ops/nixos: add GCP binary cache

ops/nixos/default.nix

@@ -19,6 +19,9 @@ let
         exec sudo "$0" "$@"
       fi
 
+      export AWS_ACCESS_KEY_ID="${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}"
+      export AWS_SECRET_ACCESS_KEY="${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}"
+
       system="$(nix-build -E '(import <depot> {}).ops.nixos.${system}' --no-out-link)"
       nix-env -p /nix/var/nix/profiles/system --set "$system"
       "$system/bin/switch-to-configuration" switch

ops/nixos/lib/common.nix

@@ -5,7 +5,13 @@ in
 {
   hardware.enableRedistributableFirmware = true;
 
-  nix.nixPath = [ "depot=/home/lukegb/depot/" "nixpkgs=/home/lukegb/depot/third_party/nixpkgs/" ];
+  nix = {
+    nixPath = [ "depot=/home/lukegb/depot/" "nixpkgs=/home/lukegb/depot/third_party/nixpkgs/" ];
+    trustedUsers = [ "root" "@wheel" ];
+    binaryCaches = lib.mkForce [ "https://hydra.nixos.org/" "s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1" ];
+    trustedBinaryCaches = lib.mkForce [ "https://hydra.nixos.org/" "s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1" ];
+  };
+  nixpkgs.config = { allowUnfree = true; };
 
   i18n.defaultLocale = "en_GB.UTF-8";
   console.keyMap = "us";
@@ -20,8 +26,6 @@ in
     allowPing = true;
   };
 
-  nixpkgs.config = { allowUnfree = true; };
-
   users.mutableUsers = false;
   users.users = let secrets = depot.ops.secrets; in {
     root.hashedPassword = secrets.passwordHashes.root;