From 1f8eff3355711c219355cf724f01006bcca62d4b Mon Sep 17 00:00:00 2001
From: Julien Malka <julien@malka.sh>
Date: Tue, 3 Jun 2025 15:07:00 +0200
Subject: [PATCH] feat: deploy artiflakery to gustave

---
 machines/gustave/artiflakery.nix | 108 +++++++++++++++++++++++++++++++
 machines/gustave/default.nix     |   1 +
 secrets/artiflakery-auth.age     | Bin 0 -> 725 bytes
 3 files changed, 109 insertions(+)
 create mode 100644 machines/gustave/artiflakery.nix
 create mode 100644 secrets/artiflakery-auth.age

diff --git a/machines/gustave/artiflakery.nix b/machines/gustave/artiflakery.nix
new file mode 100644
index 0000000..54cee3f
--- /dev/null
+++ b/machines/gustave/artiflakery.nix
@@ -0,0 +1,108 @@
+{ config, lib, ... }:
+{
+
+  age.secrets."artiflakery-auth" = {
+    file = ../../secrets/artiflakery-auth.age;
+    owner = "artiflakery";
+  };
+
+  services.nginx.virtualHosts."static.luj.fr" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://localhost:8090";
+    };
+  };
+
+  users.users.artiflakery.isSystemUser = lib.mkForce false;
+  users.users.artiflakery.isNormalUser = lib.mkForce true;
+
+  services.artiflakery = {
+    enable = true;
+    authFile = config.age.secrets."artiflakery-auth".path;
+    routes = {
+      "papers/2024/increasing-trust-scc-rb-fpm/" = {
+        flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/papers/2024-ICSE-doctoral-symposium&ref=main";
+        access = [
+          "public"
+        ];
+      };
+      "papers/2024/reproducibility-env-space-time/" = {
+        flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/papers/2024-ICSE-reproducibility-build-env-space-time&ref=main";
+        access = [
+          "public"
+        ];
+      };
+      "papers/2025/bitwise-reproducibility-at-scale/" = {
+        flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/papers/2025-MSR-reproducibility&ref=main";
+        access = [
+          "public"
+        ];
+      };
+      "papers/WIP/xz-mitigation-rb/" = {
+        flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/papers/2025-xz-reproducible-builds&ref=main";
+        access = [
+          "phd"
+          "julien"
+        ];
+      };
+      "posters/2024/ICSE-DS/" = {
+        flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/posters/2024-ICSE-DS&ref=main";
+        access = [
+          "public"
+        ];
+      };
+      "posters/2025/MSR/" = {
+        flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/posters/2025-MSR&ref=main";
+        access = [
+          "public"
+        ];
+      };
+      "slides/2023/journee-gdr-gpl/" = {
+        flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/slides/2023-gdr-gpl-days&ref=main";
+        access = [
+          "public"
+        ];
+      };
+      "slides/2024/csi-year-1/" = {
+        flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/slides/2024-csi-year-1&ref=main";
+        access = [
+          "phd"
+          "julien"
+        ];
+      };
+      "slides/2024/phd-symposium-infres/" = {
+        flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/slides/2024-phd-symposium-infres&ref=main";
+        access = [
+          "public"
+        ];
+      };
+      "slides/2024/point-etape-mai/" = {
+        flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/slides/2024-point-etape-main&ref=main";
+        access = [
+          "phd"
+          "julien"
+        ];
+      };
+      "slides/2024/reading-group-build-systems/" = {
+        flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/slides/2024-reading-group-build-systems&ref=main";
+        access = [
+          "aces"
+        ];
+      };
+      "slides/2024/reading-group-vulnerabilities-ssc/" = {
+        flakeref = "git+ssh://git@gitlab.enst.fr/julien.malka/phd.git?dir=productions/slides/2024-reading-group-vulnerabilities-ssc&ref=main";
+        access = [
+          "aces"
+        ];
+      };
+      "slides/2025/assert-june-workshop/" = {
+        flakeref = "git+ssh://forgejo@git.luj.fr/luj/assert-prez.git?ref=main";
+        access = [
+          "assert"
+        ];
+      };
+
+    };
+  };
+}
diff --git a/machines/gustave/default.nix b/machines/gustave/default.nix
index 47715bd..25c3cc5 100644
--- a/machines/gustave/default.nix
+++ b/machines/gustave/default.nix
@@ -18,6 +18,7 @@
     ./nextcloud.nix
     ./glance.nix
     ./syncthing.nix
+    ./artiflakery.nix
     "${inputs.unstable}/nixos/modules/services/web-apps/readeck.nix"
   ];
 
diff --git a/secrets/artiflakery-auth.age b/secrets/artiflakery-auth.age
new file mode 100644
index 0000000000000000000000000000000000000000..e5ac01b1bbf9ea43a67e5370e5654e55616af2fb
GIT binary patch
literal 725
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCT4EQ~NJNmuYrPAjgc
zDAd+>%ka!i%6BX?GY<`Q%}5C@N_O=(F^<Sd4lFXtGEFj$NahN1cJ=fxPjxX%4Nl8W
zHSl*1tujwcEG-C3N%65rObj&74vF+E2{8x_%tp7Z)VMMtDo~*+BFrbOJkhi&*VQSv
zFvp<8B;Ca=$~-4K&@(^CE6L0&(K0Bfs5~qzJCw^WJTbg9IVYtswLIK7G}+uTDJU<!
zD!eKz#V4XX(Kj$6Dlg1E-=H+m$P?W*&ma%SY)1vh(jcEG^Yr2>^WvPcf=F${l9b@m
z3QM=D9Lv;-#IoEpk8J&n0ME2QBS$VH3wO)#sF0kb0>`AVl!`JVw;bn;Lhmg7GJhxS
zG;deWl)}JdZ8OuNTu&}tU0nsEFyEAtkT9b>|Fn>#67QhmAb-=KO4IP-it-}=z-0e4
z&&V(*3*+<*w`8tTb-M*CZp80w@!Hm9EgSVhIk88B<H>j73fB@Z5w>$vS04`IzWAK+
zb?IL}f7gY9UTftGjh-J_Ab!PT>iZM++>8!^b0%a5H!pm2leu`s5;>c{6@ijJS8O^M
zdLdi?@w8yANjmcD;uW@j^t{r1s33VKFWdQ<4EyzS)7hV$(RpjJXwCNe<*z*QXM9|w
zbbneu!<+9_*<o&W4<j3P#h9cCE!kFY7X0hPrTUUPsdJt_yZ`9@0io>qt-BMBMH&UQ
z&uc7@u68}s{qsTWt2g$(#{~3@WYZR`Ubk<LEuW0$bHn$J1~Kj`2j3L$4?EG8{6_BB
zmU-o$uIDjtoV>7VN7k~0zxSAIy3ehj(B}GCn)9vjud8R;PDx%0?ax@Z%<PjN=Z>Hm
vwppJOA2W$Oo^B(Q5%=heP1sY08CG`>|NPPRJAT)xgY&fujPI)V@ksyxwG$^l

literal 0
HcmV?d00001