2024-06-24 11:38:28 -04:00
|
|
|
# Core Nix configuration
|
|
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
inputs,
|
2024-09-28 00:47:38 -04:00
|
|
|
lib,
|
|
|
|
|
pkgs,
|
2024-06-24 11:38:28 -04:00
|
|
|
...
|
|
|
|
|
}:
|
|
|
|
|
|
|
|
|
|
let
|
|
|
|
|
cfg = config.aux.system;
|
2024-09-28 00:47:38 -04:00
|
|
|
|
|
|
|
|
nixos-upgrade-script = pkgs.writeShellScriptBin "nixos-upgrade-script" (
|
|
|
|
|
builtins.readFile ../../bin/nixos-upgrade-script.sh
|
|
|
|
|
);
|
2024-06-24 11:38:28 -04:00
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
options = {
|
2024-09-08 11:58:56 -04:00
|
|
|
aux.system = {
|
|
|
|
|
allowUnfree = lib.mkEnableOption "Allow unfree packages to install.";
|
|
|
|
|
retentionPeriod = lib.mkOption {
|
|
|
|
|
description = "How long to retain NixOS generations. Defaults to one month.";
|
|
|
|
|
type = lib.types.str;
|
|
|
|
|
default = "monthly";
|
|
|
|
|
};
|
2024-09-28 13:18:26 -04:00
|
|
|
nixos-upgrade-script.enable = lib.mkEnableOption "Installs the nos (nixos-upgrade-script) helper script.";
|
2024-06-24 11:38:28 -04:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
config = {
|
|
|
|
|
nixpkgs.config.allowUnfree = cfg.allowUnfree;
|
|
|
|
|
nix = {
|
|
|
|
|
settings = {
|
|
|
|
|
# Enable Flakes
|
|
|
|
|
experimental-features = [
|
|
|
|
|
"nix-command"
|
|
|
|
|
"flakes"
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
# Use Lix instead of Nix
|
|
|
|
|
substituters = [ "https://cache.lix.systems" ];
|
|
|
|
|
trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ];
|
|
|
|
|
|
|
|
|
|
# Only allow these users to use Nix
|
2024-09-08 11:58:56 -04:00
|
|
|
allowed-users = with config.users.users; [
|
|
|
|
|
root.name
|
2024-09-28 00:47:38 -04:00
|
|
|
(lib.mkIf config.aux.system.users.aires.enable aires.name)
|
2024-06-24 11:38:28 -04:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
# Avoid signature verification messages when doing remote builds
|
2024-09-28 00:47:38 -04:00
|
|
|
trusted-users = with config.users.users; [
|
|
|
|
|
root.name
|
|
|
|
|
(lib.mkIf config.aux.system.users.aires.enable aires.name)
|
|
|
|
|
];
|
2024-06-24 11:38:28 -04:00
|
|
|
};
|
|
|
|
|
|
2024-09-09 20:00:14 -04:00
|
|
|
# Optimize the Nix store on each build
|
|
|
|
|
settings.auto-optimise-store = true;
|
2024-07-29 17:31:28 -04:00
|
|
|
# Enable garbage collection
|
|
|
|
|
gc = {
|
|
|
|
|
automatic = true;
|
|
|
|
|
dates = "weekly";
|
|
|
|
|
options = "--delete-older-than ${cfg.retentionPeriod}";
|
|
|
|
|
persistent = true;
|
|
|
|
|
randomizedDelaySec = "1hour";
|
|
|
|
|
};
|
2024-06-24 11:38:28 -04:00
|
|
|
|
|
|
|
|
# Configure NixOS to use the same software channel as Flakes
|
2024-08-30 14:17:06 -04:00
|
|
|
registry.nixpkgs.flake = inputs.nixpkgs;
|
|
|
|
|
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
|
2024-06-24 11:38:28 -04:00
|
|
|
|
2024-07-11 12:50:48 -04:00
|
|
|
# Configure remote build machines
|
2024-09-08 11:58:56 -04:00
|
|
|
# To enable a system to use remote build machines, add `nix.distributedBuilds = true;` to its config
|
2024-06-24 11:38:28 -04:00
|
|
|
buildMachines = [
|
|
|
|
|
{
|
2024-09-08 11:58:56 -04:00
|
|
|
hostName = "hevana";
|
2024-06-24 11:38:28 -04:00
|
|
|
systems = [
|
|
|
|
|
"x86_64-linux"
|
|
|
|
|
"aarch64-linux"
|
|
|
|
|
];
|
|
|
|
|
protocol = "ssh-ng";
|
|
|
|
|
supportedFeatures = [
|
|
|
|
|
"nixos-test"
|
|
|
|
|
"kvm"
|
|
|
|
|
"benchmark"
|
|
|
|
|
"big-parallel"
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
# When using a builder, use its package store
|
|
|
|
|
extraOptions = ''
|
|
|
|
|
builders-use-substitutes = true
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Support for standard, dynamically-linked executables
|
|
|
|
|
programs.nix-ld.enable = true;
|
2024-09-28 00:47:38 -04:00
|
|
|
|
|
|
|
|
aux.system.packages = [ (lib.mkIf cfg.nixos-upgrade-script.enable nixos-upgrade-script) ];
|
2024-06-24 11:38:28 -04:00
|
|
|
};
|
|
|
|
|
}
|
