From d846bc6ce5e0295b3ee61041761dd7cd97f7cf16 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Wed, 30 Jun 2021 09:05:22 -0400
Subject: [PATCH] Configure our binary cache on deployment-update-capable
 systems

---
 nixos/modules/deployment.nix | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/nixos/modules/deployment.nix b/nixos/modules/deployment.nix
index bd8f06fc..aa2d1d39 100755
--- a/nixos/modules/deployment.nix
+++ b/nixos/modules/deployment.nix
@@ -30,6 +30,18 @@ in {
   };
 
   config = {
+    # Configure the system to use our binary cache so that deployment updates
+    # only require downloading pre-built software, not building it ourselves.
+    nix = {
+      binaryCachePublicKeys = [
+        "saxtons.private.storage:MplOcEH8G/6mRlhlKkbA8GdeFR3dhCFsSszrspE/ZwY="
+      ];
+      binaryCaches = [
+        "http://saxtons.private.storage"
+      ];
+    };
+
+    # Configure the deployment user.
     users.users.deployment = {
       # Without some shell no login is possible at all, even to execute our
       # restricted command.
@@ -39,6 +51,7 @@ in {
       createHome = true;
       home = "/home/deployment";
 
+      # Authorize the supplied key to run the deployment update command.
       openssh.authorizedKeys.keys = [
         (restrictedKey {
           inherit (cfg) authorizedKey gridName;
-- 
GitLab