aires/nix-configuration
aires/nix-configuration
1
0
Fork 0
Code Actions Activity
nix-configuration/modules/system/nix.nix

84 lines
2.2 KiB
Nix
Raw Blame History

# Core Nix configuration
{
pkgs,
config,
lib,
inputs,
...
}:
let
cfg = config.aux.system;
in
{
options = {
aux.system.allowUnfree = lib.mkEnableOption (lib.mdDoc "Allow unfree packages to install.");
aux.system.retentionPeriod = lib.mkOption {
description = "How long to retain NixOS generations. Defaults to 30 days (30d).";
type = lib.types.str;
default = "30d";
};
};
config = {
nixpkgs.config.allowUnfree = cfg.allowUnfree;
nix = {
settings = {
# Enable Flakes
experimental-features = [
"nix-command"
"flakes"
];
# Use Lix instead of Nix
substituters = [ "https://cache.lix.systems" ];
trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ];
# Only allow these users to use Nix
allowed-users = [
"root"
config.users.users.aires.name
];
# Avoid signature verification messages when doing remote builds
trusted-users = [
config.users.users.aires.name
] ++ lib.optionals (config.aux.system.users.gremlin.enable) [ config.users.users.gremlin.name ];
};
# Enable periodic nix store optimization
optimise.automatic = true;
# Configure NixOS to use the same software channel as Flakes
registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
# Configure remote build machines (mainly Haven)
# To enable remote builds for a specific host, add `nix.distributedBuilds = true;` to its config
buildMachines = [
{
hostName = "haven";
systems = [
"x86_64-linux"
"aarch64-linux"
];
protocol = "ssh-ng";
supportedFeatures = [
"nixos-test"
"kvm"
"benchmark"
"big-parallel"
];
}
];
# When using a builder, use its package store
extraOptions = ''
builders-use-substitutes = true
'';
};
# Support for standard, dynamically-linked executables
programs.nix-ld.enable = true;
};
}
View git blame Copy permalink