config/modules/nix-config/default.nix

82 lines
2.1 KiB
Nix

{ pkgs, lib, config, inputs, ... }:
let
builder = {
systems = [ "x86_64-linux" "i686-linux" ];
speedFactor = 4;
supportedFeatures = [ "benchmark" "nixos-test" ];
sshKey = config.age.secrets.nixBuilderKey.path;
protocol = "ssh-ng";
};
bigBuilder = builder // {
speedFactor = 16;
supportedFeatures = builder.supportedFeatures ++ [ "kvm" "big-parallel" ];
};
in {
age.secrets.nixBuilderKey = {
file = ../../secrets/builder_key.age;
mode = "0400";
};
nixpkgs.overlays = [
(self: super: {
nixSuper = inputs.nix-super.packages.x86_64-linux.default;
})
];
nix = {
package = pkgs.nixSuper;
settings = {
trusted-users = [ "root" "@wheel" ];
auto-optimise-store = true;
substituters = [
"https://cache.privatevoid.net"
"https://max.cachix.org?priority=90"
"https://reflex.privatevoid.net?priority=20"
];
trusted-public-keys = [
"cache.privatevoid.net:SErQ8bvNWANeAvtsOESUwVYr2VJynfuc9JRwlzTTkVg="
"max.cachix.org-1:oSMQ1zYLR8H4L17hfe6ETlI/d+VeiBykB8PbBdPtDJw="
];
};
extraOptions = ''
experimental-features = nix-command flakes repl-flake
warn-dirty = false
builders-use-substitutes = true
flake-registry = https://git.privatevoid.net/private-void/registry/-/raw/master/registry.json
max-free = ${toString (8 * 1024*1024*1024)}
min-free = ${toString (4 * 1024*1024*1024)}
'';
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 5d --max-freed 16G";
};
distributedBuilds = true;
buildMachines = [
(bigBuilder // {
sshUser = "nixbuilder";
hostName = "animus.com";
maxJobs = 4;
})
(builder // {
sshUser = "nix";
hostName = "prophet.node.privatevoid.net";
systems = [ "aarch64-linux" ];
})
] ++
(lib.optional (config.networking.hostName != "TITAN") (bigBuilder // {
sshUser = "nix";
hostName = "titan.hypr";
speedFactor = 12;
maxJobs = 12;
}));
};
environment.systemPackages = [ pkgs.cachix ];
}