64 lines
1.7 KiB
Nix
64 lines
1.7 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}:
|
|
|
|
{
|
|
sops.secrets.nix-access-tokens = { };
|
|
sops.secrets.nix-access-tokens-all.mode = "0440";
|
|
sops.secrets.nix-access-tokens-all.group = config.users.groups."keys".name;
|
|
nix.extraOptions = ''
|
|
!include ${config.sops.secrets.nix-access-tokens.path}
|
|
!include ${config.sops.secrets.nix-access-tokens-all.path}
|
|
'';
|
|
|
|
nix.settings = {
|
|
experimental-features = [
|
|
"nix-command"
|
|
"flakes"
|
|
# "pipe-operator" # not supported on lix 2.91
|
|
];
|
|
#nix.settings.allowed-users = [ "@builders" ]; # TODO: this
|
|
allowed-users = [
|
|
# default is [ "*" ]
|
|
"root"
|
|
"@wheel"
|
|
];
|
|
trusted-users = [
|
|
"root"
|
|
"@wheel"
|
|
];
|
|
keep-derivations = true; # keep .drv in store, great with nix-diff
|
|
auto-optimise-store = true; # deduplicate with hardlinks, expensive. Alternative: nix-store --optimise
|
|
max-silent-time = 3600;
|
|
connect-timeout = 5; # seconds timeout for binary caches
|
|
#nix.settings.keep-failed = true; # fills up $TMPDIR
|
|
log-lines = 35;
|
|
min-free = 3 * 1024 * 1024 * 1024; # starts cg
|
|
max-free = 20 * 1024 * 1024 * 1024; # condition to end gc triggered by min-free
|
|
|
|
# should not be needed since https://github.com/NixOS/nixpkgs/pull/383052
|
|
system-features =
|
|
lib.mkIf
|
|
(
|
|
pkgs.stdenv.hostPlatform.system == "x86_64-linux"
|
|
&& (lib.versionOlder (lib.versions.majorMinor lib.version) "25.05")
|
|
)
|
|
[
|
|
"nixos-test"
|
|
"big-parallel"
|
|
"kvm"
|
|
];
|
|
};
|
|
|
|
nix.gc = {
|
|
#nix.optimize.automatic = true; # periodic optimization
|
|
automatic = true;
|
|
dates = "weekly";
|
|
options = lib.mkIf config.system.autoUpgrade.enable "--delete-older-than 15d";
|
|
};
|
|
|
|
}
|