dotfiles/home/programs/custom-nix-cache.nix

{ config, lib, secret, ... }:

let
  user-bin-directory = "${config.home.homeDirectory}/.bin";
  cache = secret.nix-cache.nifoc;
in
{
  home.file."${user-bin-directory}/upload-nifoc-nix-cache" = lib.mkIf cache.enabled {
    text = ''
      #!/usr/bin/env nix-shell
      #!nix-shell -i bash -p sqlite

      uncachedHashes=$(echo 'SELECT DISTINCT hashPart FROM NARs WHERE present = 0;' | sudo sqlite3 "${cache.database}")
      signingKey="$HOME/.config/nifoc-nix/${cache.signingKey}"

      for uncachedHash in $uncachedHashes; do
        storePath=$(readlink -f /nix/store/$uncachedHash-*)

        if [[ $storePath == *"darwin-system"* ]] ||
           [[ $storePath == *"home-manager-generation"* ]] ||
           [[ $storePath == *"-etc" ]] ||
           [[ $storePath == *"-source" ]] ||
           [[ $storePath == *".drv" ]] ||
           [[ $storePath == *".drv.chroot" ]] ||
           [[ $storePath == *".check" ]] ||
           [[ $storePath == *".lock" ]]; then
          continue
        fi

        if [ "$1" = "--list" ]; then
          echo "$storePath"
        else
          nix store sign --key-file $signingKey $storePath

          echo "Uploading $storePath ..."
          nix copy --to '${cache.s3Url}' $storePath
        fi
      done
    '';

    executable = true;
  };

  home.file."${config.home.homeDirectory}/.aws/credentials" = lib.mkIf cache.enabled {
    text = ''
      [nixbldr]
      aws_access_key_id=${cache.accessKeyId}
      aws_secret_access_key=${cache.secretAccessKey}
    '';
  };

  xdg.configFile."nifoc-nix/${cache.signingKey}" = {
    text = cache.signingKeyValue;
  };

  home.activation = lib.mkIf cache.enabled {
    customNixCacheActivation = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
      echo -n 'Copying AWS configuration: '
      $DRY_RUN_CMD sudo mkdir ${cache.rootDir}/.aws 2> /dev/null
      $DRY_RUN_CMD sudo cp "$HOME/.aws/credentials" ${cache.rootDir}/.aws/
      echo 'Done'
    '';
  };
}
Updates 2022-08-09 16:30:54 +00:00			`{ config, lib, secret, ... }:`

			`let`
			`user-bin-directory = "${config.home.homeDirectory}/.bin";`
			`cache = secret.nix-cache.nifoc;`
			`in`
			`{`
			`home.file."${user-bin-directory}/upload-nifoc-nix-cache" = lib.mkIf cache.enabled {`
			`text = ''`
			`#!/usr/bin/env nix-shell`
			`#!nix-shell -i bash -p sqlite`

			`uncachedHashes=$(echo 'SELECT DISTINCT hashPart FROM NARs WHERE present = 0;' \| sudo sqlite3 "${cache.database}")`
			`signingKey="$HOME/.config/nifoc-nix/${cache.signingKey}"`

			`for uncachedHash in $uncachedHashes; do`
			`storePath=$(readlink -f /nix/store/$uncachedHash-*)`

			`if [[ $storePath == "darwin-system" ]] \|\|`
			`[[ $storePath == "home-manager-generation" ]] \|\|`
			`[[ $storePath == *"-etc" ]] \|\|`
			`[[ $storePath == *"-source" ]] \|\|`
			`[[ $storePath == *".drv" ]] \|\|`
			`[[ $storePath == *".drv.chroot" ]] \|\|`
			`[[ $storePath == *".check" ]] \|\|`
			`[[ $storePath == *".lock" ]]; then`
			`continue`
			`fi`

			`if [ "$1" = "--list" ]; then`
			`echo "$storePath"`
			`else`
			`nix store sign --key-file $signingKey $storePath`

			`echo "Uploading $storePath ..."`
			`nix copy --to '${cache.s3Url}' $storePath`
			`fi`
			`done`
			`'';`

			`executable = true;`
			`};`

			`home.file."${config.home.homeDirectory}/.aws/credentials" = lib.mkIf cache.enabled {`
			`text = ''`
			`[nixbldr]`
			`aws_access_key_id=${cache.accessKeyId}`
			`aws_secret_access_key=${cache.secretAccessKey}`
			`'';`
			`};`

			`xdg.configFile."nifoc-nix/${cache.signingKey}" = {`
			`text = cache.signingKeyValue;`
			`};`

			`home.activation = lib.mkIf cache.enabled {`
			`customNixCacheActivation = lib.hm.dag.entryAfter [ "writeBoundary" ] ''`
			`echo -n 'Copying AWS configuration: '`
			`$DRY_RUN_CMD sudo mkdir ${cache.rootDir}/.aws 2> /dev/null`
			`$DRY_RUN_CMD sudo cp "$HOME/.aws/credentials" ${cache.rootDir}/.aws/`
			`echo 'Done'`
			`'';`
			`};`
			`}`