update nix ssh cache
This commit is contained in:
parent
868496d2b9
commit
72e4e38fe9
4 changed files with 43 additions and 43 deletions
|
@ -34,21 +34,11 @@ let
|
|||
|
||||
${lib.optionalString (nixCacheSshPrivateKeyPath != null) ''
|
||||
NIX_CACHE_SSH_PRIVATE_KEY_PATH="${nixCacheSshPrivateKeyPath}"
|
||||
NIX_CACHE_SSH_PUBLIC_KEY="# nix-cache.wopus.dev:22 SSH-2.0-OpenSSH_10.0
|
||||
nix-cache.wopus.dev ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINU71N5QxdCmM7N25SnOg6u+YLmv92znpeDcyIDamldI"
|
||||
. ${./gitlab-runner/nix-cache-start}
|
||||
''}
|
||||
'';
|
||||
|
||||
pushStoreContents =
|
||||
{
|
||||
authenticationTokenConfigFile,
|
||||
nixCacheSshPrivateKeyPath ? null,
|
||||
...
|
||||
}:
|
||||
pkgs.writeScriptBin "push-to-cache" ''
|
||||
${lib.optionalString (nixCacheSshPrivateKeyPath != null) ''
|
||||
. ${./gitlab-runner/nix-cache-end}
|
||||
''}
|
||||
'';
|
||||
in
|
||||
rec {
|
||||
mkNixRunnerFull =
|
||||
|
@ -72,13 +62,13 @@ rec {
|
|||
"/tmp:/tmp"
|
||||
"/var/run/docker.sock:/var/run/docker.sock"
|
||||
"/var/lib/docker/containers:/var/lib/docker/containers"
|
||||
"/cache"
|
||||
]
|
||||
++ lib.optionals (nixCacheSshPrivateKeyPath != null) [
|
||||
"${nixCacheSshPrivateKeyPath}:${nixCacheSshPrivateKeyPath}"
|
||||
];
|
||||
dockerDisableCache = true;
|
||||
# dockerDisableCache = true;
|
||||
preBuildScript = "\". ${lib.getExe (installNixScript args)}\"";
|
||||
postBuildScript = "\". ${lib.getExe (pushStoreContents args)}\"";
|
||||
environmentVariables = {
|
||||
ENV = "/etc/profile";
|
||||
USER = "root";
|
||||
|
|
|
@ -1,21 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
echo "nix-cache: Storing new store items"
|
||||
NEW_NIX_STORE_CONTENTS_FILE=$(mktemp)
|
||||
find /nix/store/ -maxdepth 1 > $NEW_NIX_STORE_CONTENTS_FILE
|
||||
|
||||
sort $OLD_NIX_STORE_CONTENTS_FILE -o $OLD_NIX_STORE_CONTENTS_FILE
|
||||
sort $NEW_NIX_STORE_CONTENTS_FILE -o $NEW_NIX_STORE_CONTENTS_FILE
|
||||
|
||||
echo "nix-cache: Comparing store paths"
|
||||
FILTERED_NIX_STORE_CONTENTS_FILE=$(mktemp)
|
||||
comm -13 $OLD_NIX_STORE_CONTENTS_FILE $NEW_NIX_STORE_CONTENTS_FILE > $FILTERED_NIX_STORE_CONTENTS_FILE
|
||||
echo "nix-cache: New store paths:"
|
||||
cat $FILTERED_NIX_STORE_CONTENTS_FILE | sed 's/^/ /g'
|
||||
|
||||
if test -n "$(head -n1 $FILTERED_NIX_STORE_CONTENTS_FILE)"; then
|
||||
echo "nix-cache: Sending new paths to cache"
|
||||
nix copy --to "$STORE_URL" $(cat $FILTERED_NIX_STORE_CONTENTS_FILE) || true
|
||||
else
|
||||
echo "nix-cache: Nothing to send"
|
||||
fi
|
|
@ -1,18 +1,49 @@
|
|||
#!/bin/sh
|
||||
|
||||
echo "nix-cache: Setting up ssh key and host"
|
||||
STORE_HOST_PUB_KEY="IyBuaXgtY2FjaGUud29wdXMuZGV2OjIyIFNTSC0yLjAtT3BlblNTSF8xMC4wCm5peC1jYWNoZS53b3B1cy5kZXYgc3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU5VNzFONVF4ZENtTTdOMjVTbk9nNnUrWUxtdjkyem5wZURjeUlEYW1sZEkK"
|
||||
echo "nix-cache: Setting up ssh key and host" >&2
|
||||
STORE_HOST_PUB_KEY="$(echo "$NIX_CACHE_SSH_PUBLIC_KEY" | base64 | tr -d '\n')"
|
||||
STORE_URL="ssh://nix-ssh@nix-cache.wopus.dev?trusted=true&compress=true&ssh-key=$NIX_CACHE_SSH_PRIVATE_KEY_PATH&base64-ssh-public-host-key=$STORE_HOST_PUB_KEY"
|
||||
echo STORE_URL="$STORE_URL"
|
||||
echo STORE_URL="$STORE_URL" >&2
|
||||
|
||||
NIX_EXTRA_CONFIG_FILE=$(mktemp)
|
||||
cat > "$NIX_EXTRA_CONFIG_FILE" <<EOF
|
||||
extra-substituters = $STORE_URL
|
||||
EOF
|
||||
|
||||
echo "nix-cache: Adding remote cache as substituter"
|
||||
echo "nix-cache: Adding remote cache as substituter" >&2
|
||||
export NIX_USER_CONF_FILES="$NIX_EXTRA_CONFIG_FILE:$NIX_USER_CONF_FILES"
|
||||
|
||||
echo "nix-cache: Storing existing store items"
|
||||
OLD_NIX_STORE_CONTENTS_FILE=$(mktemp)
|
||||
find /nix/store/ -maxdepth 1 > $OLD_NIX_STORE_CONTENTS_FILE
|
||||
echo "nix-cache: Setting up nix hook" >&2
|
||||
nix() {
|
||||
echo "nix-cache: executing nix hook" >&2
|
||||
command nix "$@"
|
||||
local STATUS="$?"
|
||||
|
||||
local BUILD=no
|
||||
if test "$STATUS" = "0"; then
|
||||
for arg in "$@"; do
|
||||
echo "nix-cache: evaluating arg '$arg'" >&2
|
||||
case "$arg" in
|
||||
build)
|
||||
echo "nix-cache: enablig upload" >&2
|
||||
BUILD=yes
|
||||
;;
|
||||
-*)
|
||||
echo "nix-cache: ignoring argument '$arg'" >&2
|
||||
;;
|
||||
*)
|
||||
if test "$BUILD" = yes; then
|
||||
echo "nix-cache: Sending path $arg" >&2
|
||||
command nix copy --to "$STORE_URL" "$arg" || true
|
||||
else
|
||||
echo "nix-cache: not building, ignoring argument '$arg'" >&2
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
done
|
||||
else
|
||||
echo "nix-cache: nix exited with code '$STATUS', ignoring" >&2
|
||||
fi
|
||||
|
||||
return "$STATUS"
|
||||
}
|
||||
|
|
|
@ -11,7 +11,7 @@ in
|
|||
virtualisation.docker.enable = true;
|
||||
services.gitlab-runner = {
|
||||
enable = true;
|
||||
settings.concurrent = 12;
|
||||
settings.concurrent = 6;
|
||||
services = {
|
||||
# runner for building in docker via host's nix-daemon
|
||||
# nix store will be readable in runner, might be insecure
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue