plumjam/nixos - Change 6PZGOLUKHIOB2RJRGSD25TWQLPQFP7I3MZA3FQN2QADOYZ54NJFAC

object-storage: Use systemd service to upload in background.

This prevents blocking build loops which could be painfully slow at times.

Created by PlumJam on January 29, 2026

6PZGOLUKHIOB2RJRGSD25TWQLPQFP7I3MZA3FQN2QADOYZ54NJFAC

Dependencies

In channels

main

Change contents

Insertion in modules/object-storage.nix at line 20 [5.6966]

[4.362]

[5.7355]


      # Upload queue processor script.
      uploadProcessor = pkgs.writeShellScriptBin "nix-upload-processor" ''
        #!/usr/bin/env bash
        set -eu
        QUEUE_DIR=/var/cache/nix/upload-queue
        QUEUE_FILE="$QUEUE_DIR/pending"
        PROCESSING="$QUEUE_DIR/processing"
        DONE="$QUEUE_DIR/done"
        PIDFILE="$QUEUE_DIR/processor.pid"
        mkdir -p "$QUEUE_DIR"
        touch "$QUEUE_FILE" "$PROCESSING" "$DONE"
        echo $$ > "$PIDFILE"
        echo "Started (PID: $$)"
        # Use env set by systemd.
        export AWS_ACCESS_KEY_ID=$(cat "$AWS_ACCESS_KEY_ID_PATH")
        export AWS_SECRET_ACCESS_KEY=$(cat "$AWS_SECRET_ACCESS_KEY_PATH")
        while true; do
          # Move pending to processing.
          if [ -s "$QUEUE_FILE" ]; then
            count=$(wc -l < "$QUEUE_FILE")
            echo "Processing $count new path(s)"
            cat "$QUEUE_FILE" >> "$PROCESSING"
            > "$QUEUE_FILE"
          fi
          # Process each path.
          while IFS= read -r path || [ -n "$path" ]; do
            [ -z "$path" ] && continue
            [ -d "$path" ] || continue
            size=$(du -sb "$path" 2>/dev/null | ${getExe pkgs.gawk} '{print $1}' || echo "0")
            # Check if done previously (avoid duplicates).
            if grep -qx "$path" "$DONE" 2>/dev/null; then
              echo "Skipping $path (already uploaded)"
              continue
            fi
            echo "Uploading $path ($((size / 1024)) KiB)"
            if /run/current-system/sw/bin/nix copy --to "${s3Cache}" "$path" 2>&1; then
              echo "Uploaded $path successfully"
              echo "$path" >> "$DONE"
            else
              echo "Failed to upload $path"
            fi
          done < "$PROCESSING"
          > "$PROCESSING"
          # Trim done file.
          if [ -s "$DONE" ]; then
            tail -n 1000 "$DONE" > "$DONE.tmp" || true
            mv "$DONE.tmp" "$DONE" || true
          fi
          sleep 5
        done
      '';

Deletion in modules/object-storage.nix at line 123 [5.6966]

B:BD[5.8405] → [5.8405:8606]

              # Read AWS credentials from agenix
              export AWS_ACCESS_KEY_ID=$(cat ${secrets.s3AccessKey.path})
              export AWS_SECRET_ACCESS_KEY=$(cat ${secrets.s3SecretKey.path})

Replacement in modules/object-storage.nix at line 124 [5.6966]

B:BD[4.1087] → [2.152:231]

              # Minimum size to upload (128 KiB)
              MIN_SIZE=131072

[4.1087]

[4.1166]

              # Add outputs to upload queue.
              QUEUE_DIR=/var/cache/nix/upload-queue
              mkdir -p "$QUEUE_DIR"

Deletion in modules/object-storage.nix at line 128 [5.6966]
∅:D[4.1167] → [5.8606:8644]
B:BD[5.8606] → [5.8606:8644]
```
              # Sign the output paths
```

Replacement in modules/object-storage.nix at line 129 [5.6966]

B:BD[5.8687] → [5.8687:8826]

                /run/current-system/sw/bin/nix store sign --recursive --key-file ${secrets.nixStoreKey.path} "$output" 2>/dev/null || true

[5.8687]

[5.8826]

                echo "$output" >> "$QUEUE_DIR/pending"

Deletion in modules/object-storage.nix at line 131 [5.6966]

B:BD[5.8845] → [4.1168:1238]

∅:D[4.1238] → [5.8880:8923]

B:BD[5.8880] → [5.8880:8923]

B:BD[5.8923] → [4.1239:1297]

B:BD[4.1297] → [3.186:286]


              # Upload to S3 cache (only paths larger than MIN_SIZE)
              for output in $OUT_PATHS; do
                # Get the size of the store path using du
                size=$(du -sb "$output" 2>/dev/null | ${getExe pkgs.gawk} '{print $1}' || echo "0")

Replacement in modules/object-storage.nix at line 132 [5.6966]

B:BD[4.1382] → [4.1382:1594]

∅:D[4.1594] → [5.9003:9022]

B:BD[5.9003] → [5.9003:9022]

                # Only upload if larger than minimum size
                if [ "$size" -ge "$MIN_SIZE" ]; then
                  /run/current-system/sw/bin/nix copy --to "${s3Cache}" "$output"
                fi
              done

[4.1382]

[5.9022]

              exit 0

Insertion in modules/object-storage.nix at line 152 [5.6966]
[5.9630]
[5.9630]
```
        uploadProcessor
```

Insertion in modules/object-storage.nix at line 163 [5.6966]

[4.1838]

[5.9640]

      # Systemd service for continuous upload queue processing
      systemd.services.nix-upload-processor = {
        description = "Nix binary cache upload queue processor";
        after = [
          "network.target"
          "nix-daemon.socket"
        ];
        wantedBy = [ "multi-user.target" ];
        serviceConfig = {
          ExecStart = "${getExe uploadProcessor}";
          LoadCredential = [
            "s3-access-key:${secrets.s3AccessKey.path}"
            "s3-secret-key:${secrets.s3SecretKey.path}"
          ];
          Restart = "on-failure";
          RestartSec = "10s";
          StateDirectory = "nix-upload-queue";
          StateDirectoryMode = "0755";
          CPUQuota = "25%";
        };
        environment = {
          AWS_ACCESS_KEY_ID_PATH = "${secrets.s3AccessKey.path}";
          AWS_SECRET_ACCESS_KEY_PATH = "${secrets.s3SecretKey.path}";
        };
      };