Chinmay D. Pai
3e7c636902
It's 2024, who wants to build software on their own systems? Signed-off-by: Chinmay D. Pai <chinmaydpai@gmail.com>
82 lines
2.5 KiB
Nix
82 lines
2.5 KiB
Nix
{
|
|
config,
|
|
inputs,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
options.snowflake.core.nix = {
|
|
enable = lib.mkEnableOption "Enable core nix configuration";
|
|
};
|
|
|
|
config = lib.mkIf config.snowflake.core.nix.enable {
|
|
nix = {
|
|
# Run garbage collector daily, and remove anything
|
|
# older than 7 days.
|
|
gc = {
|
|
automatic = true;
|
|
dates = "daily";
|
|
options = "--delete-older-than 7d";
|
|
};
|
|
|
|
# Add each flake input as a registry to make nix3 commands
|
|
# consistent with nix flakes.
|
|
registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
|
|
|
|
# Add inputs to system's legacy channels.
|
|
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
|
|
|
|
# Use the latest, unstable version of nix.
|
|
package = pkgs.nixVersions.nix_2_23;
|
|
# TODO: switch back to nix git. Current version has a security issue that allows
|
|
# remote code execution.
|
|
# package = pkgs.nixVersions.git;
|
|
|
|
settings = {
|
|
# Accept flake configuration without prompting.
|
|
accept-flake-config = true;
|
|
# Replace identical nix store files with hard links.
|
|
auto-optimise-store = true;
|
|
# Use cache from remote build machines if available.
|
|
builders-use-substitutes = true;
|
|
experimental-features = [
|
|
"auto-allocate-uids"
|
|
"ca-derivations"
|
|
"cgroups"
|
|
"flakes"
|
|
"nix-command"
|
|
"recursive-nix"
|
|
];
|
|
# Set local flake registry.
|
|
flake-registry = "/etc/nix/registry.json";
|
|
# Increase http connections (from 25 to 50) for binary cache.
|
|
http-connections = 50;
|
|
# Avoid unwanted garbage collection while using nix-direnv.
|
|
keep-outputs = true;
|
|
keep-derivations = true;
|
|
max-jobs = "auto";
|
|
# Use sandboxed build environments for builds on all systems.
|
|
# Defaults to true on linux.
|
|
sandbox = true;
|
|
# Add `wheel` group to trusted users.
|
|
trusted-users = [
|
|
"root"
|
|
"@wheel"
|
|
];
|
|
# Disable warning for dirty git tree.
|
|
warn-dirty = false;
|
|
|
|
# Add cache substituters to allow fetching cached builds.
|
|
trusted-substituters = [
|
|
"https://nix-community.cachix.org"
|
|
"https://hyprland.cachix.org"
|
|
];
|
|
trusted-public-keys = [
|
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
|
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|