nixos/config/nix.nix

{
  nixpkgs,
  nixpkgs-git,
  nixpkgs-stable,
  pkgs,
  config,
  lib,
  ...
}: let
  cfg = config.machine;
  emptyGlobalRegistry = pkgs.writeText "registry.json" ''{ "flakes": [], "version": 2 }'';
in {
  nix = {
    package = pkgs.nix;
    registry = {
      nixpkgs.flake = nixpkgs;
      nixpkgs-git.flake = nixpkgs-git;
      nixpkgs-stable.flake = nixpkgs-stable;
    };
    settings = {
      max-jobs = 4;
      cores = 1;
      sandbox = true;
      auto-optimise-store = true;
      trusted-substituters =
        [
          "https://cache.nixos.org"
        ]
        ++ cfg.binaryCaches;
      # TODO: integrate into sops
      # trusted-public-keys = [ (lib.fileContents "${cfg.secretPath}/hydra_cache.pub") ];
      substituters =
        [
          "https://cache.nixos.org"
        ]
        ++ cfg.binaryCaches;
      allowed-users = ["root"] ++ (map (n: n.name) cfg.administrators);
    };
    extraOptions = ''
      build-timeout = 86400  # 24 hours
      experimental-features = nix-command flakes
      flake-registry = ${emptyGlobalRegistry}
    '';
  };
}
Format the entire project. 2023-09-11 20:23:04 +02:00			`{`
			`nixpkgs,`
			`nixpkgs-git,`
			`nixpkgs-stable,`
			`pkgs,`
			`config,`
			`lib,`
			`...`
			`}: let`
nix-serve should no longer use the default store. Move binaryCaches into the machine submodule. 2019-12-14 07:46:00 +01:00			`cfg = config.machine;`
Remove remote globla registry. 2023-06-28 09:00:41 +02:00			`emptyGlobalRegistry = pkgs.writeText "registry.json" ''{ "flakes": [], "version": 2 }'';`
nix-serve should no longer use the default store. Move binaryCaches into the machine submodule. 2019-12-14 07:46:00 +01:00			`in {`
Fresh repo without sensitive data. 2019-02-26 13:44:40 +01:00			`nix = {`
Switch back to default nix packages as it is newer. 2023-01-29 14:13:13 +01:00			`package = pkgs.nix;`
Add pinned nix stable and git checkout to registry. 2023-08-26 08:53:39 +02:00			`registry = {`
			`nixpkgs.flake = nixpkgs;`
			`nixpkgs-git.flake = nixpkgs-git;`
			`nixpkgs-stable.flake = nixpkgs-stable;`
			`};`
Some nix options have been renamed. 2022-02-02 20:21:14 +01:00			`settings = {`
			`max-jobs = 4;`
			`cores = 1;`
			`sandbox = true;`
			`auto-optimise-store = true;`
Format the entire project. 2023-09-11 20:23:04 +02:00			`trusted-substituters =`
			`[`
			`"https://cache.nixos.org"`
			`]`
			`++ cfg.binaryCaches;`
WIP sops for Lilim -> enable pure eval. 2023-04-15 16:27:27 +02:00			`# TODO: integrate into sops`
			`# trusted-public-keys = [ (lib.fileContents "${cfg.secretPath}/hydra_cache.pub") ];`
Format the entire project. 2023-09-11 20:23:04 +02:00			`substituters =`
			`[`
			`"https://cache.nixos.org"`
			`]`
			`++ cfg.binaryCaches;`
			`allowed-users = ["root"] ++ (map (n: n.name) cfg.administrators);`
Some nix options have been renamed. 2022-02-02 20:21:14 +01:00			`};`
Fresh repo without sensitive data. 2019-02-26 13:44:40 +01:00			`extraOptions = ''`
			`build-timeout = 86400 # 24 hours`
Update to Nix 2.4 2021-11-02 09:44:06 +01:00			`experimental-features = nix-command flakes`
Remove remote globla registry. 2023-06-28 09:00:41 +02:00			`flake-registry = ${emptyGlobalRegistry}`
Fresh repo without sensitive data. 2019-02-26 13:44:40 +01:00			`'';`
			`};`
			`}`