chore(gitlab-ci): ...

.gitlab-ci.yml

@@ -22,15 +22,16 @@ node dependencies:
     - nix -L build -o result .#uniworxNodeDependencies
     - nix-store --export $(nix-store -qR result) > node-dependencies.nar
   before_script: &nix-before
+    - install -m 0644 .gitlab-ci/nix-bootstrap.conf /etc/nix/nix.conf
+    - .gitlab-ci/write-minio-creds.sh
+    - .gitlab-ci/make-minio-bucket.sh
+    - cp -pr --reflink=auto -L .gitlab-ci/upload-to-cache.sh /etc/nix/upload-to-cache.sh
     - install -m 0644 .gitlab-ci/nix.conf /etc/nix/nix.conf
     - git config --global init.defaultBranch master
     - install -v -m 0700 -d ~/.ssh
     - install -v -T -m 0644 "${SSH_KNOWN_HOSTS}" ~/.ssh/known_hosts
     - install -v -T -m 0400 "${SSH_DEPLOY_KEY}" ~/.ssh/deploy && echo "IdentityFile ~/.ssh/deploy" >> ~/.ssh/config; 
     - install -v -T -m 0644 "${FONTAWESOME_NPM_AUTH_FILE}" /etc/fontawesome-token
-  after_script: &nix-after
-    - nix-env -f '<nixpkgs>' -riA tree
-    - tree -a /minio-gitlab-runner-cache
   artifacts:
     paths:
       - node-dependencies.nar

.gitlab-ci/make-minio-bucket.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p bash -p coreutils -p minio-client
+
+export MC_HOST_minio-gitlab-runner-cache=https://$(cat /minio-gitlab-runner-cache/accesskey):$(cat /minio-gitlab-runner-cache/secretkey)@minio-gitlab-runner-cache:9000
+
+mc mb --ignore-existing minio-gitlab-runner-cache/nix-cache

.gitlab-ci/nix-bootstrap.conf

@@ -0,0 +1,5 @@
+sandbox = true
+experimental-features = nix-command flakes ca-references
+substituters = https://hydra.iohk.io https://cache.nixos.org/
+trusted-public-keys = hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
+require-sigs = true

.gitlab-ci/nix.conf

@@ -1,5 +1,6 @@
 sandbox = true
 experimental-features = nix-command flakes ca-references
-substituters = https://hydra.iohk.io https://cache.nixos.org/
+substituters = https://hydra.iohk.io https://cache.nixos.org/ s3://nix-cache?scheme=https&endpoint=minio-gitlab-runner-cache:9000
-trusted-public-keys = hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
+trusted-public-keys = hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= minio-gitlab-runner-cache:ZN5neq93MHqpnieHSBlxGgWvCL0WKrZ2S9QS+U5Bnro=
-require-sigs = true
+require-sigs = true
+post-build-hook = /etc/nix/upload-to-cache.sh

.gitlab-ci/upload-to-cache.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p bash -p coreutils
+
+set -eu
+set -f # disable globbing
+export IFS=' '
+
+echo "Signing and uploading paths" $OUT_PATHS
+exec nix copy --to "s3://nix-cache?scheme=https&endpoint=minio-gitlab-runner-cache:9000&secret-key=${NIX_CACHE_KEYFILE}" $OUT_PATHS

.gitlab-ci/write-minio-creds.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p bash -p coreutils
+
+umask 0750
+mkdir -p ~/.aws
+cat > ~/.aws/credentials <<EOF
+[default]
+aws_access_key_id = $(cat /minio-gitlab-runner-cache/accesskey)
+aws_secret_access_key = $(cat /minio-gitlab-runner-cache/secretkey)
+EOF