nix ccache setup no root perms

README.md

What

Basically https://wiki.nixos.org/wiki/CCache

But I have no root perms on a nixos remote builder machine I have been given access to.

This allows ccache setup without having the perms, as /tmp/ccache with 777 perms can bypass that.

Also ccache stats require nixbld user permissions as /tmp/ccache entries are owned by that group while the build is running.

There's also one more thing to keep in mind, can't easily chmod or rm -rf /tmp/ccache anymore.

So one workaround is to breakPointHook into getting a nixbld user and moving or deleting stuff around.

bundle-ccache.nix

{
  ccacheDir ? "/tmp/ccache",
  pkgs ? import ./. {
    overlays = [
      # https://wiki.nixos.org/wiki/CCache
      (self: super: {
        ccacheWrapper = super.ccacheWrapper.override {
          extraConfig = ''
            export CCACHE_COMPRESS=1
            export CCACHE_DIR="${ccacheDir}"
            export CCACHE_UMASK=007
            if [ ! -d "$CCACHE_DIR" ]; then
              echo "====="
              echo "Directory '$CCACHE_DIR' does not exist"
              echo "Please create it with:"
              echo "  sudo mkdir -m0770 '$CCACHE_DIR'"
              echo "  sudo chown root:nixbld '$CCACHE_DIR'"
              echo "====="
              exit 1
            fi
            if [ ! -w "$CCACHE_DIR" ]; then
              echo "====="
              echo "Directory '$CCACHE_DIR' is not accessible for user $(whoami)"
              echo "Please verify its access permissions"
              echo "====="
              exit 1
            fi
          '';
        };
      })
    ];
  },
}:
with pkgs;
{
  # nix-build -A init file.nix
  init = writeShellScriptBin "init-ccache-dir" ''
    mkdir -p ${ccacheDir}
    chmod -R 777 ${ccacheDir}
  '';
  # nix-build -A build file.nix
  build = collabora-online;
  # nix-build -A watch file.nix
  # NOTE:
  # without root permission, pretend to be nixbld to get ccache stats
  watch = writeShellScriptBin "nix-ccache-watch" (
    let
      nixScript = writeText "ccache-stats.nix" ''
        with import <nixpkgs> { };
        stdenv.mkDerivation {
          dontUnpack = true;
          buildPhase = ${"''"}
            ''${lib.getExe ccache} -s -d ${ccacheDir}
            touch $out
          ${"''"};
          name = "ccache-stats";
        }
      '';
    in
    ''
      nix-build ${nixScript} --option extra-sandbox-paths ${ccacheDir} --no-out-link 2>&1 >/dev/null
      ${lib.getExe viddy} --disable_auto_save -n 1 -d '
          nix-build ${nixScript} \
            --option extra-sandbox-paths ${ccacheDir} \
            --no-out-link \
            --check 2>&1 \
          | sed -n "/Cacheable calls:/,/Running phase: installPhase/{ /Running phase:/d; p; }"
        '
    ''
    # | grep -A 9 "Cacheable calls:"
  );
  devtools = writeShellScriptBin "init-devtools" ''
    nix profile add nixpkgs#{lf,lazygit,gdu,duf,btop,sysz,git,tmux,nix-output-monitor,micro,fzf,ccache,nixfmt,viddy}
  '';
}