nixosModules/default-config/nixConfig.nix at 2c3fa32346506d1b4fc95adb5eefa2a6a0a77a7e

pyrox.dev / nix

fork

My Nix Configuration

fork

nix / nixosModules / default-config / nixConfig.nix

at 2c3fa32346506d1b4fc95adb5eefa2a6a0a77a7e 92 lines 2.8 kB view raw

wrap content

dish [defaultConfig] fix nix config 7w ago

e3fe0e59

 1{
 2  pkgs,
 3  lib,
 4  inputs,
 5  ...
 6}:
 7let
 8  userList = [
 9    "root"
10    "thehedgehog"
11    "pyrox"
12  ];
13  flakeInputs = lib.filterAttrs (name: value: (value ? outputs) && (name != "self")) inputs;
14in
15{
16  nix = {
17    enable = true;
18    package = pkgs.nixVersions.latest;
19    gc.automatic = true;
20    registry = lib.mapAttrs (_: v: { flake = v; }) flakeInputs;
21    settings = {
22      # Don't auto-accept flake-defined nix settings, they're a CVE waiting to happen.
23      accept-flake-config = false;
24      # Allow these users to access the daemon
25      allowed-users = userList;
26      # No pre-defined nixbld users
27      auto-allocate-uids = true;
28      # Always optimize the store
29      auto-optimise-store = true;
30      # Compress build logs to save space
31      compress-build-log = true;
32      # Use all available cores to build
33      cores = lib.mkDefault 8;
34      experimental-features = [
35        # Use auto-generated uids instead of users in the nixbld group
36        "auto-allocate-uids"
37        # Can allow saving space in the store by content-addressing instead of input-addressing derivations
38        "ca-derivations"
39        # Build inside cgroups
40        "cgroups"
41        # Duh
42        "flakes"
43        # Nix3 CLI
44        "nix-command"
45      ];
46      # Build from source if substitution fails
47      fallback = true;
48      # Write an empty flake registry
49      flake-registry = pkgs.writers.writeJSON "registry-empty.json" {
50        flakes = [ ];
51        version = 2;
52      };
53      # allow keeping direnv gc roots
54      keep-derivations = true;
55      # Keep going even if a build fails, so that all possible succeeding builds do
56      keep-going = true;
57      # More direnv gc root stuff
58      keep-outputs = true;
59      # Deprecate URL Literals
60      lint-url-literals = "fatal";
61      log-lines = 20;
62      # Limit the max amount of builds
63      max-jobs = lib.mkDefault 4;
64      # Extra system features
65      system-features = [
66        "big-parallel"
67        "kvm"
68        "nixos-test"
69      ];
70      # The pubkeys of the below substituters
71      trusted-public-keys = [
72        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
73        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
74      ];
75      # Extra substituters
76      trusted-substituters = [
77        "https://cache.nixos.org"
78        "https://nix-community.cachix.org"
79      ];
80      # These users have additional daemon rights
81      trusted-users = userList;
82      # Use cgroups for building
83      use-cgroups = true;
84      # Allow use of the registry
85      use-registries = true;
86      # XDG base dirs to avoid cluttering $HOME
87      use-xdg-base-directories = true;
88      # I almost always work in a dirty tree, I know it's dirty
89      warn-dirty = false;
90    };
91  };
92}

Configure Feed

Configure Feed