faukah/nichts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

small update

Browse source
This commit is contained in:
Bloxx12 2025-07-13 22:51:22 +02:00
commit b1490ec9a8
Signed by: faukah
SSH key fingerprint: SHA256:Uj2AXqvtdCA4hn5Hq0ZonhIAyUqI1q4w2sMG3Z1TH7E
100 changed files with 187 additions and 1695 deletions
Download patch file Download diff file Expand all files Collapse all files

180
modules/system/nix/module.nix
View file

@ -1,180 +0,0 @@
# credits to raf
{
config,
inputs,
lib,
pkgs,
...
}: let
inherit (lib.attrsets) mapAttrsToList;
inherit (lib.modules) mkForce;
in {
imports = [
./documentation.nix # nixos documentation
./nixpkgs.nix # global nixpkgs configuration
inputs.determinate.nixosModules.default
];
nix = {
# Check that Nix can parse the generated nix.conf.
checkConfig = true;
# Check the nix.conf, parsing for any kind of error. When disabled, checks only for unknown settings.
checkAllErrors = true;
# fuck channels, no thanks
channel.enable = mkForce false;
# this is taken from sioodmy.
# pin the registry to avoid downloading and evaling a new nixpkgs version every time
registry =
lib.mapAttrs (_: v: {flake = v;}) inputs
// {system.flake = inputs.self;};
# Add inputs to the system's legacy channels
# to make legacy nix commands consistent as well
nixPath = mapAttrsToList (key: _: "${key}=flake:${key}") config.nix.registry;
# Run the Nix daemon on lowest possible priority
daemonCPUSchedPolicy = "idle";
daemonIOSchedClass = "idle";
daemonIOSchedPriority = 7;
# Collect garbage
# NOTE: I use nh for this.
gc = {
automatic = false;
dates = "20:00";
options = "--delete-older-than 7d";
persistent = false;
};
# Automatically optimize nix store by removing hard links
optimise = {
automatic = true;
dates = ["21:00"];
};
# NOTE:
# Writes the settings to /etc/nix/nix.conf.
# See `man nix.conf` for more detailed descriptions of these settings.
settings = {
# Tell nix to use the xdg spec for base directories
# while transitioning, any state must be carried over
# manually, as Nix won't do it for us.
use-xdg-base-directories = true;
# Automatically optimise symlinks
auto-optimise-store = true;
# Users that are allowed to connect to the Nix daemon.
allowed-users = ["root" "@wheel" "nix-builder"];
# Users that are allowed to connect to the Nix daemon.
trusted-users = ["root" "@wheel" "nix-builder"];
# Let the system decide the number of max jobs
# based on available system specs. Usually this is
# the same as the number of cores your CPU has.
max-jobs = "auto";
# This option defines the maximum number of concurrent tasks during one build.
# It affects, e.g., -j option for make. The special value 0 means that the builder
# should use all available CPU cores in the system. Some builds may become
# non-deterministic with this option; use with care!
# Packages will only be affected if enableParallelBuilding is set for them.
cores = 0;
# If set, Nix will perform builds in a sandboxed environment
# that it will set up automatically for each build.
# This prevents impurities in builds by disallowing access
# to dependencies outside of the Nix store by using network
# and mount namespaces in a chroot environment.
sandbox = true;
sandbox-fallback = false;
# Continue building derivations even if one fails
keep-going = true;
# If we haven't received data for >= 20s, retry the download
stalled-download-timeout = 20;
# Show more logs when a build fails and decides to display
# a bunch of lines. `nix log` would normally provide more
# information, but this may save us some time and keystrokes.
log-lines = 30;
# Extra features of Nix that are considered unstable
# and experimental. By default we should always include
# `flakes` and `nix-command`, while others are usually
# optional.
extra-experimental-features = [
"flakes" # flakes
"nix-command" # experimental nix commands
"cgroups" # allow nix to execute builds inside cgroups
"pipe-operators"
];
# Ensures that the result of Nix expressions is fully determined by
# explicitly declared inputs, and not influenced by external state.
# In other words, fully stateless evaluation by Nix at all times.
pure-eval = false;
# Don't warn me that my git tree is dirty, I know.
warn-dirty = false;
# Maximum number of parallel TCP connections
# used to fetch imports and binary caches.
# 0 means no limit, default is 25.
http-connections = 50; # lower values fare better on slow connections
# Whether to accept nix configuration from a flake
# without displaying a Y/N prompt. For those obtuse
# enough to keep this true, I wish the best of luck.
# tl;dr: this is a security vulnerability.
accept-flake-config = false;
# Whether to execute builds inside cgroups. cgroups are
# "a Linux kernel feature that limits, accounts for, and
# isolates the resource usage (CPU, memory, disk I/O, etc.)
# of a collection of processes."
# See:
# <https://en.wikipedia.org/wiki/Cgroups>
use-cgroups = pkgs.stdenv.isLinux; # only supported on Linux
# for direnv GC roots
keep-derivations = true;
keep-outputs = true;
# Use binary cache
builders-use-substitutes = true;
# Substituters to pull from.
substituters = [
"https://cache.nixos.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
];
# Determinate nix config
# ===========================================
lazy-trees = true;
# ===========================================
};
};
systemd.services = {
# WE DONT WANT TO BUILD STUFF ON TMPFS
# ITS NOT A GOOD IDEA
nix-daemon = {
environment.TMPDIR = "/var/tmp";
};
# Do not run garbage collection on AC power.
# This makes for a quite nice difference in battery life.
nix-gc = {
unitConfig.ConditionACPower = true;
};
};
}