A new start

2024-03-21 15:00:36 +01:00 · 2024-03-21 15:00:36 +01:00 · f4e2368893
commit f4e2368893
93 changed files with 7621 additions and 0 deletions
--- a/modules/nixos/nix/default.nix
+++ b/modules/nixos/nix/default.nix
@ -0,0 +1,94 @@
+{ options, config, pkgs, lib, inputs, ... }:
+
+with lib;
+with lib.metacfg;
+let
+  cfg = config.metacfg.nix;
+
+  substituters-submodule = types.submodule ({ name, ... }: {
+    options = with types; {
+      key = mkOpt (nullOr str) null "The trusted public key for this substituter.";
+    };
+  });
+in
+{
+  options.metacfg.nix = with types; {
+    enable = mkBoolOpt false "Whether or not to manage nix configuration.";
+    package = mkOpt package pkgs.nix "Which nix package to use.";
+
+    default-substituter = {
+      url = mkOpt str "https://cache.nixos.org" "The url for the substituter.";
+      key = mkOpt str "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "The trusted public key for the substituter.";
+    };
+
+    extra-substituters = mkOpt (attrsOf substituters-submodule) { } "Extra substituters to configure.";
+  };
+
+  config = mkIf cfg.enable {
+    assertions = mapAttrsToList
+      (name: value: {
+        assertion = value.key != null;
+        message = "metacfg.nix.extra-substituters.${name}.key must be set";
+      })
+      cfg.extra-substituters;
+
+    environment.systemPackages = with pkgs; [
+      metacfg.nixos-revision
+      (metacfg.nixos-hosts.override {
+        hosts = inputs.self.nixosConfigurations;
+      })
+      deploy-rs
+      nixfmt
+      nix-index
+      nix-prefetch-git
+      nix-output-monitor
+    ];
+
+    nix =
+      let
+        users = [ "root" config.metacfg.user.name ] ++
+          optional config.services.hydra.enable "hydra";
+        extra-substituters = cfg.extra-substituters // {
+          "https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
+        };
+      in
+      {
+        package = cfg.package;
+
+        settings = {
+          experimental-features = "nix-command flakes";
+          http-connections = 50;
+          warn-dirty = false;
+          log-lines = 50;
+          sandbox = "relaxed";
+          auto-optimise-store = true;
+          trusted-users = users;
+          allowed-users = users;
+
+          substituters =
+            [ cfg.default-substituter.url ]
+              ++
+              (mapAttrsToList (name: value: name) extra-substituters);
+          trusted-public-keys =
+            [ cfg.default-substituter.key ]
+              ++
+              (mapAttrsToList (name: value: value.key) extra-substituters);
+
+        } // (lib.optionalAttrs config.metacfg.tools.direnv.enable {
+          keep-outputs = true;
+          keep-derivations = true;
+        });
+
+        gc = {
+          automatic = true;
+          dates = "weekly";
+          options = "--delete-older-than 30d";
+        };
+
+        # flake-utils-plus
+        generateRegistryFromInputs = true;
+        generateNixPathFromInputs = true;
+        linkInputs = true;
+      };
+  };
+}