36 lines
1 KiB
Nix
36 lines
1 KiB
Nix
{ nixpkgs, nixpkgs-git, nixpkgs-stable, pkgs, config, lib, ... }:
|
|
|
|
let
|
|
cfg = config.machine;
|
|
emptyGlobalRegistry = pkgs.writeText "registry.json" ''{ "flakes": [], "version": 2 }'';
|
|
in {
|
|
nix = {
|
|
package = pkgs.nix;
|
|
registry = {
|
|
nixpkgs.flake = nixpkgs;
|
|
nixpkgs-git.flake = nixpkgs-git;
|
|
nixpkgs-stable.flake = nixpkgs-stable;
|
|
};
|
|
settings = {
|
|
max-jobs = 4;
|
|
cores = 1;
|
|
sandbox = true;
|
|
auto-optimise-store = true;
|
|
trusted-substituters = [
|
|
"https://cache.nixos.org"
|
|
] ++ cfg.binaryCaches;
|
|
# TODO: integrate into sops
|
|
# trusted-public-keys = [ (lib.fileContents "${cfg.secretPath}/hydra_cache.pub") ];
|
|
substituters = [
|
|
"https://cache.nixos.org"
|
|
] ++ cfg.binaryCaches;
|
|
allowed-users = [ "root" ] ++ (map (n: n.name) cfg.administrators);
|
|
};
|
|
extraOptions = ''
|
|
build-timeout = 86400 # 24 hours
|
|
experimental-features = nix-command flakes
|
|
flake-registry = ${emptyGlobalRegistry}
|
|
'';
|
|
};
|
|
}
|