From 56aaf9eabca75b02a5c0a9ec312b93f48392e9d4 Mon Sep 17 00:00:00 2001
From: cy <cy@cy7.sh>
Date: Thu, 27 Mar 2025 14:42:22 -0400
Subject: [PATCH 1/3] test s3 cache

---
 .../workflows/build-machines-and-homes.yml    | 22 ++++---------------
 1 file changed, 4 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml
index 1900b0e..25e1a99 100644
--- a/.github/workflows/build-machines-and-homes.yml
+++ b/.github/workflows/build-machines-and-homes.yml
@@ -7,12 +7,12 @@ env:
   ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}
   NIX_CONFIG: |
     show-trace = true
-    extra-substituters = https://cdn.cy7.sh/main
-    extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=
     experimental-features = nix-command flakes
     accept-flake-config = true
     system-features = nixos-test benchmark big-parallel kvm
   TERM: ansi
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }}
 jobs:
   build-machines:
     strategy:
@@ -42,10 +42,6 @@ jobs:
         uses: actions/checkout@v4
         with:
           persist-credentials: false
-      - name: setup attic
-        run: |
-          nix profile install github:zhaofengli/attic
-          attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN"
       - name: build
         run: |
           package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel"
@@ -53,10 +49,7 @@ jobs:
       - name: cache
         if: always()
         run: |
-          package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel"
-          derivation="$(nix path-info --derivation "$package")"
-          cache="$(nix-store --query --requisites --include-outputs "$derivation")"
-          xargs attic push main <<< "$cache"
+          nix copy ".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" --to "s3://nixcache?endpoint=s3.cy7.sh"
   build-homes:
     strategy:
       fail-fast: false
@@ -86,10 +79,6 @@ jobs:
         uses: actions/checkout@v4
         with:
           persist-credentials: false
-      - name: setup attic
-        run: |
-          nix profile install github:zhaofengli/attic
-          attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN"
       - name: build
         run: |
           package=".#homeConfigurations."${{ matrix.home }}".activationPackage"
@@ -97,7 +86,4 @@ jobs:
       - name: cache
         if: always()
         run: |
-          package=".#homeConfigurations."${{ matrix.home }}".activationPackage"
-          derivation="$(nix path-info --derivation "$package")"
-          cache="$(nix-store --query --requisites --include-outputs "$derivation")"
-          xargs attic push main <<< "$cache"
+          nix copy ".#homeConfigurations."${{ matrix.home }}".activationPackage" --to "s3://nixcache?endpoint=s3.cy7.sh"

From 85fe97c35a6cbe6b1bf50446675d3539d2dddde1 Mon Sep 17 00:00:00 2001
From: cy <cy@cy7.sh>
Date: Thu, 27 Mar 2025 14:42:22 -0400
Subject: [PATCH 2/3] test s3 cache

---
 .../workflows/build-machines-and-homes.yml    | 27 +++++++------------
 1 file changed, 9 insertions(+), 18 deletions(-)

diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml
index 1900b0e..e9795a6 100644
--- a/.github/workflows/build-machines-and-homes.yml
+++ b/.github/workflows/build-machines-and-homes.yml
@@ -7,12 +7,13 @@ env:
   ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }}
   NIX_CONFIG: |
     show-trace = true
-    extra-substituters = https://cdn.cy7.sh/main
-    extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=
     experimental-features = nix-command flakes
     accept-flake-config = true
     system-features = nixos-test benchmark big-parallel kvm
+    secret-key-files = ~/cache-priv-key.pem
   TERM: ansi
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }}
 jobs:
   build-machines:
     strategy:
@@ -36,16 +37,14 @@ jobs:
           remove-codeql: 'true'
           remove-docker-images: 'true'
           build-mount-path: /nix
+      - name: setup binary cache key
+        run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> ~/cache-priv-key.pem
       - name: Install Nix
         uses: cachix/install-nix-action@v30
       - name: Sync repository
         uses: actions/checkout@v4
         with:
           persist-credentials: false
-      - name: setup attic
-        run: |
-          nix profile install github:zhaofengli/attic
-          attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN"
       - name: build
         run: |
           package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel"
@@ -53,10 +52,7 @@ jobs:
       - name: cache
         if: always()
         run: |
-          package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel"
-          derivation="$(nix path-info --derivation "$package")"
-          cache="$(nix-store --query --requisites --include-outputs "$derivation")"
-          xargs attic push main <<< "$cache"
+          nix copy ".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" --to "s3://nixcache?endpoint=s3.cy7.sh"
   build-homes:
     strategy:
       fail-fast: false
@@ -80,16 +76,14 @@ jobs:
           remove-codeql: 'true'
           remove-docker-images: 'true'
           build-mount-path: /nix
+      - name: setup binary cache key
+        run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> ~/cache-priv-key.pem
       - name: Install Nix
         uses: cachix/install-nix-action@v30
       - name: Sync repository
         uses: actions/checkout@v4
         with:
           persist-credentials: false
-      - name: setup attic
-        run: |
-          nix profile install github:zhaofengli/attic
-          attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN"
       - name: build
         run: |
           package=".#homeConfigurations."${{ matrix.home }}".activationPackage"
@@ -97,7 +91,4 @@ jobs:
       - name: cache
         if: always()
         run: |
-          package=".#homeConfigurations."${{ matrix.home }}".activationPackage"
-          derivation="$(nix path-info --derivation "$package")"
-          cache="$(nix-store --query --requisites --include-outputs "$derivation")"
-          xargs attic push main <<< "$cache"
+          nix copy ".#homeConfigurations."${{ matrix.home }}".activationPackage" --to "s3://nixcache?endpoint=s3.cy7.sh"

From 146c61cea1e6d0317c9fbbe10d60302f1e837f36 Mon Sep 17 00:00:00 2001
From: cy <cy@cy7.sh>
Date: Thu, 27 Mar 2025 15:00:12 -0400
Subject: [PATCH 3/3] add cache priv and pub key

---
 .github/workflows/build-machines-and-homes.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml
index e9795a6..e8bb79c 100644
--- a/.github/workflows/build-machines-and-homes.yml
+++ b/.github/workflows/build-machines-and-homes.yml
@@ -11,6 +11,8 @@ env:
     accept-flake-config = true
     system-features = nixos-test benchmark big-parallel kvm
     secret-key-files = ~/cache-priv-key.pem
+    extra-substituters = https://nixcache.cy7.sh
+    extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=
   TERM: ansi
   AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
   AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }}