diff --git a/docs/cachix.md b/docs/cachix.md index c0762f2c..756bd7dc 100644 --- a/docs/cachix.md +++ b/docs/cachix.md @@ -25,15 +25,13 @@ cachix use Option B: declarative via flake `nixConfig` (recommended for NixOS) -1. Get the cache public key: +1. Get the cache public key from the Cachix UI: -```sh -cachix show -``` +- Open `https://app.cachix.org/cache/#pull` +- Copy the `Public Key` value shown there. 2. Add it to `nixos/flake.nix` under `nixConfig.extra-substituters` and `nixConfig.extra-trusted-public-keys`. Note: `nixos/nix.nix` sets `nix.settings.accept-flake-config = true`, so the flake `nixConfig` is honored during rebuilds. - diff --git a/justfile b/justfile new file mode 100644 index 00000000..c5be1dae --- /dev/null +++ b/justfile @@ -0,0 +1,47 @@ +set shell := ["bash", "-lc"] + +# Repo-level helpers. +# +# NixOS workflows live under `nixos/justfile`, but it's useful to have a +# top-level command for populating the Cachix cache from a local machine. + +cachix_cache := "colonelpanic8-dotfiles" +nixos_dir := "nixos" +railbird_secrets_stub := "nixos/ci/railbird-secrets-stub" + +# Build the NixOS system closure for `host` and push any new /nix/store paths to Cachix. +# +# Prereqs: +# - Cachix auth configured (either `cachix authtoken ...` or `CACHIX_AUTH_TOKEN` in env) +# +# Usage: +# - `just cachix-populate` (defaults to host=strixi-minaj) +# - `just cachix-populate host=railbird-sf` +cachix-populate host="strixi-minaj": + set -euo pipefail + command -v cachix >/dev/null + command -v nix >/dev/null + + mapfile -t outs < <( + nix build \ + --no-link \ + --print-build-logs \ + --print-out-paths \ + ./{{nixos_dir}}#nixosConfigurations.{{host}}.config.system.build.toplevel \ + --override-input railbird-secrets ./{{railbird_secrets_stub}} + ) + + cachix push {{cachix_cache}} "${outs[@]}" + +# Configure Cachix auth token from the clipboard (Wayland or X11), without echoing it. +# +# Usage: +# - Copy the token from Cachix UI +# - Run `just cachix-auth-from-clipboard` +cachix-auth-from-clipboard: + set -euo pipefail + command -v cachix >/dev/null + + if command -v wl-paste >/dev/null; then wl-paste --no-newline | cachix authtoken --stdin; printf '' | wl-copy; \ + elif command -v xclip >/dev/null; then xclip -o -selection clipboard | tr -d '\n' | cachix authtoken --stdin; printf '' | xclip -selection clipboard; \ + else echo "No clipboard tool found (expected wl-paste or xclip)." >&2; exit 1; fi