monolith: enable nix cache over ssh

system/gitlab-runner/nix-cache-end

@@ -0,0 +1,21 @@
+#!/bin/sh
+
+echo "nix-cache: Storing new store items"
+NEW_NIX_STORE_CONTENTS_FILE=$(mktemp)
+find /nix/store/ -maxdepth 1 > $NEW_NIX_STORE_CONTENTS_FILE
+
+sort $OLD_NIX_STORE_CONTENTS_FILE -o $OLD_NIX_STORE_CONTENTS_FILE
+sort $NEW_NIX_STORE_CONTENTS_FILE -o $NEW_NIX_STORE_CONTENTS_FILE
+
+echo "nix-cache: Comparing store paths"
+FILTERED_NIX_STORE_CONTENTS_FILE=$(mktemp)
+comm -13 $OLD_NIX_STORE_CONTENTS_FILE $NEW_NIX_STORE_CONTENTS_FILE > $FILTERED_NIX_STORE_CONTENTS_FILE
+echo "nix-cache: New store paths:"
+cat $FILTERED_NIX_STORE_CONTENTS_FILE | sed 's/^/    /g'
+
+if test -n "$(head -n1 $FILTERED_NIX_STORE_CONTENTS_FILE)"; then
+    echo "nix-cache: Sending new paths to cache"
+    nix copy --to "$STORE_URL" $(cat $FILTERED_NIX_STORE_CONTENTS_FILE) || true
+else
+    echo "nix-cache: Nothing to send"
+fi

system/gitlab-runner/nix-cache-start

@@ -0,0 +1,18 @@
+#!/bin/sh
+
+echo "nix-cache: Setting up ssh key and host"
+STORE_HOST_PUB_KEY="IyBuaXgtY2FjaGUud29wdXMuZGV2OjIyIFNTSC0yLjAtT3BlblNTSF8xMC4wCm5peC1jYWNoZS53b3B1cy5kZXYgc3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU5VNzFONVF4ZENtTTdOMjVTbk9nNnUrWUxtdjkyem5wZURjeUlEYW1sZEkK"
+STORE_URL="ssh://nix-ssh@nix-cache.wopus.dev?trusted=true&compress=true&ssh-key=$NIX_CACHE_SSH_PRIVATE_KEY_PATH&base64-ssh-public-host-key=$STORE_HOST_PUB_KEY"
+echo STORE_URL="$STORE_URL"
+
+NIX_EXTRA_CONFIG_FILE=$(mktemp)
+cat > "$NIX_EXTRA_CONFIG_FILE" <<EOF
+  extra-substituters = $STORE_URL
+EOF
+
+echo "nix-cache: Adding remote cache as substituter"
+export NIX_USER_CONF_FILES="$NIX_EXTRA_CONFIG_FILE:$NIX_USER_CONF_FILES"
+
+echo "nix-cache: Storing existing store items"
+OLD_NIX_STORE_CONTENTS_FILE=$(mktemp)
+find /nix/store/ -maxdepth 1 > $OLD_NIX_STORE_CONTENTS_FILE