From 1fd1c845e8514ed5f4fec2082bd1fdd874917e6c Mon Sep 17 00:00:00 2001
From: Andrea Ciceri <andrea.ciceri@autistici.org>
Date: Wed, 21 May 2025 21:04:04 +0200
Subject: [PATCH] Move `arbi` configuration file to secrets

---
 hosts/default.nix        | 1 +
 modules/arbi/default.nix | 8 ++------
 secrets/secrets.nix      | 4 ++++
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/hosts/default.nix b/hosts/default.nix
index 1b21982..3ac0ce9 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -119,6 +119,7 @@
             group = "forgejo";
           };
           "matrix-registration-shared-secret".owner = "matrix-synapse";
+          "arbi-config".owner = "arbi";
         };
       };
 
diff --git a/modules/arbi/default.nix b/modules/arbi/default.nix
index 02ab9e5..3417b51 100644
--- a/modules/arbi/default.nix
+++ b/modules/arbi/default.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, ... }:
 let
   rev = "d531730d9640160f0519ef4b3640f8da49dd96f8";
   arbi-flake = builtins.getFlake "git+ssh://git@github.com/aciceri/arbi.git?rev=${rev}";
@@ -9,11 +9,7 @@ in
   services.arbi = {
     enable = true;
     log_level = "debug";
-    configFile = pkgs.writeText "arbi-config.kdl" ''
-      endpoint "wss://eth-mainnet.g.alchemy.com/v2/<REDACTED>"
-      pairs_file "pairs.json"
-      concurrency 4
-    '';
+    configFile = config.age.secrets.arbi-config.path;
   };
 
   environment.persistence."/persist".directories = [
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 7b341b1..3ab2d98 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -153,6 +153,10 @@ with keys.users;
     ccr-ssh
     sisko
   ];
+  "arbi-config.age".publicKeys = [
+    ccr-ssh
+    sisko
+  ];
 
   # WireGuard
   "picard-wireguard-private-key.age".publicKeys = [