pyrox.dev / nix
My Nix Configuration
fork atom
nix / modules / nixos / default-config / nixConfig.nix
at 5b37b423bec4d308e5fc4dc8dec6ed6468de2cfe 3.4 kB view raw
1{ 2 pkgs, 3 lib, 4 inputs, 5 ... 6}: 7let 8 userList = [ 9 "root" 10 "thehedgehog" 11 "pyrox" 12 ]; 13 flakeInputs = lib.filterAttrs (name: value: (value ? outputs) && (name != "self")) inputs; 14in 15{ 16 nix = { 17 enable = true; 18 # We use `nh.clean` instead, so this is disabled 19 gc.automatic = false; 20 registry = lib.mapAttrs (_: v: { flake = v; }) flakeInputs; 21 settings = { 22 # Don't auto-accept flake-defined nix settings, they're a CVE waiting to happen. 23 accept-flake-config = false; 24 # Allow these users to access the daemon 25 allowed-users = userList; 26 # No pre-defined nixbld users 27 auto-allocate-uids = true; 28 # Always optimize the store 29 auto-optimise-store = true; 30 # Compress build logs to save space 31 compress-build-log = true; 32 # Use all available cores to build 33 cores = 0; 34 experimental-features = [ 35 # Use auto-generated uids instead of users in the nixbld group 36 "auto-allocate-uids" 37 # Can allow saving space in the store by content-addressing instead of input-addressing derivations 38 "ca-derivations" 39 # Build inside cgroups 40 "cgroups" 41 # Duh 42 "flakes" 43 # Nix3 CLI 44 "nix-command" 45 # Disallow URL Literals as they are deprecated 46 "no-url-literals" 47 # Allow Nix to call itself 48 "recursive-nix" 49 ]; 50 # Build from source if substitution fails 51 fallback = true; 52 # Write an empty flake registry 53 flake-registry = pkgs.writers.writeJSON "registry-empty.json" { 54 flakes = [ ]; 55 version = 2; 56 }; 57 # allow keeping direnv gc roots 58 keep-derivations = true; 59 # Keep going even if a build fails, so that all possible succeeding builds do 60 keep-going = true; 61 # More direnv gc root stuff 62 keep-outputs = true; 63 # Show fewer log lines from failed builds since I get them from nh 64 log-lines = 10; 65 # Extra system features 66 system-features = [ 67 "big-parallel" 68 "kvm" 69 "nixos-test" 70 "recursive-nix" 71 ]; 72 # The pubkeys of the below substituters 73 trusted-public-keys = [ 74 "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" 75 "crane.cachix.org-1:8Scfpmn9w+hGdXH/Q9tTLiYAE/2dnJYRJP7kl80GuRk=" 76 "isabelroses.cachix.org-1:mXdV/CMcPDaiTmkQ7/4+MzChpOe6Cb97njKmBQQmLPM=" 77 "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" 78 "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA=" 79 "viperml.cachix.org-1:qZhKBMTfmcLL+OG6fj/hzsMEedgKvZVFRRAhq7j8Vh8=" 80 ]; 81 # Extra substituters 82 trusted-substituters = [ 83 "https://cache.nixos.org" 84 "https://crane.cachix.org" 85 "https://isabelroses.cachix.org" 86 "https://nix-community.cachix.org" 87 "https://nixpkgs-wayland.cachix.org" 88 "https://viperml.cachix.org" 89 ]; 90 # These users have additional daemon rights 91 trusted-users = userList; 92 # Use cgroups for building 93 use-cgroups = true; 94 # Allow use of the registry 95 use-registries = true; 96 # XDG base dirs to avoid cluttering $HOME 97 use-xdg-base-directories = true; 98 # I almost always work in a dirty tree, I know it's dirty 99 warn-dirty = false; 100 }; 101 }; 102}