2021-05-15 10:04:44 +02:00
|
|
|
{ config, inputs, lib, pkgs, ... }:
|
2021-04-09 11:34:49 +02:00
|
|
|
let
|
2021-05-01 16:30:48 +02:00
|
|
|
# Adapted from https://nixos.wiki/wiki/Overlays
|
2021-04-09 11:34:49 +02:00
|
|
|
overlaysCompat = pkgs.writeTextFile {
|
|
|
|
name = "overlays-compat";
|
|
|
|
destination = "/overlays.nix";
|
2021-08-05 13:23:07 +02:00
|
|
|
text = /* nix */ ''
|
2021-04-09 11:34:49 +02:00
|
|
|
self: super:
|
|
|
|
with super.lib;
|
|
|
|
let
|
|
|
|
# Load the system config and get the `nixpkgs.overlays` option
|
2021-05-01 16:30:48 +02:00
|
|
|
# This fails gracefully if getFlake is not available
|
|
|
|
overlays = if builtins.hasAttr "getFlake" builtins
|
|
|
|
then (builtins.getFlake "/var/src/config").nixosConfigurations.${config.networking.hostName}.config.nixpkgs.overlays
|
|
|
|
else [ ];
|
2021-04-09 11:34:49 +02:00
|
|
|
in
|
|
|
|
# Apply all overlays to the input of the current "main" overlay
|
|
|
|
foldl' (flip extends) (_: super) overlays self
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
in
|
|
|
|
{
|
2021-09-08 20:01:15 +02:00
|
|
|
sops.secrets = lib.mkIf config.sbruder.trusted {
|
|
|
|
binary-cache-secret-key = { };
|
|
|
|
nix-netrc = {
|
|
|
|
group = "wheel";
|
|
|
|
mode = "0440";
|
|
|
|
};
|
2021-04-09 11:34:49 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
nix = {
|
2021-05-01 15:22:57 +02:00
|
|
|
# nix with flake support
|
2021-12-01 17:56:35 +01:00
|
|
|
package = pkgs.nixFlakes;
|
2021-05-01 15:22:57 +02:00
|
|
|
|
2021-05-15 10:04:44 +02:00
|
|
|
registry = with inputs; {
|
|
|
|
nixpkgs.flake = nixpkgs;
|
|
|
|
nixpkgs-unstable.flake = nixpkgs-unstable;
|
|
|
|
};
|
|
|
|
|
2021-04-09 11:34:49 +02:00
|
|
|
nixPath = [
|
2021-05-15 10:04:44 +02:00
|
|
|
"nixpkgs=${inputs.nixpkgs}"
|
2021-04-09 11:34:49 +02:00
|
|
|
"nixpkgs-overlays=${overlaysCompat}"
|
|
|
|
];
|
|
|
|
# Make sudoers trusted nix users
|
|
|
|
trustedUsers = [ "@wheel" ];
|
|
|
|
|
|
|
|
binaryCaches = [
|
|
|
|
"https://nix-cache.sbruder.de/"
|
|
|
|
];
|
|
|
|
binaryCachePublicKeys = [
|
|
|
|
"nix-cache.sbruder.de-1:bU13eF6IMMW2hgO7StgB6JCAoZPeAQ27NAzV0kru1XM="
|
|
|
|
];
|
|
|
|
|
|
|
|
# On-the-fly optimisation of nix store
|
|
|
|
autoOptimiseStore = true;
|
|
|
|
extraOptions = ''
|
2021-09-08 20:01:15 +02:00
|
|
|
experimental-features = nix-command flakes
|
|
|
|
'' + lib.optionalString config.sbruder.trusted ''
|
2021-04-09 11:34:49 +02:00
|
|
|
# Binary cache upload
|
|
|
|
secret-key-files = ${config.sops.secrets.binary-cache-secret-key.path}
|
|
|
|
netrc-file = ${config.sops.secrets.nix-netrc.path}
|
|
|
|
'' + lib.optionalString config.sbruder.full ''
|
|
|
|
# Keep output of derivations with gc root
|
|
|
|
keep-outputs = true
|
|
|
|
keep-derivations = true
|
|
|
|
'';
|
2021-12-06 16:00:41 +01:00
|
|
|
|
2021-04-09 11:34:49 +02:00
|
|
|
# Make nix build in background less noticeable
|
2021-11-20 16:29:48 +01:00
|
|
|
daemonCPUSchedPolicy = "batch";
|
|
|
|
daemonIOSchedPriority = 5; # 0-7
|
2021-12-06 16:00:41 +01:00
|
|
|
};
|
2021-05-15 10:04:44 +02:00
|
|
|
|
|
|
|
nixpkgs.overlays = with inputs; [
|
|
|
|
self.overlay
|
|
|
|
nixpkgs-overlay.overlay
|
|
|
|
(final: prev: {
|
|
|
|
unstable = import nixpkgs-unstable {
|
|
|
|
inherit (config.nixpkgs)
|
|
|
|
config
|
|
|
|
overlays
|
|
|
|
system;
|
|
|
|
};
|
|
|
|
})
|
|
|
|
];
|
2021-07-11 10:43:43 +02:00
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
cached-nix-shell
|
|
|
|
];
|
2021-04-09 11:34:49 +02:00
|
|
|
}
|