83 lines
2.4 KiB
Nix
83 lines
2.4 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}:
|
|
|
|
{
|
|
sops.secrets.nix-access-tokens = { };
|
|
sops.secrets.nix-access-tokens-all.mode = "0440";
|
|
sops.secrets.nix-access-tokens-all.group = config.users.groups."keys".name;
|
|
nix.extraOptions = ''
|
|
!include ${config.sops.secrets.nix-access-tokens.path}
|
|
!include ${config.sops.secrets.nix-access-tokens-all.path}
|
|
'';
|
|
|
|
# https://nix.dev/manual/nix/stable/command-ref/conf-file.html
|
|
# https://nix.dev/manual/nix/latest/command-ref/conf-file.html
|
|
# https://docs.lix.systems/manual/lix/stable/command-ref/conf-file.html
|
|
nix.settings = {
|
|
|
|
# === behaviour
|
|
experimental-features = [
|
|
"nix-command"
|
|
"flakes"
|
|
# "pipe-operator" # not supported on lix 2.91
|
|
];
|
|
log-lines = 35;
|
|
# keep-going = true;
|
|
|
|
# === access
|
|
#nix.settings.allowed-users = [ "@builders" ]; # TODO: this
|
|
allowed-users = [
|
|
# default is [ "*" ]
|
|
"root"
|
|
"@wheel"
|
|
];
|
|
trusted-users = [
|
|
"root"
|
|
"@wheel"
|
|
];
|
|
|
|
# === eval and realization
|
|
keep-derivations = true; # keep .drv in store, great with nix-diff
|
|
max-silent-time = 3600; # kill long-running silent builds
|
|
|
|
# === substitution
|
|
http-connections = 128; # default is 25
|
|
max-substitution-jobs = 128; # default is 16
|
|
connect-timeout = 5; # timeout in seconds for binary caches
|
|
download-attempts = 2; # download attempts, in case a binary cache fails
|
|
# fallback = lib.mkDefault true; # fallback to building if a binary cache fails
|
|
|
|
# === store
|
|
#settings.keep-failed = true; # fills up $TMPDIR
|
|
auto-optimise-store = true; # deduplicate with hardlinks, expensive. Alternative: nix-store --optimise
|
|
min-free = 5 * 1024 * 1024 * 1024; # starts cg
|
|
max-free = 20 * 1024 * 1024 * 1024; # condition to end gc triggered by min-free
|
|
|
|
# should not be needed since https://github.com/NixOS/nixpkgs/pull/383052
|
|
system-features =
|
|
lib.mkIf
|
|
(
|
|
pkgs.stdenv.hostPlatform.system == "x86_64-linux"
|
|
&& (lib.versionOlder lib.version "25.05")
|
|
)
|
|
[
|
|
"nixos-test"
|
|
"big-parallel"
|
|
"kvm"
|
|
];
|
|
};
|
|
|
|
#nix.optimize.automatic = true; # periodic store optimization, alternative nix.settings.auto-optimise-store
|
|
|
|
nix.gc = {
|
|
automatic = true;
|
|
dates = "weekly";
|
|
options = lib.mkIf config.system.autoUpgrade.enable "--delete-older-than 15d";
|
|
};
|
|
|
|
}
|