From 1a42b79c8132f4e352d9e80a7d4ab31791d057a6 Mon Sep 17 00:00:00 2001
From: Romain Paquet <rpqt@rpqt.fr>
Date: Wed, 1 Oct 2025 14:21:25 +0200
Subject: [PATCH] setup radicle node again

---
 machines/crocus/configuration.nix             |  2 +-
 machines/crocus/radicle.nix                   | 27 +++++++++++++------
 .../radicle/id_ed25519.pub/machines/crocus    |  1 -
 .../crocus/radicle/id_ed25519.pub/secret      | 19 -------------
 .../crocus/radicle/id_ed25519.pub/users/rpqt  |  1 -
 5 files changed, 20 insertions(+), 30 deletions(-)
 delete mode 120000 vars/per-machine/crocus/radicle/id_ed25519.pub/machines/crocus
 delete mode 100644 vars/per-machine/crocus/radicle/id_ed25519.pub/secret
 delete mode 120000 vars/per-machine/crocus/radicle/id_ed25519.pub/users/rpqt

diff --git a/machines/crocus/configuration.nix b/machines/crocus/configuration.nix
index 67f1a73..f0bed86 100644
--- a/machines/crocus/configuration.nix
+++ b/machines/crocus/configuration.nix
@@ -4,7 +4,7 @@
 }:
 {
   imports = [
-    # ./radicle.nix
+    ./radicle.nix
     ../../system/core
     ../../system/nix
     ../../modules/remote-builder.nix
diff --git a/machines/crocus/radicle.nix b/machines/crocus/radicle.nix
index d6e3816..d7692c4 100644
--- a/machines/crocus/radicle.nix
+++ b/machines/crocus/radicle.nix
@@ -1,9 +1,13 @@
-{ config, keys, ... }:
+{
+  config,
+  pkgs,
+  ...
+}:
 {
   services.radicle = {
     enable = true;
-    privateKeyFile = config.clan.core.vars.generators.radicle.files.radicle-private-key.path;
-    publicKey = keys.services.radicle;
+    privateKeyFile = config.clan.core.vars.generators.radicle.files."id_ed25519".path;
+    publicKey = config.clan.core.vars.generators.radicle.files."id_ed25519.pub".value;
     node = {
       openFirewall = true;
     };
@@ -15,13 +19,20 @@
         forceSSL = true;
       };
     };
+    settings = {
+      web.avatarUrl = "https://rpqt.fr/favicon.svg";
+      description = "rpqt's radicle node";
+    };
   };
 
   clan.core.vars.generators.radicle = {
-    prompts.radicle-private-key = {
-      description = "radicle node private key";
-      type = "hidden";
-      persist = true;
-    };
+    files."id_ed25519".secret = true;
+    files."id_ed25519.pub".secret = false;
+    runtimeInputs = [ pkgs.openssh ];
+    script = ''
+      ssh-keygen -t ed25519 -f "$out"/id_ed25519 -N "" -C "radicle"
+    '';
   };
+
+  clan.core.state.radicle.folders = [ "/var/lib/radicle" ];
 }
diff --git a/vars/per-machine/crocus/radicle/id_ed25519.pub/machines/crocus b/vars/per-machine/crocus/radicle/id_ed25519.pub/machines/crocus
deleted file mode 120000
index efe6fd0..0000000
--- a/vars/per-machine/crocus/radicle/id_ed25519.pub/machines/crocus
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/machines/crocus
\ No newline at end of file
diff --git a/vars/per-machine/crocus/radicle/id_ed25519.pub/secret b/vars/per-machine/crocus/radicle/id_ed25519.pub/secret
deleted file mode 100644
index 47fc525..0000000
--- a/vars/per-machine/crocus/radicle/id_ed25519.pub/secret
+++ /dev/null
@@ -1,19 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:vuMn3T+3/BdO3pgArEzzul28SyX29I9K8nwpLXsaH3qijdB/vJDPRQQb46fKhXwnIiacTnPBMwF+65PTaOxc+J7MpadZxYVD4SOQIKfXf9nyii1O2yiEcBEXBCOl,iv:JsLd4hBmkKViCBMcoaR9KJB4U9EemhU7frydMciJIIY=,tag:aEKpuLyZYP1R+NtjKVsHeQ==,type:str]",
-	"sops": {
-		"age": [
-			{
-				"recipient": "age10lf2vjmlkff25qyft9d3c0274gvkxsf255fw0ea60cuqc7703ajqu3yxx9",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSFo5bEk3NUtaOXpEVDNa\nOXUwZXhNYjYxZE15L3V6NTlyNDdsMnp6TURVCmxid2VuaWQ5ZTNZYUVkc2krR0lU\nRXRGU2JsNXNsd0xEeWRtZEtOR1RsUkkKLS0tIG9ZaGZRVWlXN2w3ZCsycGdoaWVs\nU1FGSldZa2tZOTlFWlFlNkxVQ2xqK3cKnA6CnGuil7WR3+e6k1/JblzPE8lxKR55\nDev4Ina9YAEAdP1C5g7at3CvhrARzfjHXfY193MWmm2NOG8NUfkcwQ==\n-----END AGE ENCRYPTED FILE-----\n"
-			},
-			{
-				"recipient": "age1mqnmzn203hyj200psc982ehcedjmcdz8s0ncc50fm9jszjx7rgmqqmppw5",
-				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxUGd2dHVXOHVPNXlGK1Na\nem40RUs2N1Q5clJIOHpsQ2dIYThKZ2hXb1NRCk51bjZTSWkvdWQyYzl4MDNNOE9N\nVUhqbzdvUUVBRTRrYXVBVDF6SEJRMW8KLS0tIFpxWCt6bTJQSlUzRWFjUXFWNFpk\nWjJaVlhuYllJZlZQRWVObXJnVjNPbmcKQD5NG7MaKlumfKOLgc6vzBWr9lFVGNLo\nWbvtwL7Y3LPRzQoFfed+VE0NGFI/EexBT5EN5vJwPNsGD3RQFjwjcQ==\n-----END AGE ENCRYPTED FILE-----\n"
-			}
-		],
-		"lastmodified": "2025-10-01T11:35:08Z",
-		"mac": "ENC[AES256_GCM,data:iYlQAmtfRn9dT9gN5QksoAXyg5k7aWc4KO3nsgRpogF/63n+0RAzqGz4O+Hr9RgiIzVo1ThUMIaVaPCTKYvUJ0BH2RZI3MmWV8BNG8FedFaO/fK7zGjuxoFaUC0LOUPX03QcZDYanbDulZ1NL+w1NxZZuCEZ1g6uVH3YewaxBuc=,iv:vvTQ/Wm4xtfaH7Oy6qGANp9YWVHgvRAuVZPfzcxU/dY=,tag:/HBo14UIp9YtyLv1vGu8vw==,type:str]",
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.10.2"
-	}
-}
diff --git a/vars/per-machine/crocus/radicle/id_ed25519.pub/users/rpqt b/vars/per-machine/crocus/radicle/id_ed25519.pub/users/rpqt
deleted file mode 120000
index c6af5c7..0000000
--- a/vars/per-machine/crocus/radicle/id_ed25519.pub/users/rpqt
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../../sops/users/rpqt
\ No newline at end of file