From d281beea431ab1729b337d5ce3de9b54f66247b2 Mon Sep 17 00:00:00 2001
From: cy <cy@cy7.sh>
Date: Fri, 28 Mar 2025 16:57:46 -0400
Subject: [PATCH 1/3] chunk: rm attic; rclone: use 32 transfers

---
 hosts/chunk/default.nix | 2 --
 hosts/chunk/rclone.nix  | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix
index f016a84..22290c1 100644
--- a/hosts/chunk/default.nix
+++ b/hosts/chunk/default.nix
@@ -190,6 +190,4 @@
 
   # container stuff
   my.containerization.enable = true;
-
-  my.attic.enable = true;
 }
diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix
index 803a188..c592fbb 100644
--- a/hosts/chunk/rclone.nix
+++ b/hosts/chunk/rclone.nix
@@ -14,7 +14,7 @@ let
         --config ${config.sops.secrets."rclone/config".path} \
         --allow-other \
         --cache-dir /var/cache/rclone \
-        --transfers 16 \
+        --transfers 32 \
         --vfs-cache-mode full \
         --vfs-cache-min-free-space 5G \
         --dir-cache-time 30d \

From d4bf0f3ef5a33721149839ba356abaab3032a6b3 Mon Sep 17 00:00:00 2001
From: cy <cy@cy7.sh>
Date: Thu, 27 Mar 2025 23:43:53 -0400
Subject: [PATCH 2/3] workflow: nix copy --all

---
 .github/workflows/build-machines-and-homes.yml | 4 ++--
 .github/workflows/build-packages.yml           | 4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml
index 3b36789..bc1f2db 100644
--- a/.github/workflows/build-machines-and-homes.yml
+++ b/.github/workflows/build-machines-and-homes.yml
@@ -54,7 +54,7 @@ jobs:
       - name: cache
         if: always()
         run: |
-          nix copy ".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" --to "s3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem"
+          nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose
   build-homes:
     strategy:
       fail-fast: false
@@ -93,4 +93,4 @@ jobs:
       - name: cache
         if: always()
         run: |
-          nix copy ".#homeConfigurations."${{ matrix.home }}".activationPackage" --to "s3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem"
+          nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose
diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml
index 3411c89..c530cb7 100644
--- a/.github/workflows/build-packages.yml
+++ b/.github/workflows/build-packages.yml
@@ -16,6 +16,8 @@ env:
     extra-substituters = https://nixcache.cy7.sh
     extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=
   TERM: ansi
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }}
 jobs:
   build-packages:
     strategy:
@@ -42,7 +44,7 @@ jobs:
       - name: cache result
         if: always()
         run: |
-          nix copy "${{ matrix.package }}" --to "s3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem"
+          nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose
       - name: prepare tarball to upload
         run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result
       - name: upload result

From e610ca24e10996f97dcdf68297dbd0c1b9ffc4ed Mon Sep 17 00:00:00 2001
From: cy <cy@cy7.sh>
Date: Fri, 28 Mar 2025 10:48:25 -0400
Subject: [PATCH 3/3] workflow: sign all just in case something got missed

---
 .github/workflows/build-machines-and-homes.yml | 2 ++
 .github/workflows/build-packages.yml           | 1 +
 2 files changed, 3 insertions(+)

diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml
index bc1f2db..7e25ec2 100644
--- a/.github/workflows/build-machines-and-homes.yml
+++ b/.github/workflows/build-machines-and-homes.yml
@@ -55,6 +55,7 @@ jobs:
         if: always()
         run: |
           nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose
+          nix store sign --store 's3://nixcache?endpoint=s3.cy7.sh' -k /home/runner/cache-priv-key.pem --all
   build-homes:
     strategy:
       fail-fast: false
@@ -94,3 +95,4 @@ jobs:
         if: always()
         run: |
           nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose
+          nix store sign --store 's3://nixcache?endpoint=s3.cy7.sh' -k /home/runner/cache-priv-key.pem --all
diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml
index c530cb7..5e779ac 100644
--- a/.github/workflows/build-packages.yml
+++ b/.github/workflows/build-packages.yml
@@ -45,6 +45,7 @@ jobs:
         if: always()
         run: |
           nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose
+          nix store sign --store 's3://nixcache?endpoint=s3.cy7.sh' -k /home/runner/cache-priv-key.pem --all
       - name: prepare tarball to upload
         run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result
       - name: upload result