diff --git a/modules/misc/news.nix b/modules/misc/news.nix
index a2f08db2c..cb57d2e02 100644
--- a/modules/misc/news.nix
+++ b/modules/misc/news.nix
@@ -843,6 +843,14 @@ in
export MOZ_ALLOW_DOWNGRADE=1
'';
}
+
+ {
+ time = "2022-12-28T16:20:51+00:00";
+ condition = hostPlatform.isLinux;
+ message = ''
+ A new module is available: 'services.cachix-agent'.
+ '';
+ }
];
};
}
diff --git a/modules/modules.nix b/modules/modules.nix
index a57925ea9..254b11e1a 100644
--- a/modules/modules.nix
+++ b/modules/modules.nix
@@ -204,6 +204,7 @@ let
./services/betterlockscreen.nix
./services/blueman-applet.nix
./services/borgmatic.nix
+ ./services/cachix-agent.nix
./services/caffeine.nix
./services/cbatticon.nix
./services/clipmenu.nix
diff --git a/modules/services/cachix-agent.nix b/modules/services/cachix-agent.nix
new file mode 100644
index 000000000..01eca05b7
--- /dev/null
+++ b/modules/services/cachix-agent.nix
@@ -0,0 +1,84 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+
+ cfg = config.services.cachix-agent;
+
+in {
+ meta.maintainers = [ maintainers.rycee ];
+
+ options.services.cachix-agent = {
+ enable = mkEnableOption ''
+ Cachix Deploy Agent: '';
+
+ name = mkOption {
+ type = types.str;
+ description = "The unique agent name.";
+ };
+
+ verbose = mkEnableOption "verbose output";
+
+ profile = mkOption {
+ type = types.str;
+ default = "home-manager";
+ description = ''
+ The Nix profile name.
+ '';
+ };
+
+ host = mkOption {
+ type = types.nullOr types.str;
+ default = null;
+ description = "Cachix URI to use.";
+ };
+
+ package = mkPackageOption pkgs "cachix" { };
+
+ credentialsFile = mkOption {
+ type = types.path;
+ default = "${config.xdg.configHome}/cachix-agent.token";
+ defaultText =
+ literalExpression ''"''${config.xdg.configHome}/cachix-agent.token"'';
+ description = ''
+ Required file that needs to contain
+ CACHIX_AGENT_TOKEN=....
+ '';
+ };
+ };
+
+ config = mkIf cfg.enable {
+ assertions = [
+ (lib.hm.assertions.assertPlatform "services.cachix-agent" pkgs
+ lib.platforms.linux)
+ ];
+
+ systemd.user.services.cachix-agent = {
+ Unit.Description = "Cachix Deploy Agent";
+
+ Service = {
+ Environment = [
+ "PATH=${
+ if config.nix.enable && config.nix.package != null then
+ config.nix.package
+ else
+ pkgs.nix
+ }/bin"
+ ];
+ EnvironmentFile = cfg.credentialsFile;
+
+ # We don't want to kill children processes as those are deployments.
+ KillMode = "process";
+ Restart = "on-failure";
+ ExecStart = escapeShellArgs ([ "${cfg.package}/bin/cachix" ]
+ ++ optional cfg.verbose "--verbose"
+ ++ optional (cfg.host != null) "--host ${cfg.host}"
+ ++ [ "deploy" "agent" cfg.name ]
+ ++ optional (cfg.profile != null) cfg.profile);
+ };
+
+ Install.WantedBy = [ "default.target" ];
+ };
+ };
+}
diff --git a/tests/default.nix b/tests/default.nix
index f4f8d877e..21ae251d1 100644
--- a/tests/default.nix
+++ b/tests/default.nix
@@ -166,6 +166,7 @@ import nmt {
./modules/programs/yt-dlp
./modules/services/barrier
./modules/services/borgmatic
+ ./modules/services/cachix-agent
./modules/services/devilspie2
./modules/services/dropbox
./modules/services/emacs
diff --git a/tests/modules/services/cachix-agent/basic-setup.nix b/tests/modules/services/cachix-agent/basic-setup.nix
new file mode 100644
index 000000000..0f84ae35c
--- /dev/null
+++ b/tests/modules/services/cachix-agent/basic-setup.nix
@@ -0,0 +1,32 @@
+{ config, ... }:
+
+{
+ services.cachix-agent = {
+ enable = true;
+ package = config.lib.test.mkStubPackage { outPath = "@cachix-agent@"; };
+ name = "test-agent";
+ };
+
+ test.stubs.nix = { };
+
+ nmt.script = ''
+ assertFileContent \
+ home-files/.config/systemd/user/cachix-agent.service \
+ ${
+ builtins.toFile "cachix-agent.service" ''
+ [Install]
+ WantedBy=default.target
+
+ [Service]
+ Environment=PATH=@nix@/bin
+ EnvironmentFile=/home/hm-user/.config/cachix-agent.token
+ ExecStart='@cachix-agent@/bin/cachix' 'deploy' 'agent' 'test-agent' 'home-manager'
+ KillMode=process
+ Restart=on-failure
+
+ [Unit]
+ Description=Cachix Deploy Agent
+ ''
+ }
+ '';
+}
diff --git a/tests/modules/services/cachix-agent/default.nix b/tests/modules/services/cachix-agent/default.nix
new file mode 100644
index 000000000..48f88e0ae
--- /dev/null
+++ b/tests/modules/services/cachix-agent/default.nix
@@ -0,0 +1 @@
+{ cachix = ./basic-setup.nix; }