modules/nixos/sils/nix.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

{
  self,
  config,
  nixpkgs,
  lib,
  ...
}: let
  cfg = config.sils.nix-config;
in {
  options.sils.nix-config = {
    enable = lib.mkEnableOption "nix config";
    remoteBuild = lib.mkEnableOption "remote builds";
  };
  config = {
    nix = {
      registry = {
        nixpkgs.flake = nixpkgs;
        n.flake = nixpkgs;
        self.flake = self;
        s.flake = self;
      };
      channel.enable = false;
      distributedBuilds = cfg.remoteBuild;
      buildMachines = [
        {
          hostName = "server1.vhack.eu";
          protocol = "ssh-ng";
          system = "x86_64-linux";
          supportedFeatures = ["big-parallel"];
        }
      ];
      gc = {
        automatic = true;
        dates = "daily";
        options = "--delete-older-than 3";
      };
      settings = {
        auto-optimise-store = true;
        experimental-features = ["nix-command" "flakes"];
        substituters = [
          "https://cache.garnix.io"
          "https://hyprland.cachix.org"
        ];
        trusted-public-keys = [
          "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
          "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
        ];
      };
    };
    home-manager.users.root.home = {
      #lib.mkIf cfg.remoteBuild { TODO Why does this fail?
      username = "root";
      homeDirectory = "/root";
      stateVersion = "23.05";
      file.".ssh/config" = {
        text = ''
          Host server1.vhack.eu
                 IdentitiesOnly yes
                 IdentityFIle ${config.age.secrets.nixremote.path}
                 User nixremote
        '';
      };
    };
  };
}