1" "${keyPath}/private-key" "${keyPath}/public-key"
+		'';
+	};
 	# To apply: nix store sign --all -k /path/to/secret-key-file
 	nix.extraOptions = ''
-		secret-key-files = /root/.nixcache/secret-key-file
+		secret-key-files = /root/.nixcache/private-key
 	'';
 }