nixos-config/config/nix.nix

{
  pkgs,
  lib,
  config,
  system,
  ...
}: let
  post-build-hook = pkgs.writeScript "post-build-hook" ''
    #!/bin/sh
    set -euf
    export IFS=' '
    ${pkgs.nix}/bin/nix-store -r $DRV_PATH
    for f in $DRV_PATH $OUT_PATHS; do
      ${pkgs.nix}/bin/nix store sign --key-file ${config.sops.secrets."services/nix/cache-key".path} $f
      ${pkgs.nix}/bin/nix copy --to 's3://cache-chir-rs?scheme=https&endpoint=s3.us-west-000.backblazeb2.com&secret-key=${config.sops.secrets."services/nix/cache-key".path}&multipart-upload=true&compression=zstd&compression-level=15' $f
    done
  '';
in {
  imports = [
    ./workarounds
  ];
  nixpkgs.config.allowUnfree = true;
  nix = {
    settings = {
      sandbox = true;
      trusted-users = ["@wheel"];
      require-sigs = true;
      builders-use-substitutes = true;
      substituters = [
        "https://cache.chir.rs/"
        "https://hydra.int.chir.rs/"
      ];
      trusted-public-keys = [
        "nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg="
        "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
      ];
      post-build-hook = "${post-build-hook}";
    };
    package = pkgs.nix;
    extraOptions = ''
      experimental-features = nix-command flakes ca-derivations
    '';
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 7d";
    };
    buildMachines = [
      {
        hostName = "build-nas";
        systems = [
          "armv7l-linux"
          "aarch64-linux"
          "powerpc-linux"
          "powerpc64-linux"
          "powerpc64le-linux"
          "riscv32-linux"
          "riscv64-linux"
          "wasm32-wasi"
          "x86_64-linux"
          "i686-linux"
        ];
        maxJobs = 12;
        speedFactor = 1;
        supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark" "gccarch-znver1" "gccarch-skylake" "ca-derivations"];
      }
      {
        hostName = "build-pc";
        systems = [
          "armv7l-linux"
          "aarch64-linux"
          "powerpc-linux"
          "powerpc64-linux"
          "powerpc64le-linux"
          "riscv32-linux"
          "riscv64-linux"
          "wasm32-wasi"
          "x86_64-linux"
          "i686-linux"
        ];
        maxJobs = 16;
        speedFactor = 2;
        supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark" "gccarch-znver2" "gccarch-znver1" "gccarch-skylake" "ca-derivations"];
      }
    ];
    distributedBuilds = true;
  };
  system.autoUpgrade = {
    enable = true;
    flake = "git+https://git.chir.rs/darkkirb/nixos-config?ref=nixos-config/nixos-config/${config.networking.hostName}.${system}";
    flags = [
      "--no-write-lock-file"
      "-L" # print build logs
    ];
    dates = "hourly";
  };
  systemd.services.nix-daemon.environment.TMPDIR = "/build";
  sops.secrets."services/nix/cache-key" = {};
}
reformat repo 2022-06-12 15:39:15 +00:00			`{`
			`pkgs,`
			`lib,`
			`config,`
			`system,`
			`...`
add the post build hook to all systems 2022-11-10 11:08:59 +00:00			`}: let`
			`post-build-hook = pkgs.writeScript "post-build-hook" ''`
			`#!/bin/sh`
			`set -euf`
			`export IFS=' '`
			`${pkgs.nix}/bin/nix-store -r $DRV_PATH`
			`for f in $DRV_PATH $OUT_PATHS; do`
			`${pkgs.nix}/bin/nix store sign --key-file ${config.sops.secrets."services/nix/cache-key".path} $f`
fix eval 2022-11-10 14:02:15 +00:00			`${pkgs.nix}/bin/nix copy --to 's3://cache-chir-rs?scheme=https&endpoint=s3.us-west-000.backblazeb2.com&secret-key=${config.sops.secrets."services/nix/cache-key".path}&multipart-upload=true&compression=zstd&compression-level=15' $f`
add the post build hook to all systems 2022-11-10 11:08:59 +00:00			`done`
			`'';`
			`in {`
Disable the offical cache 2022-01-27 16:16:42 +00:00			`imports = [`
			`./workarounds`
			`];`
Add automatic maintenance 2022-01-14 13:03:14 +00:00			`nixpkgs.config.allowUnfree = true;`
			`nix = {`
Fix obsolete configuration options This fixes #2 2022-02-08 08:55:28 +00:00			`settings = {`
			`sandbox = true;`
reformat repo 2022-06-12 15:39:15 +00:00			`trusted-users = ["@wheel"];`
require sig 2022-04-12 09:37:53 +00:00			`require-sigs = true;`
Add distributed building 2022-02-08 09:48:37 +00:00			`builders-use-substitutes = true;`
switch to the new subsituter 2022-03-03 07:50:45 +00:00			`substituters = [`
use cache.chir.rs 2022-11-16 14:13:42 +00:00			`"https://cache.chir.rs/"`
change the way files are uploaded to the cache 2022-09-29 19:33:31 +00:00			`"https://hydra.int.chir.rs/"`
add nix-serve signing 2022-04-12 09:33:58 +00:00			`];`
			`trusted-public-keys = [`
			`"nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg="`
			`"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="`
switch to the new subsituter 2022-03-03 07:50:45 +00:00			`];`
add the post build hook to all systems 2022-11-10 11:08:59 +00:00			`post-build-hook = "${post-build-hook}";`
Fix obsolete configuration options This fixes #2 2022-02-08 08:55:28 +00:00			`};`
use regular nix not nixFlakes 2022-09-13 17:27:49 +00:00			`package = pkgs.nix;`
Add automatic maintenance 2022-01-14 13:03:14 +00:00			`extraOptions = ''`
re-add ca-derivations to experimental features 2022-04-18 14:07:18 +00:00			`experimental-features = nix-command flakes ca-derivations`
Add automatic maintenance 2022-01-14 13:03:14 +00:00			`'';`
			`gc = {`
			`automatic = true;`
			`dates = "weekly";`
			`options = "--delete-older-than 7d";`
			`};`
Add distributed building 2022-02-08 09:48:37 +00:00			`buildMachines = [`
readd build-nas 2022-09-20 12:24:29 +00:00			`{`
			`hostName = "build-nas";`
			`systems = [`
			`"armv7l-linux"`
			`"aarch64-linux"`
			`"powerpc-linux"`
			`"powerpc64-linux"`
			`"powerpc64le-linux"`
			`"riscv32-linux"`
			`"riscv64-linux"`
			`"wasm32-wasi"`
			`"x86_64-linux"`
			`"i686-linux"`
			`];`
			`maxJobs = 12;`
			`speedFactor = 1;`
			`supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark" "gccarch-znver1" "gccarch-skylake" "ca-derivations"];`
			`}`
fix: Remove build nas apparently build-nas just doesn’t work together with ca-derivations 2022-03-20 07:02:54 +00:00			`{`
			`hostName = "build-pc";`
			`systems = [`
			`"armv7l-linux"`
			`"aarch64-linux"`
			`"powerpc-linux"`
			`"powerpc64-linux"`
			`"powerpc64le-linux"`
			`"riscv32-linux"`
			`"riscv64-linux"`
			`"wasm32-wasi"`
			`"x86_64-linux"`
			`"i686-linux"`
			`];`
			`maxJobs = 16;`
readd build-nas 2022-09-20 12:24:29 +00:00			`speedFactor = 2;`
reformat repo 2022-06-12 15:39:15 +00:00			`supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark" "gccarch-znver2" "gccarch-znver1" "gccarch-skylake" "ca-derivations"];`
fix: Remove build nas apparently build-nas just doesn’t work together with ca-derivations 2022-03-20 07:02:54 +00:00			`}`
Add distributed building 2022-02-08 09:48:37 +00:00			`];`
			`distributedBuilds = true;`
Add automatic maintenance 2022-01-14 13:03:14 +00:00			`};`
Enable auto-update for all systems 2022-01-14 13:07:01 +00:00			`system.autoUpgrade = {`
			`enable = true;`
update from gitea 2022-06-23 15:29:59 +00:00			`flake = "git+https://git.chir.rs/darkkirb/nixos-config?ref=nixos-config/nixos-config/${config.networking.hostName}.${system}";`
Enable auto-update for all systems 2022-01-14 13:07:01 +00:00			`flags = [`
			`"--no-write-lock-file"`
			`"-L" # print build logs`
			`];`
make updates hourly 2022-02-18 19:43:14 +00:00			`dates = "hourly";`
Enable auto-update for all systems 2022-01-14 13:07:01 +00:00			`};`
Disable the offical cache 2022-01-27 16:16:42 +00:00			`systemd.services.nix-daemon.environment.TMPDIR = "/build";`
add the post build hook to all systems 2022-11-10 11:08:59 +00:00			`sops.secrets."services/nix/cache-key" = {};`
Add automatic maintenance 2022-01-14 13:03:14 +00:00			`}`