nix-configuration/modules/nixos/system/nix/default.nix

# Core Nix configuration
{
  config,
  inputs,
  lib,
  pkgs,
  namespace,
  system,
  ...
}:

let
  cfg = config.${namespace}.nix;

  nixos-operations-script = pkgs.writeShellScriptBin "nixos-operations-script" (
    builtins.readFile (lib.snowfall.fs.get-file "bin/nixos-operations-script.sh")
  );
in
{
  options.${namespace}.nix = {
    retention = lib.mkOption {
      description = "How long to retain NixOS generations. Defaults to two weeks.";
      type = lib.types.str;
      default = "14d";
    };
    nixos-operations-script.enable = lib.mkEnableOption "Installs the nos (nixos-operations-script) helper script.";
  };
  config = lib.mkMerge [
    {
      nix = {
        # Use Lix in place of Nix
        package = inputs.lix.packages.${system}.default;

        # Ensure we can still build when secondary caches are unavailable
        extraOptions = ''
          fallback = true
        '';

        settings = {
          # Enable Flakes
          experimental-features = [
            "nix-command"
            "flakes"
          ];

          # Set up secondary binary caches for Lix and Hevana
          substituters = [
            "https://cache.lix.systems"
            "https://${config.${namespace}.secrets.services.binary-cache.url}"
          ];
          trusted-public-keys = [
            "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
            config.${namespace}.secrets.services.binary-cache.pubcert
          ];

          # Authentication for Hevana's binary cache
          netrc-file =
            with config.${namespace}.secrets.services.binary-cache;
            pkgs.writeText "netrc" ''
              machine ${url} login ${auth.username} password ${auth.password}
            '';

          # Only allow these users to use Nix
          allowed-users = with config.users.users; [
            root.name
            (lib.mkIf config.${namespace}.users.aires.enable aires.name)
            (lib.mkIf config.${namespace}.users.gremlin.enable gremlin.name)
          ];

          # Avoid signature verification messages when doing remote builds
          trusted-users = with config.users.users; [
            root.name
            (lib.mkIf config.${namespace}.users.aires.enable aires.name)
          ];
        };

        # Optimize the Nix store on each build
        settings.auto-optimise-store = true;
        # Enable garbage collection
        gc = {
          automatic = true;
          dates = "weekly";
          options = "--delete-older-than ${cfg.retention}";
          persistent = true;
          randomizedDelaySec = "1hour";
        };

        # Configure NixOS to use the same software channel as Flakes
        registry.nixpkgs.flake = inputs.nixpkgs;
        nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
      };

      # Support for standard, dynamically-linked executables
      programs.nix-ld.enable = true;
    }
    (lib.mkIf cfg.nixos-operations-script.enable {
      # Enable and configure NOS
      ${namespace}.packages = [ nixos-operations-script ];
      environment.variables."FLAKE_DIR" = config.${namespace}.secrets.nixConfigFolder;
    })
  ];
}
First attempt at merging Aux template with config 2024-06-24 15:38:28 +00:00			`# Core Nix configuration`
			`{`
			`config,`
			`inputs,`
General: custom NixOS upgrade helper script 2024-09-28 04:47:38 +00:00			`lib,`
			`pkgs,`
General: switch to Snowfall lib 2024-12-06 18:04:47 +00:00			`namespace,`
			`system,`
First attempt at merging Aux template with config 2024-06-24 15:38:28 +00:00			`...`
			`}:`

			`let`
Nix: tweak retention options and defaults 2024-12-07 17:46:48 +00:00			`cfg = config.${namespace}.nix;`
General: custom NixOS upgrade helper script 2024-09-28 04:47:38 +00:00
General: rename nixos-upgrade-script to nixos-operations-script 2024-10-06 16:13:36 +00:00			`nixos-operations-script = pkgs.writeShellScriptBin "nixos-operations-script" (`
General: code cleanup; Khanda: replace Intel driver 2024-12-07 17:07:12 +00:00			`builtins.readFile (lib.snowfall.fs.get-file "bin/nixos-operations-script.sh")`
General: custom NixOS upgrade helper script 2024-09-28 04:47:38 +00:00			`);`
First attempt at merging Aux template with config 2024-06-24 15:38:28 +00:00			`in`
			`{`
Nix: tweak retention options and defaults 2024-12-07 17:46:48 +00:00			`options.${namespace}.nix = {`
			`retention = lib.mkOption {`
			`description = "How long to retain NixOS generations. Defaults to two weeks.";`
			`type = lib.types.str;`
			`default = "14d";`
First attempt at merging Aux template with config 2024-06-24 15:38:28 +00:00			`};`
Nix: tweak retention options and defaults 2024-12-07 17:46:48 +00:00			`nixos-operations-script.enable = lib.mkEnableOption "Installs the nos (nixos-operations-script) helper script.";`
First attempt at merging Aux template with config 2024-06-24 15:38:28 +00:00			`};`
General: cleanup NixOS helper script 2024-09-29 20:06:16 +00:00			`config = lib.mkMerge [`
			`{`
			`nix = {`
General: switch to Snowfall lib 2024-12-06 18:04:47 +00:00			`# Use Lix in place of Nix`
			`package = inputs.lix.packages.${system}.default;`

			`# Ensure we can still build when secondary caches are unavailable`
Hevana: add authentication to binary cache 2024-12-02 16:26:29 +00:00			`extraOptions = ''`
			`fallback = true`
			`'';`

General: cleanup NixOS helper script 2024-09-29 20:06:16 +00:00			`settings = {`
			`# Enable Flakes`
			`experimental-features = [`
			`"nix-command"`
			`"flakes"`
			`];`
First attempt at merging Aux template with config 2024-06-24 15:38:28 +00:00
Services: initial work on hosting a Nix binary cache on Hevana 2024-12-02 02:01:53 +00:00			`# Set up secondary binary caches for Lix and Hevana`
			`substituters = [`
			`"https://cache.lix.systems"`
Hevana: re-add gremlin-lab to ACME cert. Also update secrets namespace 2024-12-09 18:30:39 +00:00			`"https://${config.${namespace}.secrets.services.binary-cache.url}"`
Services: initial work on hosting a Nix binary cache on Hevana 2024-12-02 02:01:53 +00:00			`];`
			`trusted-public-keys = [`
			`"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="`
Hevana: re-add gremlin-lab to ACME cert. Also update secrets namespace 2024-12-09 18:30:39 +00:00			`config.${namespace}.secrets.services.binary-cache.pubcert`
Services: initial work on hosting a Nix binary cache on Hevana 2024-12-02 02:01:53 +00:00			`];`
First attempt at merging Aux template with config 2024-06-24 15:38:28 +00:00
Hevana: add authentication to binary cache 2024-12-02 16:26:29 +00:00			`# Authentication for Hevana's binary cache`
			`netrc-file =`
Hevana: re-add gremlin-lab to ACME cert. Also update secrets namespace 2024-12-09 18:30:39 +00:00			`with config.${namespace}.secrets.services.binary-cache;`
Hevana: add authentication to binary cache 2024-12-02 16:26:29 +00:00			`pkgs.writeText "netrc" ''`
			`machine ${url} login ${auth.username} password ${auth.password}`
			`'';`

General: cleanup NixOS helper script 2024-09-29 20:06:16 +00:00			`# Only allow these users to use Nix`
			`allowed-users = with config.users.users; [`
			`root.name`
General: switch to Snowfall lib 2024-12-06 18:04:47 +00:00			`(lib.mkIf config.${namespace}.users.aires.enable aires.name)`
			`(lib.mkIf config.${namespace}.users.gremlin.enable gremlin.name)`
General: cleanup NixOS helper script 2024-09-29 20:06:16 +00:00			`];`
First attempt at merging Aux template with config 2024-06-24 15:38:28 +00:00
General: cleanup NixOS helper script 2024-09-29 20:06:16 +00:00			`# Avoid signature verification messages when doing remote builds`
			`trusted-users = with config.users.users; [`
			`root.name`
General: switch to Snowfall lib 2024-12-06 18:04:47 +00:00			`(lib.mkIf config.${namespace}.users.aires.enable aires.name)`
General: cleanup NixOS helper script 2024-09-29 20:06:16 +00:00			`];`
			`};`
First attempt at merging Aux template with config 2024-06-24 15:38:28 +00:00
General: cleanup NixOS helper script 2024-09-29 20:06:16 +00:00			`# Optimize the Nix store on each build`
			`settings.auto-optimise-store = true;`
			`# Enable garbage collection`
			`gc = {`
			`automatic = true;`
			`dates = "weekly";`
Nix: tweak retention options and defaults 2024-12-07 17:46:48 +00:00			`options = "--delete-older-than ${cfg.retention}";`
General: cleanup NixOS helper script 2024-09-29 20:06:16 +00:00			`persistent = true;`
			`randomizedDelaySec = "1hour";`
			`};`
First attempt at merging Aux template with config 2024-06-24 15:38:28 +00:00
General: cleanup NixOS helper script 2024-09-29 20:06:16 +00:00			`# Configure NixOS to use the same software channel as Flakes`
			`registry.nixpkgs.flake = inputs.nixpkgs;`
			`nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];`
			`};`
General: custom NixOS upgrade helper script 2024-09-28 04:47:38 +00:00
General: cleanup NixOS helper script 2024-09-29 20:06:16 +00:00			`# Support for standard, dynamically-linked executables`
			`programs.nix-ld.enable = true;`
			`}`
General: rename nixos-upgrade-script to nixos-operations-script 2024-10-06 16:13:36 +00:00			`(lib.mkIf cfg.nixos-operations-script.enable {`
General: cleanup NixOS helper script 2024-09-29 20:06:16 +00:00			`# Enable and configure NOS`
General: switch to Snowfall lib 2024-12-06 18:04:47 +00:00			`${namespace}.packages = [ nixos-operations-script ];`
Hevana: re-add gremlin-lab to ACME cert. Also update secrets namespace 2024-12-09 18:30:39 +00:00			`environment.variables."FLAKE_DIR" = config.${namespace}.secrets.nixConfigFolder;`
General: cleanup NixOS helper script 2024-09-29 20:06:16 +00:00			`})`
			`];`
First attempt at merging Aux template with config 2024-06-24 15:38:28 +00:00			`}`