From 0468835053b1ae065ee0eefd5efbc459d68d2691 Mon Sep 17 00:00:00 2001 From: Daniel Kempkens Date: Tue, 9 Aug 2022 18:30:54 +0200 Subject: [PATCH] Updates --- flake.lock | 24 +++++----- home/hosts/Styx.nix | 7 ++- home/programs/custom-nix-cache.nix | 64 +++++++++++++++++++++++++++ home/programs/nvim/plugins.nix | 30 ++++++------- home/programs/scripts/nixpkgs-switch | 6 +++ secret/hosts/Styx.nix | Bin 1309 -> 2005 bytes system/hosts/Styx.nix | 11 +++++ system/nixos/arion.nix | 1 - 8 files changed, 114 insertions(+), 29 deletions(-) create mode 100644 home/programs/custom-nix-cache.nix diff --git a/flake.lock b/flake.lock index 9edc4dc..dfd6237 100644 --- a/flake.lock +++ b/flake.lock @@ -117,11 +117,11 @@ }, "locked": { "dir": "contrib", - "lastModified": 1659910079, - "narHash": "sha256-U9qnXPloIBYfg1BkfLo/RXwcfwkvCHtf4hoOXSiDVM0=", + "lastModified": 1659977912, + "narHash": "sha256-oEkmHMKRyv8HTJW6f3qFbSiuXdYSE/8eegJgcE5Gs8o=", "owner": "neovim", "repo": "neovim", - "rev": "18766e742bdc8d179ff73b739a530052c9a669e5", + "rev": "e6680ea7c3912d38f2ef967e053be741624633ad", "type": "github" }, "original": { @@ -140,11 +140,11 @@ ] }, "locked": { - "lastModified": 1659946779, - "narHash": "sha256-AAah3A42SRGlKRgyQIuJg3qBk0X2SWuYrLMF9lzCzP4=", + "lastModified": 1660033016, + "narHash": "sha256-LQVgEu5jPPq5e9b+fH1wKE9Sl8iErfqaGHWZcMkzGOE=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "58c6f277bee0907eb2819bf55dc08693b94e667c", + "rev": "1af7c5862b462e0ad938302805efc116548884d1", "type": "github" }, "original": { @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1659947470, - "narHash": "sha256-fjtOYJWonmQcN9ciw62QYAcr+Tv4+9pUwmWym7yt1w4=", + "lastModified": 1660033736, + "narHash": "sha256-N03jvlh3R8+grynjG/TXGLPc2xQ9P2kSWGwai5w9pPw=", "owner": "nifoc", "repo": "nix-overlay", - "rev": "3cdca066378e09e32bc9b3d9454f334e9c60f694", + "rev": "2cfd669f9c7ec1bc812f483e17fe1854e34f86aa", "type": "github" }, "original": { @@ -175,11 +175,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1659931296, - "narHash": "sha256-MYLvZ1pN2DC79uYoPAoqs7PT5jLaA/I0vTtUUyhdE44=", + "lastModified": 1660017629, + "narHash": "sha256-Koz6/k7c6hx4qVz/bboxdR2QsBdkxjRWpNmsOWJtXZE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "053fb00690945ab06650c4508b98659c6a2343b6", + "rev": "9f15d6c3a74d2778c6e1af67947c95f100dc6fd2", "type": "github" }, "original": { diff --git a/home/hosts/Styx.nix b/home/hosts/Styx.nix index 23bc581..a4b8a21 100644 --- a/home/hosts/Styx.nix +++ b/home/hosts/Styx.nix @@ -1,5 +1,8 @@ -{ pkgs, ... }: +args@{ pkgs, ... }: +let + secret = import ../../secret/hosts/Styx.nix; +in { imports = [ ../programs/fish.nix @@ -13,6 +16,8 @@ ../programs/bat.nix + (import ../programs/custom-nix-cache.nix (args // { inherit secret; })) + ../programs/fzf.nix ../programs/jq.nix diff --git a/home/programs/custom-nix-cache.nix b/home/programs/custom-nix-cache.nix new file mode 100644 index 0000000..3b71a6d --- /dev/null +++ b/home/programs/custom-nix-cache.nix @@ -0,0 +1,64 @@ +{ config, lib, secret, ... }: + +let + user-bin-directory = "${config.home.homeDirectory}/.bin"; + cache = secret.nix-cache.nifoc; +in +{ + home.file."${user-bin-directory}/upload-nifoc-nix-cache" = lib.mkIf cache.enabled { + text = '' + #!/usr/bin/env nix-shell + #!nix-shell -i bash -p sqlite + + uncachedHashes=$(echo 'SELECT DISTINCT hashPart FROM NARs WHERE present = 0;' | sudo sqlite3 "${cache.database}") + signingKey="$HOME/.config/nifoc-nix/${cache.signingKey}" + + for uncachedHash in $uncachedHashes; do + storePath=$(readlink -f /nix/store/$uncachedHash-*) + + if [[ $storePath == *"darwin-system"* ]] || + [[ $storePath == *"home-manager-generation"* ]] || + [[ $storePath == *"-etc" ]] || + [[ $storePath == *"-source" ]] || + [[ $storePath == *".drv" ]] || + [[ $storePath == *".drv.chroot" ]] || + [[ $storePath == *".check" ]] || + [[ $storePath == *".lock" ]]; then + continue + fi + + if [ "$1" = "--list" ]; then + echo "$storePath" + else + nix store sign --key-file $signingKey $storePath + + echo "Uploading $storePath ..." + nix copy --to '${cache.s3Url}' $storePath + fi + done + ''; + + executable = true; + }; + + home.file."${config.home.homeDirectory}/.aws/credentials" = lib.mkIf cache.enabled { + text = '' + [nixbldr] + aws_access_key_id=${cache.accessKeyId} + aws_secret_access_key=${cache.secretAccessKey} + ''; + }; + + xdg.configFile."nifoc-nix/${cache.signingKey}" = { + text = cache.signingKeyValue; + }; + + home.activation = lib.mkIf cache.enabled { + customNixCacheActivation = lib.hm.dag.entryAfter [ "writeBoundary" ] '' + echo -n 'Copying AWS configuration: ' + $DRY_RUN_CMD sudo mkdir ${cache.rootDir}/.aws 2> /dev/null + $DRY_RUN_CMD sudo cp "$HOME/.aws/credentials" ${cache.rootDir}/.aws/ + echo 'Done' + ''; + }; +} diff --git a/home/programs/nvim/plugins.nix b/home/programs/nvim/plugins.nix index f1cd2e6..6bf1b02 100644 --- a/home/programs/nvim/plugins.nix +++ b/home/programs/nvim/plugins.nix @@ -3,12 +3,12 @@ { impatient-nvim = pkgs.vimUtils.buildVimPluginFrom2Nix { pname = "impatient.nvim"; - version = "2022-08-01"; + version = "2022-08-09"; src = pkgs.fetchFromGitHub { owner = "lewis6991"; repo = "impatient.nvim"; - rev = "4ccbe749ce439fa25d387d459e8c339131cc5d1f"; - sha256 = "1xalimlicn601qfjz5q2dv7khmzf38xn5jy4c0ykiz8zj77yid0a"; + rev = "49f4ed4a96e0dec3425f270001f341f78400fb49"; + sha256 = "06l6d0hrpsh0jxapf2j5d2hf5km5sg8dysxiggz3mhh4f1y5jlhy"; fetchSubmodules = false; }; }; @@ -113,12 +113,12 @@ }; nvim-ts-rainbow = pkgs.vimUtils.buildVimPluginFrom2Nix { pname = "nvim-ts-rainbow"; - version = "2022-08-07"; + version = "2022-08-09"; src = pkgs.fetchFromGitHub { owner = "p00f"; repo = "nvim-ts-rainbow"; - rev = "d16220f825c0521586499fac340b8a5c8b7117b0"; - sha256 = "1x4mfq63z7fxg7cyv2dmhzy7kxq9xgz16cvfj69gxz0mqxmmg3xz"; + rev = "0c19f1eda263a1d44b6741e727fef223886c80a8"; + sha256 = "0n01yfjldf2qcwyzmjpqnrccsy7xax191c26y1zsyahlfxk70ay9"; fetchSubmodules = false; }; }; @@ -135,12 +135,12 @@ }; telescope-nvim = pkgs.vimUtils.buildVimPluginFrom2Nix { pname = "telescope.nvim"; - version = "2022-08-04"; + version = "2022-08-09"; src = pkgs.fetchFromGitHub { owner = "nvim-telescope"; repo = "telescope.nvim"; - rev = "4725867ec66b9a0f5e5ad95a1fd94c2f97fa2d2c"; - sha256 = "0i04xvmz6rcpw47922i6sza34zysj0kc4bakm4qzc5xb26nyy243"; + rev = "8f80e821085bdb4583e78ea685e68dc34209d360"; + sha256 = "1m6cw6xgbmx07pnxn351650v53nmmndjwliwwk1fq6gsyiyixxk3"; fetchSubmodules = false; }; }; @@ -395,12 +395,12 @@ }; neoformat = pkgs.vimUtils.buildVimPluginFrom2Nix { pname = "neoformat"; - version = "2022-07-23"; + version = "2022-08-09"; src = pkgs.fetchFromGitHub { owner = "sbdchd"; repo = "neoformat"; - rev = "892be036fa82871f602f20a5245dfd4bc88d2f08"; - sha256 = "17mgv9qr9bn4ajy825yk5zr3cqhdqz113261vckx43sfia4ligbg"; + rev = "202b5082ee973fb6ec2ac04e15386bfd4f12d699"; + sha256 = "1asadm5wqa74p343p2xb0lsx0wfv59w212d26xwap29p3lrcnin2"; fetchSubmodules = false; }; }; @@ -505,12 +505,12 @@ }; toggleterm-nvim = pkgs.vimUtils.buildVimPluginFrom2Nix { pname = "toggleterm.nvim"; - version = "2022-08-07"; + version = "2022-08-09"; src = pkgs.fetchFromGitHub { owner = "akinsho"; repo = "toggleterm.nvim"; - rev = "dfce846c609b83feef3786930c5bd7e4bad851ac"; - sha256 = "09bv3cq6nd9dgpx2civ02d3p27vp34kzn0s8lgncqgffx088rcib"; + rev = "623664233bbe305bf7c86060b95670bb1575534d"; + sha256 = "07sb649rw5s5vnf7z3avai4frgswy6cny3lrsa1gckig5v8370z1"; fetchSubmodules = false; }; }; diff --git a/home/programs/scripts/nixpkgs-switch b/home/programs/scripts/nixpkgs-switch index f87ba1e..09febe5 100755 --- a/home/programs/scripts/nixpkgs-switch +++ b/home/programs/scripts/nixpkgs-switch @@ -31,4 +31,10 @@ set system_new (readlink /run/current-system) nvd diff "$system_old" "$system_new" rm -f result + +if test -e "$HOME/.bin/upload-nifoc-nix-cache" + echo "Updating nifoc-nix-cache ..." + upload-nifoc-nix-cache +end + popd diff --git a/secret/hosts/Styx.nix b/secret/hosts/Styx.nix index 2118ac2a907b22fccfc59a1b3def0d98635f0016..5879c4761a21bb906b84a8eadcdee7ec82886665 100644 GIT binary patch literal 2005 zcmV;`2P*ggM@dveQdv+`050ajCK26E+GxgT!iF`Z0C3WdtoIzHoG%oXh9=_+_K-|# z4Dr~!B;!FP3HSCQiDQCcJqD(2XgO=Cr#$oWe=%S@+OV&j-Vkwk$n{0in(f(v7hSX4 z{%(um!vdf4%Gz~Y5@(2~XBGWcAWfZp)BVF71gq1~EXO*l-ZXW|2Osz6lXnyN3v)pV zn)*Zz8j$|N-q9;cf|t!lktso>EV|hNX|A6qGHi#{7Yj)%+K_5hnu_?~WfErFJGLaJ~`LlZJ^XE*{HuO2Umq8{7H=74m^uU zY8>RumO7hKhxKiyC!iDqW$S4mLY`4u(XKO znz(u2cCLOHgW09A^;!SZ;KZCr+W~D*mQ68K+bXU8cxrh>$apNDBw`xSzQI-e!sdR& zE=yx!p&!qtgbM=+pa`15TQXkVJ^iGQAQa7vl|(3cj;l}{jhg+p*S5_ zc*BT<FS5oGVgCLq+g zg@enax1?{a0cTlm#{IQ!267J4ArZA` z(;Gf-4}$aEi_*8*f(~09FO1`1VbA|9|WY}kacP$@Kk`s#9_O7;6xxk(A76YML(LTP*=X>$& zo!I;5uCu_lAMJO%1Pt%M7o`-2J1*bk4$V1t_LT7K;BgNwKa z+0$cn9YSL+#qIQoQHT~J;Oxbc2S@T<1{_5g*3uvmC1EHej9SE%C!rG|WSp}e)a1>j zvhrpOpzYdHOpn}!cx+tDh*6q`u)NiO72g-8)`7hQD5uZ>kUK78Nd7E<~4m5=-puazw@VMsW<@{F{nc9;_@@H0TLW(;SFeq?D&v6KR0M& z%N@z6fOBRl5nDA4T$@=e{d*&LXmTio3dwe~22KboE2fFIux>zh`V4D8k=C>e?Z^98 zp1sy}&^-8w{30qLoq#kF9BZ=*MNUGd%Yxm&5!G#2yYFL7l;^2c*Suy3sF zI|j4Hw#V*Mm{G;ZzLFcganzVRlh;N)nB0eEB30}wm`7(vB6~VGk;mDTbpkcC<56@q z_ysk_^PVw@Q(A+5l$IUvK6*K9ozGRV;i;;nsxKjbTNx%lhMMCJi9wlXdug_s4$;y6 z{|(LOujO1*3T4n2uOY%%Jr5sy+aGedsHzroDhx}<({gw~#YgwtYbxvu&yeL%Lwe=i z{xff>R#+_o7VEY&Kxr)eIO!G2eUeoqh#g6SF(&FEr11dhU(?rL`uX zvZ^QV1BpLG1U;{6ayE(-yTM~iR_?4lL0EqOx&4nay(h3U`}0XOd)PAh$Ym$)J=--n zuW^AO*UKVV%YQb!IV|^mqaDSJ4pR?L4*(5wHW(R#xqC^m3<)ge89-cjy?7%ke}$&? nOp5G#EgR>W*VuM@dveQdv+`0KkHMw{W7Ag^w%A3#*93$5+gHfbJ0Ec%h%eou`nhVv4A> z&mfss+Xm~Dx>dmuxk)kve~|*$;fqLs{rYZ?Qqk3yt~F|psPe0&vT!iaY_cB$czlKwtFJEXV928;igMc|!`zUsV8C|02C#8y!mli|t z!YLp}rI^F3`na#Q)WTl2&PnExrrlkif2d#CKpOYV)07Umtu^#iC=CQTx~;G?M?BUj zd73ipp*RFXvt}k<5@Cqui#Jo;+v%=E@kJlslDo|`2XGVc*k2X$Wlx5|uBAR!CtPFgTHty8{RMw^u?W4noP;ozavdS> zpr;dzE~CsCP6ChN7XQ6Ic0KC1ixY%f-VAwbqhHT_l^43#vB%Fz>UoHfp-hfBiOaN4 zuvd|N%I=~lootgS5_7i1CiN9Cy!AO^SLyAKA@8wCvmvb_a6zj3O|HZF;Aas8`1|5L zD#ocm;h4WxpHXgyYEA@QwwgEyuz*Inl9EhrUeBs1lqX0a!T}u<|4`3EpciniqxcW^ z#&gW9sZk$?f@&W1puw_?XET0k`>aNV#!MuBA{od*-^cSxh(SXGxI!*L4%_Kyv0ghP zNMMX)`heF>HyKYtK^{LEt@yh$Z9AW<)&^J2!HeGlR27QD`9$|30X7D~+>)uyxOKG}5 zCjuUPX!B&3Gr%uCy`r}suwLen~GT(}}K(9#NIL3aq41hc?117xCDA~)k`+H`#t4vjd7^!^8$(IxW+3*q^~q5$Tc zF3hX~zLvLAq`3~Ho6vY^VFK^XSSFxA(SiiqIwgs-Hlm=UvX`P{0R6>8Kqq1qdKWIm zmb~W|(xK^}zvUG4Yi3K_8nq;_5VJCRbRk|va$h{bSh(b zK=#44su~M2Px>+Sa(7jJk*Jq`z)V|b2end&`6#@Aww z1%&NQy6Os#m02iN88o~PVe|5BEc~VKi3H1VwDV0VEzh!Qa}87StJmxRdp?A*86bXq T`7|o43>=SoqoGk@Rf4RuU$%*# diff --git a/system/hosts/Styx.nix b/system/hosts/Styx.nix index 94b9bf3..e0bd8be 100644 --- a/system/hosts/Styx.nix +++ b/system/hosts/Styx.nix @@ -1,3 +1,10 @@ +{ lib, ... }: + +let + inherit (lib) optionals; + + secret = import ../../secret/hosts/Styx.nix; +in { imports = [ ../darwin/defaults.nix @@ -8,11 +15,15 @@ binaryCaches = [ "https://nix-community.cachix.org" "https://nifoc.cachix.org" + ] ++ optionals secret.nix-cache.nifoc.enabled [ + secret.nix-cache.nifoc.s3Url ]; binaryCachePublicKeys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nifoc.cachix.org-1:ymuftq7RgN/lf/iWXFK8gpwDSAGFaGBeliWe9u6q8II=" + ] ++ optionals secret.nix-cache.nifoc.enabled [ + secret.nix-cache.nifoc.publicKeyValue ]; trustedUsers = [ diff --git a/system/nixos/arion.nix b/system/nixos/arion.nix index 2b61b31..bfe56e2 100644 --- a/system/nixos/arion.nix +++ b/system/nixos/arion.nix @@ -19,7 +19,6 @@ environment = { WATCHTOWER_POLL_INTERVAL = "28800"; WATCHTOWER_LABEL_ENABLE = "true"; - WATCHTOWER_NO_RESTART = "true"; }; volumes = [ "/var/run/docker.sock:/var/run/docker.sock" ]; };