Enable binary cache usage

This adds a new Make task `cache` that will build and push a machine
configuration into the cache (requires an auth token).

This configures pulling to use my binary cache, which is public and
doesn't require any auth tokens. I only push my NixOS configs there
which are already all public and contain no secrets.

Cachix has to be configured in bootstrap0 because it requires a full
complete Nix run before its active (not active until the next run). So
by doing it in bootstrap0, our bootstrap uses the cache which is the
custom part.

Author: mitchellh

Makefile

@@ -19,6 +19,14 @@ switch:
 test:
 	sudo NIXPKGS_ALLOW_UNSUPPORTED_SYSTEM=1 nixos-rebuild test --flake ".#$(NIXNAME)"
 
+# This builds the given NixOS configuration and pushes the results to the
+# cache. This does not alter the current running system. This requires
+# cachix authentication to be configured out of band.
+cache:
+	nix build '.#nixosConfigurations.$(NIXNAME).config.system.build.toplevel' --json \
+		| jq -r '.[].outputs | to_entries[].value' \
+		| cachix push mitchellh-nixos-config
+
 # bootstrap a brand new VM. The VM should have NixOS ISO on the CD drive
 # and just set the password of the root user to "root". This will install
 # NixOS. After installing NixOS, you must reboot and set the root password
@@ -45,6 +53,8 @@ vm/bootstrap0:
 		sed --in-place '/system\.stateVersion = .*/a \
 			nix.package = pkgs.nixUnstable;\n \
 			nix.extraOptions = \"experimental-features = nix-command flakes\";\n \
+			nix.binaryCaches = [\"https://mitchellh-nixos-config.cachix.org\"];\n \
+			nix.binaryCachePublicKeys = [\"mitchellh-nixos-config.cachix.org-1:bjEbXJyLrL1HZZHBbO4QALnI5faYZppzkU4D2s0G8RQ=\"];\n \
   			services.openssh.enable = true;\n \
 			services.openssh.passwordAuthentication = true;\n \
 			services.openssh.permitRootLogin = \"yes\";\n \
@@ -64,7 +74,6 @@ vm/bootstrap:
 		sudo reboot; \
 	"
 
-
 # copy our secrets into the VM
 vm/secrets:
 	# GPG keyring

machines/vm-shared.nix

@@ -4,15 +4,21 @@
   # Be careful updating this.
   boot.kernelPackages = pkgs.linuxPackages_latest;
 
-  # use unstable nix so we can access flakes
   nix = {
+    # use unstable nix so we can access flakes
     package = pkgs.nixUnstable;
     extraOptions = ''
       experimental-features = nix-command flakes
       keep-outputs = true
       keep-derivations = true
     '';
-   };
+
+    # public binary cache that I use for all my derivations. You can keep
+    # this, use your own, or toss it. Its typically safe to use a binary cache
+    # since the data inside is checksummed.
+    binaryCaches = ["https://mitchellh-nixos-config.cachix.org"];
+    binaryCachePublicKeys = ["mitchellh-nixos-config.cachix.org-1:bjEbXJyLrL1HZZHBbO4QALnI5faYZppzkU4D2s0G8RQ="];
+  };
 
   # We expect to run the VM on hidpi machines.
   hardware.video.hidpi.enable = true;
@@ -90,6 +96,7 @@
   # List packages installed in system profile. To search, run:
   # $ nix search wget
   environment.systemPackages = with pkgs; [
+    cachix
     gnumake
     killall
     niv