{ nix-monitored, molecules, ... }: let garbage-collection-module = { lib, ... }: { programs.nh.clean = { enable = true; extraArgs = "--keep 3 --keep-since 7d"; dates = "Mon..Sun *-*-* 03:00:00"; }; nix.optimise = { automatic = true; dates = [ "Mon..Sun *-*-* 04:00:00" ]; }; # there are very few circumstances in which we'd be awake at those times. systemd.timers = let fuck-off.timerConfig = { Persistent = lib.mkForce false; RandomizedDelaySec = lib.mkForce 0; }; in { nh-clean = fuck-off; nix-optimise = fuck-off; }; }; distributed-build-module = { config, ... }: { nix.distributedBuilds = true; nix.buildMachines = [ { hostName = "capsaicin"; system = "x86_64-linux"; maxJobs = 2; speedFactor = 3; } { hostName = "glucose"; system = "x86_64-linux"; maxJobs = 3; speedFactor = 2; } { hostName = "fructose"; system = "x86_64-linux"; maxJobs = 2; speedFactor = 1; } ]; }; in { universal.modules = [ { system.stateVersion = "24.05"; nixpkgs.config.allowUnfree = true; # this didn't work?? what. nix.settings = { show-trace = true; experimental-features = [ "nix-command" "flakes" ]; }; } ( { pkgs, ... }: { nixpkgs.overlays = [ nix-monitored.overlays.default (final: prev: { nix-monitored = prev.nix-monitored.override { withNotify = true; }; }) (final: prev: { nixos-rebuild = prev.nixos-rebuild.override { nix = prev.nix-monitored; }; nix-direnv = prev.nix-direnv.override { nix = prev.nix-monitored; }; nixmon = prev.runCommand "nixmon" { } '' mkdir -p $out/bin ln -s ${prev.nix-monitored}/bin/nix $out/bin/nixmon ''; }) ]; nix.package = pkgs.nix-monitored; environment.systemPackages = [ pkgs.nixmon ]; programs.nh.enable = true; } ) ( { config, pkgs, lib, ... }: { programs.ssh.extraConfig = '' ${builtins.concatStringsSep "" ( lib.mapAttrsToList (name: n: '' Host ${name} HostName ${name}.wg User remote-builder IdentityFile ${config.sops.secrets.remote-build-ssh-privkey.path} '') molecules )} ''; users.users.remote-builder = { isSystemUser = true; group = "remote-builder"; description = "trusted remote builder user"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMedtsko4nwE6u00hLmmm70yBAU9uJJWbzo87BIOfB/ remote-builder" ]; shell = pkgs.runtimeShell; }; users.groups.remote-builder = { }; nix.settings.trusted-users = [ "remote-builder" ]; } ) ( { config, lib, ... }: lib.mkIf ( # Don't make glucose a substitute for itself. Using glucose at the moment because it is not used for anything else. -e config.networking.hostName != "glucose" ) { nix.settings = { substituters = [ "https://cache.collective-conciousness.monster" ]; trusted-public-keys = [ "adyya-flake:PAbC0hnAiNj/kHcm9wIykmKIf25FDeXB6JusqlX2ghs=" ]; }; } ) ]; personal.modules = [ { nixpkgs.config.rocmSupport = true; } ]; glucose.modules = [ ( { config, pkgs, lib, ... }: { # This is publicly served from https://cache.collective-conciousness.monster # That's proxied through aspartame via caddy. services.nix-serve = { enable = true; port = 5020; openFirewall = true; package = pkgs.nix-serve-ng; secretKeyFile = config.sops.secrets.binary-cache-secret.path; }; /* systemd.timers."auto-update-rebuild" = { wantedBy = [ "timers.target" ]; timerConfig = { OnBootSec = "5m"; OnUnitInactiveSec = "1h"; Unit = "auto-update-rebuild.service"; }; }; systemd.services."auto-update-rebuild" = { script = '' mkdir -p /tmp/auto-update-rebuild && cd /tmp/auto-update-rebuild export PATH=${ lib.makeBinPath ( with pkgs; [ nix git coreutils ] ) } nix flake update --flake /home/emv/adyya-flake ''; serviceConfig = { Restart = "on-failure"; RestartSec = "15m"; Type = "oneshot"; }; };*/ } ) garbage-collection-module ]; menthol.modules = [ distributed-build-module ]; aspartame.modules = [ distributed-build-module ]; capsaicin.modules = [ garbage-collection-module ]; universal.home_modules = [ ( { pkgs, lib, ... }: { home.packages = with pkgs; [ cachix nil nurl nix-diff nh nix-output-monitor nvd nixfmt-rfc-style ]; } ) ]; }