pyrox.dev / nix
My Nix Configuration
fork atom
nix / nixosModules / default-config / nixConfig.nix
at c4daa635e94f56507a5154a4c927149121412c96 2.9 kB view raw
1{ 2 pkgs, 3 lib, 4 inputs, 5 ... 6}: 7let 8 userList = [ 9 "root" 10 "thehedgehog" 11 "pyrox" 12 ]; 13 flakeInputs = lib.filterAttrs (name: value: (value ? outputs) && (name != "self")) inputs; 14in 15{ 16 nix = { 17 enable = true; 18 # We use `nh.clean` instead, so this is disabled 19 gc.automatic = false; 20 registry = lib.mapAttrs (_: v: { flake = v; }) flakeInputs; 21 settings = { 22 # Don't auto-accept flake-defined nix settings, they're a CVE waiting to happen. 23 accept-flake-config = false; 24 # Allow these users to access the daemon 25 allowed-users = userList; 26 # No pre-defined nixbld users 27 auto-allocate-uids = true; 28 # Always optimize the store 29 auto-optimise-store = true; 30 # Compress build logs to save space 31 compress-build-log = true; 32 # Use all available cores to build 33 cores = lib.mkDefault 8; 34 experimental-features = [ 35 # Use auto-generated uids instead of users in the nixbld group 36 "auto-allocate-uids" 37 # Can allow saving space in the store by content-addressing instead of input-addressing derivations 38 "ca-derivations" 39 # Build inside cgroups 40 "cgroups" 41 # Duh 42 "flakes" 43 # Nix3 CLI 44 "nix-command" 45 # Disallow URL Literals as they are deprecated 46 "no-url-literals" 47 ]; 48 # Build from source if substitution fails 49 fallback = true; 50 # Write an empty flake registry 51 flake-registry = pkgs.writers.writeJSON "registry-empty.json" { 52 flakes = [ ]; 53 version = 2; 54 }; 55 # allow keeping direnv gc roots 56 keep-derivations = true; 57 # Keep going even if a build fails, so that all possible succeeding builds do 58 keep-going = true; 59 # More direnv gc root stuff 60 keep-outputs = true; 61 # Show fewer log lines from failed builds since I get them from nh 62 log-lines = 10; 63 # Limit the max amount of builds 64 max-jobs = lib.mkDefault 4; 65 # Extra system features 66 system-features = [ 67 "big-parallel" 68 "kvm" 69 "nixos-test" 70 ]; 71 # The pubkeys of the below substituters 72 trusted-public-keys = [ 73 "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" 74 "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" 75 ]; 76 # Extra substituters 77 trusted-substituters = [ 78 "https://cache.nixos.org" 79 "https://nix-community.cachix.org" 80 ]; 81 # These users have additional daemon rights 82 trusted-users = userList; 83 # Use cgroups for building 84 use-cgroups = true; 85 # Allow use of the registry 86 use-registries = true; 87 # XDG base dirs to avoid cluttering $HOME 88 use-xdg-base-directories = true; 89 # I almost always work in a dirty tree, I know it's dirty 90 warn-dirty = false; 91 }; 92 }; 93}