From a4304400f841470265bf61711ca2a1b5543af7e9 Mon Sep 17 00:00:00 2001
From: TheWanderingCrow <contact@wanderingcrow.net>
Date: Sun, 9 Feb 2025 09:48:07 -0500
Subject: [PATCH] add cloudflare r2 bucket for cache

---
 flake.lock                     |  8 ++++----
 infrastructure/wce.nix         | 10 ++++++++++
 modules/users/crow/secrets.nix |  8 ++++++++
 shell.nix                      |  1 +
 4 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/flake.lock b/flake.lock
index 97e81d0..198ed33 100644
--- a/flake.lock
+++ b/flake.lock
@@ -150,11 +150,11 @@
     },
     "nix-secrets": {
       "locked": {
-        "lastModified": 1739076986,
-        "narHash": "sha256-nFlA5xD/KyKqjTx9fYO2EK3Ea0dl5S4VZC5Wfyk6oAc=",
+        "lastModified": 1739112417,
+        "narHash": "sha256-AMFcWVO1vLHWqC0nw9hn0R6opShElYjq8UF/PPYKCvg=",
         "ref": "refs/heads/master",
-        "rev": "f00a6d09843d80f87aa6af06ad5ab74670a591b1",
-        "revCount": 40,
+        "rev": "a7f5458177a159ae3c840b5723deec7cd3838f3b",
+        "revCount": 42,
         "type": "git",
         "url": "ssh://git@github.com/TheWanderingCrow/nix-secrets"
       },
diff --git a/infrastructure/wce.nix b/infrastructure/wce.nix
index 0a0ad20..d119c86 100644
--- a/infrastructure/wce.nix
+++ b/infrastructure/wce.nix
@@ -9,6 +9,10 @@
         source = "hashicorp/aws";
         version = "5.86.0";
       };
+      cloudflare = {
+        source = "cloudflare/cloudflare";
+        version = "5.0.0";
+      };
     };
     backend."s3" = {
       bucket = "wce-20250207201121178400000001";
@@ -30,6 +34,12 @@
       };
     };
 
+    "cloudflare_r2_bucket"."cache" = {
+      account = "68c4b3ab47c1a97037ab5a938f772d69";
+      name = "wce-attic-cache";
+      storage_class = "Standard";
+    };
+
     #"digitalocean_droplet"."do-wce-lighthouse1" = {
     #  image = "177939596"; # nixos-digitalocean
     #  name = "WCE-Lighthouse1";
diff --git a/modules/users/crow/secrets.nix b/modules/users/crow/secrets.nix
index 3a6561c..875093c 100644
--- a/modules/users/crow/secrets.nix
+++ b/modules/users/crow/secrets.nix
@@ -45,4 +45,12 @@ lib.mkIf config.user.crow.enable {
   sops.secrets."digitalocean/token" = {
     owner = config.users.users.crow.name;
   };
+
+  ##############
+  # Cloudflare #
+  ##############
+
+  sops.secrets."cloudflare/token" = {
+    owner = config.users.users.crow.name;
+  };
 }
diff --git a/shell.nix b/shell.nix
index 1c937a9..4131793 100644
--- a/shell.nix
+++ b/shell.nix
@@ -2,6 +2,7 @@
   default = pkgs.mkShell {
     NIX_CONFIG = "extra-experimental-features = nix-command flakes";
     DIGITALOCEAN_TOKEN = builtins.readFile /run/secrets/digitalocean/token;
+    CLOUDFLARE_API_TOKEN = builtins.readFile /run/secrets/cloudflare/token;
     AWS_PROFILE = "wce";
     nativeBuildInputs = with pkgs; [
       git