1
0
Fork 0
dotfiles/home/programs/custom-nix-cache.nix

80 lines
2.7 KiB
Nix
Raw Normal View History

2022-08-09 16:30:54 +00:00
{ config, lib, secret, ... }:
let
user-bin-directory = "${config.home.homeDirectory}/.bin";
cache = secret.nix-cache.nifoc;
in
{
home.file."${user-bin-directory}/upload-nifoc-nix-cache" = lib.mkIf cache.enabled {
text = ''
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p sqlite
2022-08-09 17:25:55 +00:00
# Make sure the files are available to root on NixOS and macOS
sudo mkdir ${cache.rootDir}/.aws 2> /dev/null
sudo cp "$HOME/.aws/credentials" ${cache.rootDir}/.aws/
2022-08-11 19:00:49 +00:00
minTimestamp=$(expr $(date +%s) - 1800)
2022-08-09 18:33:39 +00:00
uncachedHashes=$(echo "SELECT DISTINCT hashPart FROM NARs WHERE present = 0 AND timestamp >= $minTimestamp;" | sudo sqlite3 "${cache.database}")
2022-08-09 16:30:54 +00:00
signingKey="$HOME/.config/nifoc-nix/${cache.signingKey}"
for uncachedHash in $uncachedHashes; do
storePath=$(readlink -f /nix/store/$uncachedHash-*)
if [[ $storePath == *"darwin-system"* ]] ||
2022-08-09 17:17:28 +00:00
[[ $storePath == *"nixos-system"* ]] ||
2022-08-11 19:00:49 +00:00
[[ $storePath == *"home-manager"* ]] ||
2022-08-09 16:30:54 +00:00
[[ $storePath == *"-etc" ]] ||
[[ $storePath == *"-source" ]] ||
[[ $storePath == *".drv" ]] ||
[[ $storePath == *".drv.chroot" ]] ||
[[ $storePath == *".check" ]] ||
2022-08-11 19:00:49 +00:00
[[ $storePath == *".lock" ]] ||
[[ $storePath == *"-*" ]]; then
2022-08-09 16:30:54 +00:00
continue
fi
if [ "$1" = "--list" ]; then
echo "$storePath"
else
2022-08-11 19:00:49 +00:00
curl -I --fail --silent "https://cache.nixos.org/$uncachedHash.narinfo" > /dev/null
cached_nixos="$?"
2022-08-09 16:30:54 +00:00
if [ $cached_nixos -eq 0 ]; then
echo "Already cached on NixOS: $storePath ..."
2022-08-11 19:00:49 +00:00
else
curl -I --fail --silent "https://nix-community.cachix.org/$uncachedHash.narinfo" > /dev/null
cached_cachix_nixcommunity="$?"
2022-08-11 19:00:49 +00:00
curl -I --fail --silent "https://nifoc.cachix.org/$uncachedHash.narinfo" > /dev/null
cached_cachix_nifoc="$?"
if [ $cached_cachix_nixcommunity -eq 0 ] || [ $cached_cachix_nifoc -eq 0 ]; then
echo "Already cached on Cachix: $storePath ..."
else
sudo -H nix store sign --key-file $signingKey $storePath
echo "Uploading $storePath ..."
sudo -H nix copy --to '${cache.s3Url}' $storePath
fi
2022-08-11 19:00:49 +00:00
fi
2022-08-09 16:30:54 +00:00
fi
done
'';
executable = true;
};
home.file."${config.home.homeDirectory}/.aws/credentials" = lib.mkIf cache.enabled {
text = ''
[nixbldr]
aws_access_key_id=${cache.accessKeyId}
aws_secret_access_key=${cache.secretAccessKey}
'';
};
2022-08-09 17:25:55 +00:00
xdg.configFile."nifoc-nix/${cache.signingKey}" = lib.mkIf cache.enabled {
2022-08-09 16:30:54 +00:00
text = cache.signingKeyValue;
};
}