dogfood nixcp everywhere

.github/workflows/build-machines-and-homes.yml

@@ -76,16 +76,11 @@ jobs:
         if: '!cancelled()'
         run: |
           package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel"
-          derivations=()
-          while IFS=$'\n' read derivation; do
-              derivations+=("$derivation")
-          done < <(nix path-info --derivation "$package")
-
-          for derivation in "${derivations[@]}"; do
-              nix copy -j8 \
+          nix run git+https://git.cy7.sh/cy/nixcp.git -- \
             --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \
-                $(nix-store --query --requisites --include-outputs "$derivation")
-          done
+            -u https://nix-community.cachix.org \
+            -u https://nixcache.cy7.sh \
+            $package
 
   build-homes:
     strategy:
@@ -153,13 +148,8 @@ jobs:
         if: '!cancelled()'
         run: |
           package=".#homeConfigurations."${{ matrix.home }}".activationPackage"
-          derivations=()
-          while IFS=$'\n' read derivation; do
-              derivations+=("$derivation")
-          done < <(nix path-info --derivation "$package")
-
-          for derivation in "${derivations[@]}"; do
-              nix copy -j8 \
+          nix run git+https://git.cy7.sh/cy/nixcp.git -- \
             --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \
-                $(nix-store --query --requisites --include-outputs "$derivation")
-          done
+            -u https://nix-community.cachix.org \
+            -u https://nixcache.cy7.sh \
+            $package

.github/workflows/build-packages.yml

@@ -64,16 +64,11 @@ jobs:
         # https://stackoverflow.com/a/58859404
         if: '!cancelled()'
         run: |
-          derivations=()
-          while IFS=$'\n' read derivation; do
-              derivations+=("$derivation")
-          done < <(nix path-info --derivation "${{ matrix.package }}")
-
-          for derivation in "${derivations[@]}"; do
-              nix copy -j8 \
+          nix run git+https://git.cy7.sh/cy/nixcp.git -- \
             --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \
-                $(nix-store --query --requisites --include-outputs "$derivation")
-          done
+            -u https://nix-community.cachix.org \
+            -u https://nixcache.cy7.sh \
+            "${{ matrix.package }}"
 
       - name: prepare tarball to upload
         run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result

flake.lock

@@ -273,9 +273,7 @@
     },
     "flake-parts_2": {
       "inputs": {
-        "nixpkgs-lib": [
-          "nixpkgs"
-        ]
+        "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
         "lastModified": 1741352980,
@@ -763,6 +761,21 @@
         "type": "github"
       }
     },
+    "nixpkgs-lib": {
+      "locked": {
+        "lastModified": 1743296961,
+        "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixpkgs.lib",
+        "type": "github"
+      }
+    },
     "nixpkgs-stable": {
       "locked": {
         "lastModified": 1730741070,

flake.nix

@@ -29,10 +29,6 @@
       inputs.nixpkgs.follows = "nixpkgs";
       inputs.flake-parts.follows = "flake-parts";
     };
-    flake-parts = {
-      url = "github:hercules-ci/flake-parts";
-      inputs.nixpkgs-lib.follows = "nixpkgs";
-    };
     rust-overlay = {
       url = "github:oxalica/rust-overlay";
       inputs.nixpkgs.follows = "nixpkgs";
@@ -101,6 +97,7 @@
     flake-utils.url = "github:numtide/flake-utils";
     crane.url = "github:ipetkov/crane";
     flake-compat.url = "github:edolstra/flake-compat";
+    flake-parts.url = "github:hercules-ci/flake-parts";
   };
 
   nixConfig = {
@@ -119,43 +116,8 @@
       self,
       nixpkgs,
       home-manager,
-      flake-parts,
       ...
     }@inputs:
-    flake-parts.lib.mkFlake { inherit inputs; } (
-      { ... }:
-      {
-        imports = [
-          inputs.treefmt.flakeModule
-        ];
-        systems = [
-          "x86_64-linux"
-        ];
-        perSystem =
-          {
-            inputs',
-            ...
-          }:
-          {
-            treefmt = {
-              projectRootFile = "flake.nix";
-              programs.nixfmt.enable = true;
-              programs.typos.enable = true;
-              programs.shellcheck.enable = true;
-
-              programs.yamlfmt = {
-                enable = true;
-                settings.retain_line_breaks = true;
-              };
-
-              settings.global.excludes = [
-                "secrets/*"
-                "**/*.png" # tries to format a png file
-              ];
-            };
-          };
-
-        flake =
       let
         pkgs = import nixpkgs {
           config.allowUnfree = true;
@@ -224,6 +186,4 @@
             };
           };
       };
-      }
-    );
 }

modules/caddy.nix

@@ -36,6 +36,15 @@ in
         }
       '';
       environmentFile = config.sops.secrets."caddy/env".path;
+      
+      virtualHosts."keys.cy7.sh".extraConfig = ''
+        import common
+        respond / 200 {
+          body "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6
+        ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPhUt9h5dCcrwOrZNKkStCX5OxumPzEwYXSU/0DgtWgP
+        ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD"
+        }
+      '';
     };
   };
 }