5 changed files with 135 additions and 102 deletions
--- a/.github/workflows/build-machines-and-homes.yml
+++ b/.github/workflows/build-machines-and-homes.yml
@ -76,11 +76,16 @@ jobs:
        if: '!cancelled()'
        run: |
          package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel"
-          nix run git+https://git.cy7.sh/cy/nixcp.git -- \
+          derivations=()
+          while IFS=$'\n' read derivation; do
+              derivations+=("$derivation")
+          done < <(nix path-info --derivation "$package")
+
+          for derivation in "${derivations[@]}"; do
+              nix copy -j8 \
                --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \
-            -u https://nix-community.cachix.org \
-            -u https://nixcache.cy7.sh \
-            $package
+                $(nix-store --query --requisites --include-outputs "$derivation")
+          done

  build-homes:
    strategy:
@ -148,8 +153,13 @@ jobs:
        if: '!cancelled()'
        run: |
          package=".#homeConfigurations."${{ matrix.home }}".activationPackage"
-          nix run git+https://git.cy7.sh/cy/nixcp.git -- \
+          derivations=()
+          while IFS=$'\n' read derivation; do
+              derivations+=("$derivation")
+          done < <(nix path-info --derivation "$package")
+
+          for derivation in "${derivations[@]}"; do
+              nix copy -j8 \
                --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \
-            -u https://nix-community.cachix.org \
-            -u https://nixcache.cy7.sh \
-            $package
+                $(nix-store --query --requisites --include-outputs "$derivation")
+          done
--- a/.github/workflows/build-packages.yml
+++ b/.github/workflows/build-packages.yml
@ -64,11 +64,16 @@ jobs:
        # https://stackoverflow.com/a/58859404
        if: '!cancelled()'
        run: |
-          nix run git+https://git.cy7.sh/cy/nixcp.git -- \
+          derivations=()
+          while IFS=$'\n' read derivation; do
+              derivations+=("$derivation")
+          done < <(nix path-info --derivation "${{ matrix.package }}")
+
+          for derivation in "${derivations[@]}"; do
+              nix copy -j8 \
                --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \
-            -u https://nix-community.cachix.org \
-            -u https://nixcache.cy7.sh \
-            "${{ matrix.package }}"
+                $(nix-store --query --requisites --include-outputs "$derivation")
+          done

      - name: prepare tarball to upload
        run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result
--- a/flake.lock
+++ b/flake.lock
@ -273,7 +273,9 @@
    },
    "flake-parts_2": {
      "inputs": {
-        "nixpkgs-lib": "nixpkgs-lib"
+        "nixpkgs-lib": [
+          "nixpkgs"
+        ]
      },
      "locked": {
        "lastModified": 1741352980,
@ -761,21 +763,6 @@
        "type": "github"
      }
    },
-    "nixpkgs-lib": {
-      "locked": {
-        "lastModified": 1743296961,
-        "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "type": "github"
-      }
-    },
    "nixpkgs-stable": {
      "locked": {
        "lastModified": 1730741070,
--- a/flake.nix
+++ b/flake.nix
@ -29,6 +29,10 @@
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.flake-parts.follows = "flake-parts";
    };
+    flake-parts = {
+      url = "github:hercules-ci/flake-parts";
+      inputs.nixpkgs-lib.follows = "nixpkgs";
+    };
    rust-overlay = {
      url = "github:oxalica/rust-overlay";
      inputs.nixpkgs.follows = "nixpkgs";
@ -97,7 +101,6 @@
    flake-utils.url = "github:numtide/flake-utils";
    crane.url = "github:ipetkov/crane";
    flake-compat.url = "github:edolstra/flake-compat";
-    flake-parts.url = "github:hercules-ci/flake-parts";
  };

  nixConfig = {
@ -116,8 +119,43 @@
      self,
      nixpkgs,
      home-manager,
+      flake-parts,
      ...
    }@inputs:
+    flake-parts.lib.mkFlake { inherit inputs; } (
+      { ... }:
+      {
+        imports = [
+          inputs.treefmt.flakeModule
+        ];
+        systems = [
+          "x86_64-linux"
+        ];
+        perSystem =
+          {
+            inputs',
+            ...
+          }:
+          {
+            treefmt = {
+              projectRootFile = "flake.nix";
+              programs.nixfmt.enable = true;
+              programs.typos.enable = true;
+              programs.shellcheck.enable = true;
+
+              programs.yamlfmt = {
+                enable = true;
+                settings.retain_line_breaks = true;
+              };
+
+              settings.global.excludes = [
+                "secrets/*"
+                "**/*.png" # tries to format a png file
+              ];
+            };
+          };
+
+        flake =
          let
            pkgs = import nixpkgs {
              config.allowUnfree = true;
@ -186,4 +224,6 @@
                };
              };
          };
+      }
+    );
 }
--- a/modules/caddy.nix
+++ b/modules/caddy.nix
@ -36,15 +36,6 @@ in
        }
      '';
      environmentFile = config.sops.secrets."caddy/env".path;
-      
-      virtualHosts."keys.cy7.sh".extraConfig = ''
-        import common
-        respond / 200 {
-          body "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6
-        ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPhUt9h5dCcrwOrZNKkStCX5OxumPzEwYXSU/0DgtWgP
-        ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD"
-        }
-      '';
    };
  };
 }