pyrox.dev / nix
My Nix Configuration
fork atom
nix / nixosModules / default-config / nixConfig.nix
at 2c4885b53d776bbf789371c9e967fc20634f0a17 2.8 kB view raw
1{ 2 pkgs, 3 lib, 4 inputs, 5 ... 6}: 7let 8 userList = [ 9 "root" 10 "thehedgehog" 11 "pyrox" 12 ]; 13 flakeInputs = lib.filterAttrs (name: value: (value ? outputs) && (name != "self")) inputs; 14in 15{ 16 nix = { 17 enable = true; 18 gc.automatic = true; 19 registry = lib.mapAttrs (_: v: { flake = v; }) flakeInputs; 20 settings = { 21 # Don't auto-accept flake-defined nix settings, they're a CVE waiting to happen. 22 accept-flake-config = false; 23 # Allow these users to access the daemon 24 allowed-users = userList; 25 # No pre-defined nixbld users 26 auto-allocate-uids = true; 27 # Always optimize the store 28 auto-optimise-store = true; 29 # Compress build logs to save space 30 compress-build-log = true; 31 # Use all available cores to build 32 cores = lib.mkDefault 8; 33 experimental-features = [ 34 # Use auto-generated uids instead of users in the nixbld group 35 "auto-allocate-uids" 36 # Can allow saving space in the store by content-addressing instead of input-addressing derivations 37 "ca-derivations" 38 # Build inside cgroups 39 "cgroups" 40 # Duh 41 "flakes" 42 # Nix3 CLI 43 "nix-command" 44 # Disallow URL Literals as they are deprecated 45 "no-url-literals" 46 ]; 47 # Build from source if substitution fails 48 fallback = true; 49 # Write an empty flake registry 50 flake-registry = pkgs.writers.writeJSON "registry-empty.json" { 51 flakes = [ ]; 52 version = 2; 53 }; 54 # allow keeping direnv gc roots 55 keep-derivations = true; 56 # Keep going even if a build fails, so that all possible succeeding builds do 57 keep-going = true; 58 # More direnv gc root stuff 59 keep-outputs = true; 60 log-lines = 20; 61 # Limit the max amount of builds 62 max-jobs = lib.mkDefault 4; 63 # Extra system features 64 system-features = [ 65 "big-parallel" 66 "kvm" 67 "nixos-test" 68 ]; 69 # The pubkeys of the below substituters 70 trusted-public-keys = [ 71 "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" 72 "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" 73 ]; 74 # Extra substituters 75 trusted-substituters = [ 76 "https://cache.nixos.org" 77 "https://nix-community.cachix.org" 78 ]; 79 # These users have additional daemon rights 80 trusted-users = userList; 81 # Use cgroups for building 82 use-cgroups = true; 83 # Allow use of the registry 84 use-registries = true; 85 # XDG base dirs to avoid cluttering $HOME 86 use-xdg-base-directories = true; 87 # I almost always work in a dirty tree, I know it's dirty 88 warn-dirty = false; 89 }; 90 }; 91}