103 lines
3.3 KiB
Nix
103 lines
3.3 KiB
Nix
{ config, lib, pkgs, inputs, namespace, host, ... }:
|
|
let
|
|
inherit (lib) types mkIf;
|
|
inherit (lib.${namespace}) mkBoolOpt mkOpt;
|
|
|
|
cfg = config.${namespace}.nix;
|
|
in
|
|
{
|
|
options.${namespace}.nix = {
|
|
enable = mkBoolOpt true "Whether or not to manage nix configuration.";
|
|
package = mkOpt types.package pkgs.nixVersions.latest "Which nix package to use.";
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
nix =
|
|
let
|
|
mappedRegistry = lib.pipe inputs [
|
|
(lib.filterAttrs (_: lib.isType "flake"))
|
|
(lib.mapAttrs (_: flake: { inherit flake; }))
|
|
(x: x // {
|
|
nixpkgs.flake = if pkgs.stdenv.hostPlatform.isLinux then inputs.nixpkgs else inputs.nixpkgs-unstable;
|
|
})
|
|
(x: if pkgs.stdenv.hostPlatform.isDarwin then lib.removeAttrs x [ "nixpkgs-unstable" ] else x)
|
|
];
|
|
users = [
|
|
"root"
|
|
"@wheel"
|
|
"nix-builder"
|
|
"evanreichard"
|
|
];
|
|
in
|
|
{
|
|
inherit (cfg) package;
|
|
|
|
buildMachines = lib.optional (config.${namespace}.security.sops.enable && host != "nixos-builder") {
|
|
hostName = "10.0.50.130";
|
|
systems = [ "x86_64-linux" ];
|
|
sshUser = "evanreichard";
|
|
protocol = "ssh";
|
|
sshKey = config.sops.secrets.builder_ssh_key.path;
|
|
supportedFeatures = [
|
|
"benchmark"
|
|
"big-parallel"
|
|
"nixos-test"
|
|
"kvm"
|
|
];
|
|
};
|
|
|
|
checkConfig = true;
|
|
distributedBuilds = true;
|
|
optimise.automatic = true;
|
|
registry = mappedRegistry;
|
|
|
|
gc = {
|
|
automatic = true;
|
|
options = "--delete-older-than 7d";
|
|
};
|
|
|
|
settings = {
|
|
connect-timeout = 5;
|
|
allowed-users = users;
|
|
max-jobs = "auto";
|
|
auto-optimise-store = pkgs.stdenv.hostPlatform.isLinux;
|
|
builders-use-substitutes = true;
|
|
experimental-features = [
|
|
"nix-command"
|
|
"flakes "
|
|
];
|
|
flake-registry = "/etc/nix/registry.json";
|
|
http-connections = 50;
|
|
keep-derivations = true;
|
|
keep-going = true;
|
|
keep-outputs = true;
|
|
log-lines = 50;
|
|
sandbox = true;
|
|
trusted-users = users;
|
|
warn-dirty = false;
|
|
use-xdg-base-directories = true;
|
|
|
|
substituters = [
|
|
"https://anyrun.cachix.org"
|
|
"https://cache.nixos.org"
|
|
"https://hyprland.cachix.org"
|
|
"https://nix-community.cachix.org"
|
|
"https://nixpkgs-unfree.cachix.org"
|
|
"https://nixpkgs-wayland.cachix.org"
|
|
"https://numtide.cachix.org"
|
|
];
|
|
|
|
trusted-public-keys = [
|
|
"anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
|
|
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
|
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
|
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
|
"nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs="
|
|
"nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
|
|
"numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE="
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|