2022-08-09 16:30:54 +00:00
|
|
|
{ config, lib, secret, ... }:
|
|
|
|
|
|
|
|
let
|
|
|
|
user-bin-directory = "${config.home.homeDirectory}/.bin";
|
|
|
|
cache = secret.nix-cache.nifoc;
|
|
|
|
in
|
|
|
|
{
|
|
|
|
home.file."${user-bin-directory}/upload-nifoc-nix-cache" = lib.mkIf cache.enabled {
|
|
|
|
text = ''
|
|
|
|
#!/usr/bin/env nix-shell
|
|
|
|
#!nix-shell -i bash -p sqlite
|
|
|
|
|
2022-08-09 17:25:55 +00:00
|
|
|
# Make sure the files are available to root on NixOS and macOS
|
|
|
|
sudo mkdir ${cache.rootDir}/.aws 2> /dev/null
|
|
|
|
sudo cp "$HOME/.aws/credentials" ${cache.rootDir}/.aws/
|
|
|
|
|
2022-08-11 19:00:49 +00:00
|
|
|
minTimestamp=$(expr $(date +%s) - 1800)
|
2022-08-09 18:33:39 +00:00
|
|
|
uncachedHashes=$(echo "SELECT DISTINCT hashPart FROM NARs WHERE present = 0 AND timestamp >= $minTimestamp;" | sudo sqlite3 "${cache.database}")
|
2022-08-09 16:30:54 +00:00
|
|
|
signingKey="$HOME/.config/nifoc-nix/${cache.signingKey}"
|
|
|
|
|
|
|
|
for uncachedHash in $uncachedHashes; do
|
|
|
|
storePath=$(readlink -f /nix/store/$uncachedHash-*)
|
|
|
|
|
|
|
|
if [[ $storePath == *"darwin-system"* ]] ||
|
2022-08-09 17:17:28 +00:00
|
|
|
[[ $storePath == *"nixos-system"* ]] ||
|
2022-08-11 19:00:49 +00:00
|
|
|
[[ $storePath == *"home-manager"* ]] ||
|
2022-08-09 16:30:54 +00:00
|
|
|
[[ $storePath == *"-etc" ]] ||
|
|
|
|
[[ $storePath == *"-source" ]] ||
|
|
|
|
[[ $storePath == *".drv" ]] ||
|
|
|
|
[[ $storePath == *".drv.chroot" ]] ||
|
|
|
|
[[ $storePath == *".check" ]] ||
|
2022-08-11 19:00:49 +00:00
|
|
|
[[ $storePath == *".lock" ]] ||
|
|
|
|
[[ $storePath == *"-*" ]]; then
|
2022-08-09 16:30:54 +00:00
|
|
|
continue
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$1" = "--list" ]; then
|
|
|
|
echo "$storePath"
|
|
|
|
else
|
2022-08-11 19:00:49 +00:00
|
|
|
curl -I --fail --silent "https://cache.nixos.org/$uncachedHash.narinfo" > /dev/null
|
2022-08-11 19:52:39 +00:00
|
|
|
cached_nixos="$?"
|
2022-08-09 16:30:54 +00:00
|
|
|
|
2022-08-11 19:52:39 +00:00
|
|
|
if [ $cached_nixos -eq 0 ]; then
|
|
|
|
echo "Already cached on NixOS: $storePath ..."
|
2022-08-11 19:00:49 +00:00
|
|
|
else
|
2022-08-11 19:52:39 +00:00
|
|
|
curl -I --fail --silent "https://nix-community.cachix.org/$uncachedHash.narinfo" > /dev/null
|
|
|
|
cached_cachix_nixcommunity="$?"
|
2022-08-11 19:00:49 +00:00
|
|
|
|
2022-08-11 19:52:39 +00:00
|
|
|
curl -I --fail --silent "https://nifoc.cachix.org/$uncachedHash.narinfo" > /dev/null
|
|
|
|
cached_cachix_nifoc="$?"
|
|
|
|
|
|
|
|
if [ $cached_cachix_nixcommunity -eq 0 ] || [ $cached_cachix_nifoc -eq 0 ]; then
|
|
|
|
echo "Already cached on Cachix: $storePath ..."
|
|
|
|
else
|
|
|
|
sudo -H nix store sign --key-file $signingKey $storePath
|
|
|
|
|
|
|
|
echo "Uploading $storePath ..."
|
|
|
|
sudo -H nix copy --to '${cache.s3Url}' $storePath
|
|
|
|
fi
|
2022-08-11 19:00:49 +00:00
|
|
|
fi
|
2022-08-09 16:30:54 +00:00
|
|
|
fi
|
|
|
|
done
|
|
|
|
'';
|
|
|
|
|
|
|
|
executable = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
home.file."${config.home.homeDirectory}/.aws/credentials" = lib.mkIf cache.enabled {
|
|
|
|
text = ''
|
|
|
|
[nixbldr]
|
|
|
|
aws_access_key_id=${cache.accessKeyId}
|
|
|
|
aws_secret_access_key=${cache.secretAccessKey}
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2022-08-09 17:25:55 +00:00
|
|
|
xdg.configFile."nifoc-nix/${cache.signingKey}" = lib.mkIf cache.enabled {
|
2022-08-09 16:30:54 +00:00
|
|
|
text = cache.signingKeyValue;
|
|
|
|
};
|
|
|
|
}
|