Ittihadyya/adyya-flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
adyya-flake/nix.mod.nix

242 lines
5.6 KiB
Nix
Raw Blame History

{
nix-monitored,
molecules,
...
}:
let
garbage-collection-module =
{ lib, ... }:
{
programs.nh.clean = {
enable = true;
extraArgs = "--keep 3 --keep-since 7d";
dates = "Mon..Sun *-*-* 03:00:00";
};
nix.optimise = {
automatic = true;
dates = [ "Mon..Sun *-*-* 04:00:00" ];
};
# there are very few circumstances in which we'd be awake at those times.
systemd.timers =
let
fuck-off.timerConfig = {
Persistent = lib.mkForce false;
RandomizedDelaySec = lib.mkForce 0;
};
in
{
nh-clean = fuck-off;
nix-optimise = fuck-off;
};
};
distributed-build-module =
{ config, ... }:
{
nix.distributedBuilds = true;
nix.buildMachines = [
{
hostName = "capsaicin";
system = "x86_64-linux";
maxJobs = 2;
speedFactor = 3;
}
{
hostName = "glucose";
system = "x86_64-linux";
maxJobs = 3;
speedFactor = 2;
}
{
hostName = "fructose";
system = "x86_64-linux";
maxJobs = 2;
speedFactor = 1;
}
];
};
in
{
universal.modules = [
{
system.stateVersion = "24.05";
nixpkgs.config.allowUnfree = true;
nix.settings = {
show-trace = true;
experimental-features = [
"nix-command"
"flakes"
];
};
}
(
{ pkgs, ... }:
{
nixpkgs.overlays = [
nix-monitored.overlays.default
(final: prev: {
nix-monitored = prev.nix-monitored.override {
withNotify = true;
};
})
(final: prev: {
nixos-rebuild = prev.nixos-rebuild.override {
nix = prev.nix-monitored;
};
nix-direnv = prev.nix-direnv.override {
nix = prev.nix-monitored;
};
nixmon = prev.runCommand "nixmon" { } ''
mkdir -p $out/bin
ln -s ${prev.nix-monitored}/bin/nix $out/bin/nixmon
'';
})
];
# nix.package = pkgs.nix-monitored;
environment.systemPackages = [ pkgs.nixmon ];
programs.nh.enable = true;
}
)
(
{
config,
pkgs,
lib,
...
}:
{
programs.ssh.extraConfig = ''
${builtins.concatStringsSep "" (
lib.mapAttrsToList (name: n: ''
Host ${name}
HostName ${name}.wg
User remote-builder
IdentityFile ${config.sops.secrets.remote-build-ssh-privkey.path}
'') molecules
)}
'';
users.users.remote-builder = {
isSystemUser = true;
group = "remote-builder";
description = "trusted remote builder user";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMedtsko4nwE6u00hLmmm70yBAU9uJJWbzo87BIOfB/ remote-builder"
];
shell = pkgs.runtimeShell;
};
users.groups.remote-builder = { };
nix.settings.trusted-users = [ "remote-builder" ];
}
)
(
{
config,
lib,
...
}:
lib.mkIf
(
# Don't make glucose a substitute for itself. Using glucose at the moment because it is not used for anything else. -e
config.networking.hostName != "glucose"
)
{
nix.settings = {
substituters = [ "https://cache.collective-conciousness.monster" ];
trusted-public-keys = [ "adyya-flake:PAbC0hnAiNj/kHcm9wIykmKIf25FDeXB6JusqlX2ghs=" ];
};
}
)
];
personal.modules = [
{
nixpkgs.config.rocmSupport = true;
}
];
glucose.modules = [
(
{
config,
pkgs,
lib,
...
}:
{
# This is publicly served from https://cache.collective-conciousness.monster
# That's proxied through aspartame via caddy.
services.nix-serve = {
enable = true;
port = 5020;
openFirewall = true;
package = pkgs.nix-serve-ng;
secretKeyFile = config.sops.secrets.binary-cache-secret.path;
};
/* systemd.timers."auto-update-rebuild" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5m";
OnUnitInactiveSec = "1h";
Unit = "auto-update-rebuild.service";
};
};
systemd.services."auto-update-rebuild" = {
script = ''
mkdir -p /tmp/auto-update-rebuild && cd /tmp/auto-update-rebuild
export PATH=${
lib.makeBinPath (
with pkgs;
[
nix
git
coreutils
]
)
}
nix flake update --flake /home/emv/adyya-flake
'';
serviceConfig = {
Restart = "on-failure";
RestartSec = "15m";
Type = "oneshot";
};
};*/
}
)
garbage-collection-module
];
menthol.modules = [ distributed-build-module ];
aspartame.modules = [ distributed-build-module ];
capsaicin.modules = [ garbage-collection-module ];
universal.home_modules = [
(
{ pkgs, lib, ... }:
{
home.packages = with pkgs; [
cachix
nil
nurl
nix-diff
nh
nix-output-monitor
nvd
nixfmt-rfc-style
];
}
)
];
}
Reference in a new issue View git blame Copy permalink