Add attic token service

Pythoner6 · Feb 8, 2024 · c55fe56 · c55fe56
1 parent a20d9fb
commit c55fe56
Show file tree

Hide file tree

Showing 7 changed files with 3,009 additions and 2 deletions.
diff --git a/.gitignore b/.gitignore
@@ -14,3 +14,4 @@ secrets*.yaml
 .factorypath
 .settings
 .project
+target/
diff --git a/flake.nix b/flake.nix
@@ -218,10 +218,26 @@
               rsync -r --exclude=kubernetes.json build/kubernetes/ $crds/
             '';
           });
+          attic-token-service = pkgs.rustPlatform.buildRustPackage {
+            name = "attic-token-service";
+            src = ./src/attic-token-service;
+            cargoLock = {
+              lockFile = ./src/attic-token-service/Cargo.lock;
+              outputHashes = {
+                "attic-0.1.0" = "sha256-+ACjzPhs0ejAmKMiAM/QGooRt5oUBBm3HQTD59R9rS4=";                
+                "nix-base32-0.1.2-alpha.0" = "sha256-wtPWGOamy3+ViEzCxMSwBcoR4HMMD0t8eyLwXfCDFdo=";
+              };
+            };
+          };
+          attic-token-service-image = pkgs.dockerTools.buildLayeredImage {
+            name = "attic-token-service-image";
+            contents = [ attic-token-service ];
+            config.Cmd = [ "attic-token-service" ];
+          };
         };
         devShells = {
           default = pkgs.mkShell {
-            buildInputs = with pkgs; [ pkgs.cue pkgs.timoni postgresql jq nodejs nodePackages.npm typescript kubernetes-helm flux umoci skopeo weave-gitops yq-go go xxd talosctl crane openldap operator-sdk jdk19 maven gradle ];
+            buildInputs = with pkgs; [ pkgs.cue pkgs.timoni postgresql jq nodejs nodePackages.npm typescript kubernetes-helm flux umoci skopeo weave-gitops yq-go go xxd talosctl crane openldap operator-sdk jdk19 maven gradle pkgs.cargo pkgs.rustc ];
           };
           push = pkgs.mkShell {
             buildInputs = with pkgs; [ crane ];

diff --git a/k8s/attic/attic.cue b/k8s/attic/attic.cue
@@ -43,9 +43,9 @@ kustomizations: $default: "manifest": {
     metadata: name: "attic-server"
     data: "gen-config.sh": """
       cat <<EOF > /config/server.toml
+
       api-endpoint = "https://attic.home.josephmartin.org/"
       token-hs256-secret-base64 = "$(cat /secrets/password)"
-
       [database]
       [chunking]
       nar-size-threshold = 65536 # chunk files that are 64 KiB or larger
@@ -189,6 +189,17 @@ kustomizations: $default: "manifest": {
       parentRefs: [{ name: gateway.metadata.name }]
       hostnames: [domain]
       rules: [{
+        matches: [{
+          path: {
+            type: "Exact"
+            value: "/_token"
+          }
+        }]
+        backendRefs: [{
+          name: "attic-token-service"
+          port: 80
+        }]
+      },{
         matches: [{
           path: {
             type: "PathPrefix"