#!/bin/sh
# Bootstrap nix environment for CI (runs inside nixos/nix:latest)
set -ex

# Direct to armer public IP — bypass Cloudflare upload size limits
# Hairpin NAT on armer handles redirect for pods running on armer itself
echo "79.76.48.244 git.oleks.space nix-cache-upload.oleks.space" >>/etc/hosts

cat >>/etc/nix/nix.conf <<'EOF'
experimental-features = nix-command flakes
trusted-substituters = https://nix-cache-mirror.oleks.space https://nix-cache-custom.oleks.space/attic-infra-cache-k3s-1
substituters = https://nix-cache-mirror.oleks.space https://nix-cache-custom.oleks.space/attic-infra-cache-k3s-1
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc= cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E= nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA= attic-infra-cache-k3s-1:qYSNK3DmttQXCFqn1t50qoWGtQNPRFWq9mgQjD05DeU=
EOF

if [ -n "$GITEA_CLONE_TOKEN" ]; then
	echo "machine git.oleks.space login oleks password $GITEA_CLONE_TOKEN" >~/.netrc
	chmod 600 ~/.netrc
fi