From 4d7f5a6e89522755cd8ef97c85fe9252db93ae6e Mon Sep 17 00:00:00 2001
From: cy <cy@cy7.sh>
Date: Fri, 28 Mar 2025 18:01:35 -0400
Subject: [PATCH 1/4] workflow: try yet another way to cache

---
 .../workflows/build-machines-and-homes.yml    | 28 +++++++++++++++----
 1 file changed, 22 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml
index 1272cc1..5fd1579 100644
--- a/.github/workflows/build-machines-and-homes.yml
+++ b/.github/workflows/build-machines-and-homes.yml
@@ -73,9 +73,18 @@ jobs:
         if: always()
         run: |
           package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel"
-          nix copy -j8 \
-            --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \
-            $(nix path-info --recursive --derivation "$package" |sed 's/\.drv$/.drv^*/')
+          derivations=()
+          while IFS=$'\n' read derivation; do
+              derivations+=("$derivation")
+          done < <(nix path-info --recursive --derivation "$package")
+
+          for derivation in "${derivations[@]}"; do
+              cache+=(
+              )
+              nix copy -j8 \
+                --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \
+                $(nix-store --query --requisites --include-outputs "$derivation")
+          done
 
   build-homes:
     strategy:
@@ -132,6 +141,13 @@ jobs:
         if: always()
         run: |
           package=".#homeConfigurations."${{ matrix.home }}".activationPackage"
-          nix copy -j8 \
-            --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \
-            $(nix path-info --recursive --derivation "$package" |sed 's/\.drv$/.drv^*/')
+          derivations=()
+          while IFS=$'\n' read derivation; do
+              derivations+=("$derivation")
+          done < <(nix path-info --recursive --derivation "$package")
+
+          for derivation in "${derivations[@]}"; do
+              nix copy -j8 \
+                --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \
+                $(nix-store --query --requisites --include-outputs "$derivation")
+          done

From 96011436f792ac641f95694c9eded8adacb55874 Mon Sep 17 00:00:00 2001
From: cy <cy@cy7.sh>
Date: Fri, 28 Mar 2025 18:20:41 -0400
Subject: [PATCH 2/4] workflow: no recursive and temp no always()

---
 .github/workflows/build-machines-and-homes.yml | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml
index 5fd1579..f04d05f 100644
--- a/.github/workflows/build-machines-and-homes.yml
+++ b/.github/workflows/build-machines-and-homes.yml
@@ -70,17 +70,15 @@ jobs:
           nix build -L "$package"
 
       - name: cache
-        if: always()
+        # if: always()
         run: |
           package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel"
           derivations=()
           while IFS=$'\n' read derivation; do
               derivations+=("$derivation")
-          done < <(nix path-info --recursive --derivation "$package")
+          done < <(nix path-info --derivation "$package")
 
           for derivation in "${derivations[@]}"; do
-              cache+=(
-              )
               nix copy -j8 \
                 --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \
                 $(nix-store --query --requisites --include-outputs "$derivation")
@@ -138,13 +136,13 @@ jobs:
           nix build -L "$package"
 
       - name: cache
-        if: always()
+        # if: always()
         run: |
           package=".#homeConfigurations."${{ matrix.home }}".activationPackage"
           derivations=()
           while IFS=$'\n' read derivation; do
               derivations+=("$derivation")
-          done < <(nix path-info --recursive --derivation "$package")
+          done < <(nix path-info --derivation "$package")
 
           for derivation in "${derivations[@]}"; do
               nix copy -j8 \

From dc781b5bc836ddce2b3536f3d47b5624b24afad2 Mon Sep 17 00:00:00 2001
From: cy <cy@cy7.sh>
Date: Fri, 28 Mar 2025 18:28:48 -0400
Subject: [PATCH 3/4] workflow: use !cancelled() instead of always()

---
 .github/workflows/build-machines-and-homes.yml | 6 ++++--
 .github/workflows/build-packages.yml           | 3 ++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml
index f04d05f..2bf0350 100644
--- a/.github/workflows/build-machines-and-homes.yml
+++ b/.github/workflows/build-machines-and-homes.yml
@@ -70,7 +70,8 @@ jobs:
           nix build -L "$package"
 
       - name: cache
-        # if: always()
+        # https://stackoverflow.com/a/58859404
+        if: '!cancelled()'
         run: |
           package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel"
           derivations=()
@@ -136,7 +137,8 @@ jobs:
           nix build -L "$package"
 
       - name: cache
-        # if: always()
+        # https://stackoverflow.com/a/58859404
+        if: '!cancelled()'
         run: |
           package=".#homeConfigurations."${{ matrix.home }}".activationPackage"
           derivations=()
diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml
index 637afbf..1118650 100644
--- a/.github/workflows/build-packages.yml
+++ b/.github/workflows/build-packages.yml
@@ -59,7 +59,8 @@ jobs:
       - run: nix build -L ${{ matrix.package }}
 
       - name: cache result
-        if: always()
+        # https://stackoverflow.com/a/58859404
+        if: '!cancelled()'
         run: |
           nix copy -j8 \
             --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \

From 7b164cd2b76423a23947b7261b33fc6288324ec5 Mon Sep 17 00:00:00 2001
From: cy <cy@cy7.sh>
Date: Sat, 29 Mar 2025 01:57:18 -0400
Subject: [PATCH 4/4] try to use caddy file_server with s3

---
 hosts/chunk/garage.nix      | 15 +++++++++++++++
 modules/caddy.nix           |  3 ++-
 secrets/services/caddy.yaml |  6 +++---
 3 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix
index b046a4b..ae37251 100644
--- a/hosts/chunk/garage.nix
+++ b/hosts/chunk/garage.nix
@@ -46,5 +46,20 @@
         reverse_proxy localhost:3902
       '';
     };
+    "dl.cy7.sh".extraConfig = ''
+      import common
+      fs dl
+      file_server {
+        browse
+      }
+    '';
   };
+
+  services.caddy.globalConfig = ''
+    filesystem dl s3 {
+      bucket caddy-dl
+      region us-east-1
+      endpoint https://s3.cy7.sh
+    }
+  '';
 }
diff --git a/modules/caddy.nix b/modules/caddy.nix
index 3e6ca63..17325d2 100644
--- a/modules/caddy.nix
+++ b/modules/caddy.nix
@@ -20,8 +20,9 @@ in
           # error message will tell you the correct version tag to use
           # (still need the @ to pass nix config check)
           "github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de"
+          "github.com/sagikazarmark/caddy-fs-s3@v0.7.1-0.20250228151755-8e8ed9e5aab9"
         ];
-        hash = "sha256-YYpsf8HMONR1teMiSymo2y+HrKoxuJMKIea5/NEykGc=";
+        hash = "sha256-7IdAmp3O5yTUPFwWkwKAQpAqbNUazB5yG3b/WCq8GP0=";
       };
       logFormat = lib.mkForce "level INFO";
       acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
diff --git a/secrets/services/caddy.yaml b/secrets/services/caddy.yaml
index 5f3ea62..fb2cc85 100644
--- a/secrets/services/caddy.yaml
+++ b/secrets/services/caddy.yaml
@@ -1,5 +1,5 @@
 caddy:
-    env: ENC[AES256_GCM,data:fyP1pPJgO9jN0ypC09s0Sz+HlUX42fl6DxWevYYevKdlKTgz5VHQfbELhy6vejmg9v+zFB3/AtSZfWJQB2dNX4Zm/L42wf5QZ7oYoa9QTujJjRgE96OXM77ioNy2DzFzpGw3w16QoC7zaR8UHSN1KL6qRj5xxKw0U6Apxhc0AuBoLvNHOgn8CHY92Q4OBcA1tJn8tgLB9uZB5Ge/2BlEjdSQ0sZMLkE+dHC4/0IILVFrrv1sWRXvXt6t5njF,iv:tF5GRPFYZSuKRgDAY1e8/J7jNQAEqDpgXlpwWW+1P4E=,tag:lK/BUErXNIPgqXPzGJvPTQ==,type:str]
+    env: ENC[AES256_GCM,data:NBE8mVyz1lN+W6UHNa0KYnEYNtyK6bTQH/HgZ2OsGXSBXrse38Ga3CRw/rHgKrLSkjSx7faUrn0s1/8nNWY4gz2Ntv9N+HtKgQhXaxXhgp9BpH6ClVEL65s7F81Gr3SsZ3SlLra4cDDZ9ytX8/RxZ+httllVhODOmTyVtow9abNRwTJogdqf5gRBQvd1LnjXR6ET7VMZFTM2JETnxiax/LS1DSsp5XgJtQfmhL8eZ3hz6SZxReD1DC+5pg4=,iv:d/R4Fi3Ylqv4I2EIOX9Pzfpep8U5ctgrIRMEFTsL8e0=,tag:aV/6Z3k6ZjnF0/z49liwIw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -33,8 +33,8 @@ sops:
             Q2hBZE1FOHJ3aW5rVmoyK045eG11cmsKFOmP5iWONREZvxu0rM+fKMPQKgnYq5LH
             AKMZFsP7nnUxjdCXEA18sDg4Rf0qp8i3uQK3D6P7417j9ye/YZA4BQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-08T21:05:07Z"
-    mac: ENC[AES256_GCM,data:vgGCrCJMBxjiCWZYymlaPKTekA1Weprwgtc4xcoPVlDsuljkXDth+aAZPpnakE/nSXhGC6jGJOHdtrsIUTkH2R9WQHIdZDBy+VrVQoV6xE3ijfWyIujcIPwz3s1MGBqRFUYum1XMU5FAcIASiYV7PDxj/f6fsLbjKZCc9/kG3GE=,iv:PSvlssl+Gx+Gcw6/zccIKJDeNz3dJ0kHnPmCrAdBnqQ=,tag:6F/JKBFNxKEgMTyYZ3W0Vg==,type:str]
+    lastmodified: "2025-03-29T05:03:16Z"
+    mac: ENC[AES256_GCM,data:94JoFG2sBvPOD4lquq8Ck1sGzNIiPDjufRuBz2mXbLA0Lx11xL2/dkdQA2A9Eb2DE0TRtPPMl8JHwGWcUac+dWdeYXcu0LRxZxWHp/ajoHnYHbBRzxdM2gRtb0igkBTCMxDtBH8zOoMNn/g1U/m1m8G/fAoWf4VCB2wGpy7WrRA=,iv:OqQzOf6QRYZiHqerE0Cn8JPrhzcgHkSn2tdhDLbFEq4=,tag:LwRgqPNj+fNhM70Bq7vIXw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.4