nixosModules/default-config/nixConfig.nix at 6f11bf19f2608dee38beb077ab6fec44f3f4c120 · pyrox.dev/nix

pyrox.dev / nix
My Nix Configuration
nix / nixosModules / default-config / nixConfig.nix
at 6f11bf19f2608dee38beb077ab6fec44f3f4c120 2.9 kB view raw
 1{
 2  pkgs,
 3  lib,
 4  inputs,
 5  ...
 6}:
 7let
 8  userList = [
 9    "root"
10    "thehedgehog"
11    "pyrox"
12  ];
13  flakeInputs = lib.filterAttrs (name: value: (value ? outputs) && (name != "self")) inputs;
14in
15{
16  nix = {
17    enable = true;
18    # We use `nh.clean` instead, so this is disabled
19    gc.automatic = false;
20    registry = lib.mapAttrs (_: v: { flake = v; }) flakeInputs;
21    settings = {
22      # Don't auto-accept flake-defined nix settings, they're a CVE waiting to happen.
23      accept-flake-config = false;
24      # Allow these users to access the daemon
25      allowed-users = userList;
26      # No pre-defined nixbld users
27      auto-allocate-uids = true;
28      # Always optimize the store
29      auto-optimise-store = true;
30      # Compress build logs to save space
31      compress-build-log = true;
32      # Use all available cores to build
33      cores = lib.mkDefault 8;
34      experimental-features = [
35        # Use auto-generated uids instead of users in the nixbld group
36        "auto-allocate-uids"
37        # Can allow saving space in the store by content-addressing instead of input-addressing derivations
38        "ca-derivations"
39        # Build inside cgroups
40        "cgroups"
41        # Duh
42        "flakes"
43        # Nix3 CLI
44        "nix-command"
45        # Disallow URL Literals as they are deprecated
46        "no-url-literals"
47      ];
48      # Build from source if substitution fails
49      fallback = true;
50      # Write an empty flake registry
51      flake-registry = pkgs.writers.writeJSON "registry-empty.json" {
52        flakes = [ ];
53        version = 2;
54      };
55      # allow keeping direnv gc roots
56      keep-derivations = true;
57      # Keep going even if a build fails, so that all possible succeeding builds do
58      keep-going = true;
59      # More direnv gc root stuff
60      keep-outputs = true;
61      # Show fewer log lines from failed builds since I get them from nh
62      log-lines = 10;
63      # Limit the max amount of builds
64      max-jobs = lib.mkDefault 4;
65      # Extra system features
66      system-features = [
67        "big-parallel"
68        "kvm"
69        "nixos-test"
70      ];
71      # The pubkeys of the below substituters
72      trusted-public-keys = [
73        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
74        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
75      ];
76      # Extra substituters
77      trusted-substituters = [
78        "https://cache.nixos.org"
79        "https://nix-community.cachix.org"
80      ];
81      # These users have additional daemon rights
82      trusted-users = userList;
83      # Use cgroups for building
84      use-cgroups = true;
85      # Allow use of the registry
86      use-registries = true;
87      # XDG base dirs to avoid cluttering $HOME
88      use-xdg-base-directories = true;
89      # I almost always work in a dirty tree, I know it's dirty
90      warn-dirty = false;
91    };
92  };
93}