Simon Bruder
20b861a994
Otherwise node 10 will have to be built from source since it no longer gets built by Hydra.
90 lines
2.4 KiB
Nix
90 lines
2.4 KiB
Nix
{ config, inputs, lib, pkgs, ... }:
|
|
let
|
|
# Adapted from https://nixos.wiki/wiki/Overlays
|
|
overlaysCompat = pkgs.writeTextFile {
|
|
name = "overlays-compat";
|
|
destination = "/overlays.nix";
|
|
text = /* nix */ ''
|
|
self: super:
|
|
with super.lib;
|
|
let
|
|
# Load the system config and get the `nixpkgs.overlays` option
|
|
# This fails gracefully if getFlake is not available
|
|
overlays = if builtins.hasAttr "getFlake" builtins
|
|
then (builtins.getFlake "/var/src/config").nixosConfigurations.${config.networking.hostName}.config.nixpkgs.overlays
|
|
else [ ];
|
|
in
|
|
# Apply all overlays to the input of the current "main" overlay
|
|
foldl' (flip extends) (_: super) overlays self
|
|
'';
|
|
};
|
|
in
|
|
{
|
|
sops.secrets = lib.mkIf config.sbruder.trusted {
|
|
binary-cache-secret-key = { };
|
|
nix-netrc = {
|
|
group = "wheel";
|
|
mode = "0440";
|
|
};
|
|
};
|
|
|
|
nix = {
|
|
# nix with flake support
|
|
package = pkgs.nixFlakes;
|
|
|
|
registry = with inputs; {
|
|
nixpkgs.flake = nixpkgs;
|
|
nixpkgs-unstable.flake = nixpkgs-unstable;
|
|
};
|
|
|
|
nixPath = [
|
|
"nixpkgs=${inputs.nixpkgs}"
|
|
"nixpkgs-overlays=${overlaysCompat}"
|
|
];
|
|
# Make sudoers trusted nix users
|
|
trustedUsers = [ "@wheel" ];
|
|
|
|
binaryCaches = [
|
|
"https://nix-cache.sbruder.de/"
|
|
];
|
|
binaryCachePublicKeys = [
|
|
"nix-cache.sbruder.de-1:bU13eF6IMMW2hgO7StgB6JCAoZPeAQ27NAzV0kru1XM="
|
|
];
|
|
|
|
# On-the-fly optimisation of nix store
|
|
autoOptimiseStore = true;
|
|
extraOptions = ''
|
|
experimental-features = nix-command flakes
|
|
'' + lib.optionalString config.sbruder.trusted ''
|
|
# Binary cache upload
|
|
secret-key-files = ${config.sops.secrets.binary-cache-secret-key.path}
|
|
netrc-file = ${config.sops.secrets.nix-netrc.path}
|
|
'' + lib.optionalString config.sbruder.full ''
|
|
# Keep output of derivations with gc root
|
|
keep-outputs = true
|
|
keep-derivations = true
|
|
'';
|
|
|
|
# Make nix build in background less noticeable
|
|
daemonCPUSchedPolicy = "batch";
|
|
daemonIOSchedPriority = 5; # 0-7
|
|
};
|
|
|
|
nixpkgs.overlays = with inputs; [
|
|
self.overlay
|
|
nixpkgs-overlay.overlay
|
|
(final: prev: {
|
|
unstable = import nixpkgs-unstable {
|
|
inherit (config.nixpkgs)
|
|
config
|
|
overlays
|
|
system;
|
|
};
|
|
})
|
|
];
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
cached-nix-shell
|
|
];
|
|
}
|