{ pkgs, lib, config, system, attic, ... }: let post-build-hook = pkgs.writeScript "post-build-hook" '' #!${pkgs.bash}/bin/bash set -euf export IFS=' ' until ${attic.packages.${system}.attic-client}/bin/attic push chir-rs $OUT_PATHS; do sleep 5 echo "Retrying..." done ''; in { imports = [ ./workarounds ]; sops.secrets."attic/config.toml" = { sopsFile = ../secrets/shared.yaml; owner = "root"; key = "attic/config.toml"; path = "/root/.config/attic/config.toml"; }; nixpkgs.config.allowUnfree = true; nix = { settings = { sandbox = true; trusted-users = ["@wheel" "remote-build"]; require-sigs = true; builders-use-substitutes = true; substituters = [ "https://attic.chir.rs/chir-rs/" ]; trusted-public-keys = [ "nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg=" "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" "chir-rs:AnwyFacopHSkprD6aXY4/R3J9JYzTbV2rosJCBPaB28=" ]; post-build-hook = "${post-build-hook}"; auto-optimise-store = true; }; package = pkgs.nix; extraOptions = '' experimental-features = nix-command flakes ca-derivations ''; gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 7d"; }; buildMachines = [ { hostName = "build-nas"; systems = [ "armv7l-linux" "powerpc-linux" "powerpc64-linux" "powerpc64le-linux" "riscv32-linux" "riscv64-linux" "wasm32-wasi" "x86_64-linux" "i686-linux" ]; maxJobs = 12; speedFactor = 1; supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark" "gccarch-znver1" "gccarch-skylake" "ca-derivations"]; } { hostName = "build-pc"; systems = [ "armv7l-linux" "powerpc-linux" "powerpc64-linux" "powerpc64le-linux" "riscv32-linux" "riscv64-linux" "wasm32-wasi" "x86_64-linux" "i686-linux" ]; maxJobs = 16; speedFactor = 2; supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark" "gccarch-znver2" "gccarch-znver1" "gccarch-skylake" "ca-derivations"]; } { hostName = "build-aarch64"; systems = [ "aarch64-linux" ]; maxJobs = 2; speedFactor = 1; supportedFeatures = ["nixos-test" "benchmark" "ca-derivations"]; } ]; distributedBuilds = true; }; system.autoUpgrade = { enable = true; flake = "github:DarkKirb/nixos-config"; flags = [ "--no-write-lock-file" "-L" # print build logs ]; dates = "hourly"; randomizedDelaySec = "1h"; }; systemd.services.nix-daemon.environment.TMPDIR = "/build"; }