65 lines
1.8 KiB
Nix
65 lines
1.8 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
let
|
|
# Adapted from https://nixos.wiki/wiki/Overlays
|
|
overlaysCompat = pkgs.writeTextFile {
|
|
name = "overlays-compat";
|
|
destination = "/overlays.nix";
|
|
text = ''
|
|
self: super:
|
|
with super.lib;
|
|
let
|
|
# Load the system config and get the `nixpkgs.overlays` option
|
|
# This fails gracefully if getFlake is not available
|
|
overlays = if builtins.hasAttr "getFlake" builtins
|
|
then (builtins.getFlake "/var/src/config").nixosConfigurations.${config.networking.hostName}.config.nixpkgs.overlays
|
|
else [ ];
|
|
in
|
|
# Apply all overlays to the input of the current "main" overlay
|
|
foldl' (flip extends) (_: super) overlays self
|
|
'';
|
|
};
|
|
in
|
|
{
|
|
sops.secrets.binary-cache-secret-key = { };
|
|
sops.secrets.nix-netrc = {
|
|
group = "wheel";
|
|
mode = "0440";
|
|
};
|
|
|
|
nix = {
|
|
# nix with flake support
|
|
package = pkgs.nixUnstable;
|
|
|
|
nixPath = [
|
|
"nixpkgs-overlays=${overlaysCompat}"
|
|
];
|
|
# Make sudoers trusted nix users
|
|
trustedUsers = [ "@wheel" ];
|
|
|
|
binaryCaches = [
|
|
"https://nix-cache.sbruder.de/"
|
|
];
|
|
binaryCachePublicKeys = [
|
|
"nix-cache.sbruder.de-1:bU13eF6IMMW2hgO7StgB6JCAoZPeAQ27NAzV0kru1XM="
|
|
];
|
|
|
|
# On-the-fly optimisation of nix store
|
|
autoOptimiseStore = true;
|
|
extraOptions = ''
|
|
# Binary cache upload
|
|
secret-key-files = ${config.sops.secrets.binary-cache-secret-key.path}
|
|
netrc-file = ${config.sops.secrets.nix-netrc.path}
|
|
|
|
experimental-features = nix-command flakes
|
|
'' + lib.optionalString config.sbruder.full ''
|
|
# Keep output of derivations with gc root
|
|
keep-outputs = true
|
|
keep-derivations = true
|
|
'';
|
|
|
|
# Make nix build in background less noticeable
|
|
daemonNiceLevel = 10;
|
|
daemonIONiceLevel = 5; # 0-7
|
|
};
|
|
}
|