2016-12-15 12:26:22 +00:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
|
|
|
with lib;
|
|
|
|
|
|
|
|
let
|
|
|
|
cfg = config.nix;
|
|
|
|
|
2018-03-29 19:19:37 +00:00
|
|
|
isNix20 = versionAtLeast (cfg.version or "<unknown>") "1.12pre";
|
2017-07-18 20:31:31 +00:00
|
|
|
|
2016-12-15 12:26:22 +00:00
|
|
|
nixConf =
|
|
|
|
let
|
|
|
|
# If we're using sandbox for builds, then provide /bin/sh in
|
|
|
|
# the sandbox as a bind-mount to bash. This means we also need to
|
|
|
|
# include the entire closure of bash.
|
|
|
|
sh = pkgs.stdenv.shell;
|
|
|
|
binshDeps = pkgs.writeReferencesToFile sh;
|
|
|
|
in
|
2018-01-21 12:46:30 +00:00
|
|
|
pkgs.runCommandNoCC "nix.conf"
|
|
|
|
{ preferLocalBuild = true; extraOptions = cfg.extraOptions; }
|
|
|
|
''
|
|
|
|
cat > $out <<END
|
|
|
|
# WARNING: this file is generated from the nix.* options in
|
|
|
|
# your NixOS configuration, typically
|
|
|
|
# /etc/nixos/configuration.nix. Do not edit it!
|
2019-07-01 19:14:14 +00:00
|
|
|
${optionalString cfg.useDaemon ''
|
2018-01-21 12:46:30 +00:00
|
|
|
build-users-group = nixbld
|
|
|
|
''}
|
2020-10-25 14:17:36 +00:00
|
|
|
max-jobs = ${toString (cfg.maxJobs)}
|
|
|
|
cores = ${toString (cfg.buildCores)}
|
|
|
|
sandbox = ${if (builtins.isBool cfg.useSandbox) then boolToString cfg.useSandbox else cfg.useSandbox}
|
2018-01-21 12:46:30 +00:00
|
|
|
${optionalString (cfg.sandboxPaths != []) ''
|
2020-10-25 14:17:36 +00:00
|
|
|
extra-sandbox-paths = ${toString cfg.sandboxPaths}
|
2018-01-21 12:46:30 +00:00
|
|
|
''}
|
2020-10-25 14:17:36 +00:00
|
|
|
substituters = ${toString cfg.binaryCaches}
|
|
|
|
trusted-substituters = ${toString cfg.trustedBinaryCaches}
|
|
|
|
trusted-public-keys = ${toString cfg.binaryCachePublicKeys}
|
|
|
|
require-sigs = ${if cfg.requireSignedBinaryCaches then "true" else "false"}
|
2018-01-21 12:46:30 +00:00
|
|
|
trusted-users = ${toString cfg.trustedUsers}
|
|
|
|
allowed-users = ${toString cfg.allowedUsers}
|
|
|
|
$extraOptions
|
|
|
|
END
|
|
|
|
'';
|
2016-12-15 12:26:22 +00:00
|
|
|
in
|
|
|
|
|
|
|
|
{
|
|
|
|
options = {
|
2017-07-23 14:05:46 +00:00
|
|
|
nix.package = mkOption {
|
2018-01-13 17:18:48 +00:00
|
|
|
type = types.either types.package types.path;
|
2018-03-29 19:00:49 +00:00
|
|
|
default = pkgs.nix;
|
|
|
|
defaultText = "pkgs.nix";
|
2021-10-23 13:05:52 +00:00
|
|
|
example = literalExpression "pkgs.nixUnstable";
|
2017-07-23 14:05:46 +00:00
|
|
|
description = ''
|
|
|
|
This option specifies the package or profile that contains the version of Nix to use throughout the system.
|
2018-03-29 19:00:49 +00:00
|
|
|
To keep the version of nix originally installed the default profile can be used.
|
|
|
|
|
|
|
|
eg. /nix/var/nix/profiles/default
|
2017-07-23 14:05:46 +00:00
|
|
|
'';
|
|
|
|
};
|
2016-12-15 12:26:22 +00:00
|
|
|
|
2018-03-29 19:19:37 +00:00
|
|
|
nix.version = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
default = "<unknown>";
|
|
|
|
example = "1.11.6";
|
|
|
|
description = "The version of nix. Used to determine what settings to configure in nix.conf";
|
|
|
|
};
|
|
|
|
|
2018-01-03 19:10:24 +00:00
|
|
|
nix.useDaemon = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = false;
|
|
|
|
description = "
|
|
|
|
If set, Nix will use the daemon to perform operations.
|
|
|
|
Use this instead of services.nix-daemon.enable if you don't wan't the
|
|
|
|
daemon service to be managed for you.
|
|
|
|
";
|
|
|
|
};
|
|
|
|
|
2017-07-23 14:05:46 +00:00
|
|
|
nix.maxJobs = mkOption {
|
2020-05-30 01:14:06 +00:00
|
|
|
type = types.either types.int (types.enum ["auto"]);
|
|
|
|
default = "auto";
|
2017-07-23 14:05:46 +00:00
|
|
|
example = 64;
|
|
|
|
description = ''
|
2020-05-30 01:14:06 +00:00
|
|
|
This option defines the maximum number of jobs that Nix will try to
|
|
|
|
build in parallel. The default is auto, which means it will use all
|
|
|
|
available logical cores. It is recommend to set it to the total
|
|
|
|
number of logical cores in your system (e.g., 16 for two CPUs with 4
|
|
|
|
cores each and hyper-threading).
|
2017-07-23 14:05:46 +00:00
|
|
|
'';
|
|
|
|
};
|
2016-12-15 12:26:22 +00:00
|
|
|
|
2017-07-23 14:05:46 +00:00
|
|
|
nix.buildCores = mkOption {
|
|
|
|
type = types.int;
|
2020-05-30 01:14:06 +00:00
|
|
|
default = 0;
|
2017-07-23 14:05:46 +00:00
|
|
|
example = 64;
|
|
|
|
description = ''
|
|
|
|
This option defines the maximum number of concurrent tasks during
|
2020-05-30 01:14:06 +00:00
|
|
|
one build. It affects, e.g., -j option for make.
|
2017-07-23 14:05:46 +00:00
|
|
|
The special value 0 means that the builder should use all
|
|
|
|
available CPU cores in the system. Some builds may become
|
|
|
|
non-deterministic with this option; use with care! Packages will
|
|
|
|
only be affected if enableParallelBuilding is set for them.
|
|
|
|
'';
|
|
|
|
};
|
2016-12-15 12:26:22 +00:00
|
|
|
|
2017-07-23 14:05:46 +00:00
|
|
|
nix.useSandbox = mkOption {
|
|
|
|
type = types.either types.bool (types.enum ["relaxed"]);
|
|
|
|
default = false;
|
|
|
|
description = "
|
|
|
|
If set, Nix will perform builds in a sandboxed environment that it
|
|
|
|
will set up automatically for each build. This prevents
|
|
|
|
impurities in builds by disallowing access to dependencies
|
|
|
|
outside of the Nix store.
|
|
|
|
";
|
|
|
|
};
|
2016-12-15 12:26:22 +00:00
|
|
|
|
2017-07-23 14:05:46 +00:00
|
|
|
nix.sandboxPaths = mkOption {
|
|
|
|
type = types.listOf types.str;
|
|
|
|
default = [];
|
|
|
|
example = [ "/dev" "/proc" ];
|
|
|
|
description =
|
|
|
|
''
|
|
|
|
Directories from the host filesystem to be included
|
|
|
|
in the sandbox.
|
2016-12-15 12:26:22 +00:00
|
|
|
'';
|
2017-07-23 14:05:46 +00:00
|
|
|
};
|
2016-12-15 12:26:22 +00:00
|
|
|
|
2017-07-23 14:05:46 +00:00
|
|
|
nix.extraOptions = mkOption {
|
|
|
|
type = types.lines;
|
|
|
|
default = "";
|
|
|
|
example = ''
|
|
|
|
gc-keep-outputs = true
|
|
|
|
gc-keep-derivations = true
|
|
|
|
'';
|
|
|
|
description = "Additional text appended to <filename>nix.conf</filename>.";
|
|
|
|
};
|
2016-12-15 12:26:22 +00:00
|
|
|
|
2017-07-23 14:05:46 +00:00
|
|
|
nix.distributedBuilds = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = false;
|
|
|
|
description = ''
|
|
|
|
Whether to distribute builds to the machines listed in
|
|
|
|
<option>nix.buildMachines</option>.
|
2018-01-14 14:12:35 +00:00
|
|
|
|
|
|
|
NOTE: This requires services.nix-daemon.enable for a
|
|
|
|
multi-user install.
|
2017-07-23 14:05:46 +00:00
|
|
|
'';
|
|
|
|
};
|
2016-12-15 12:26:22 +00:00
|
|
|
|
2017-07-23 14:05:46 +00:00
|
|
|
nix.daemonNiceLevel = mkOption {
|
|
|
|
type = types.int;
|
|
|
|
default = 0;
|
|
|
|
description = ''
|
|
|
|
Nix daemon process priority. This priority propagates to build processes.
|
|
|
|
0 is the default Unix process priority, 19 is the lowest.
|
|
|
|
'';
|
|
|
|
};
|
2016-12-15 12:26:22 +00:00
|
|
|
|
2017-07-23 14:05:46 +00:00
|
|
|
nix.daemonIONice = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = false;
|
|
|
|
description = ''
|
|
|
|
Whether the Nix daemon process should considered to be low priority when
|
|
|
|
doing file system I/O.
|
|
|
|
'';
|
|
|
|
};
|
2016-12-15 12:26:22 +00:00
|
|
|
|
2017-07-23 14:05:46 +00:00
|
|
|
nix.buildMachines = mkOption {
|
|
|
|
type = types.listOf types.attrs;
|
|
|
|
default = [];
|
|
|
|
example = [
|
|
|
|
{ hostName = "voila.labs.cs.uu.nl";
|
|
|
|
sshUser = "nix";
|
|
|
|
sshKey = "/root/.ssh/id_buildfarm";
|
|
|
|
system = "powerpc-darwin";
|
|
|
|
maxJobs = 1;
|
|
|
|
}
|
|
|
|
{ hostName = "linux64.example.org";
|
|
|
|
sshUser = "buildfarm";
|
|
|
|
sshKey = "/root/.ssh/id_buildfarm";
|
|
|
|
system = "x86_64-linux";
|
|
|
|
maxJobs = 2;
|
|
|
|
supportedFeatures = [ "kvm" ];
|
|
|
|
mandatoryFeatures = [ "perf" ];
|
|
|
|
}
|
|
|
|
];
|
|
|
|
description = ''
|
|
|
|
This option lists the machines to be used if distributed
|
|
|
|
builds are enabled (see
|
|
|
|
<option>nix.distributedBuilds</option>). Nix will perform
|
|
|
|
derivations on those machines via SSH by copying the inputs
|
|
|
|
to the Nix store on the remote machine, starting the build,
|
|
|
|
then copying the output back to the local Nix store. Each
|
|
|
|
element of the list should be an attribute set containing
|
|
|
|
the machine's host name (<varname>hostname</varname>), the
|
|
|
|
user name to be used for the SSH connection
|
|
|
|
(<varname>sshUser</varname>), the Nix system type
|
|
|
|
(<varname>system</varname>, e.g.,
|
|
|
|
<literal>"i686-linux"</literal>), the maximum number of
|
|
|
|
jobs to be run in parallel on that machine
|
|
|
|
(<varname>maxJobs</varname>), the path to the SSH private
|
|
|
|
key to be used to connect (<varname>sshKey</varname>), a
|
|
|
|
list of supported features of the machine
|
|
|
|
(<varname>supportedFeatures</varname>) and a list of
|
|
|
|
mandatory features of the machine
|
|
|
|
(<varname>mandatoryFeatures</varname>). The SSH private key
|
|
|
|
should not have a passphrase, and the corresponding public
|
|
|
|
key should be added to
|
|
|
|
<filename>~<replaceable>sshUser</replaceable>/authorized_keys</filename>
|
|
|
|
on the remote machine.
|
|
|
|
'';
|
|
|
|
};
|
2016-12-15 12:26:22 +00:00
|
|
|
|
2017-07-23 14:05:46 +00:00
|
|
|
# Environment variables for running Nix.
|
|
|
|
nix.envVars = mkOption {
|
|
|
|
type = types.attrs;
|
|
|
|
internal = true;
|
|
|
|
default = {};
|
|
|
|
description = "Environment variables used by Nix.";
|
|
|
|
};
|
2016-12-15 12:26:22 +00:00
|
|
|
|
2017-07-23 14:05:46 +00:00
|
|
|
nix.readOnlyStore = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = true;
|
|
|
|
description = ''
|
|
|
|
If set, NixOS will enforce the immutability of the Nix store
|
|
|
|
by making <filename>/nix/store</filename> a read-only bind
|
|
|
|
mount. Nix will automatically make the store writable when
|
|
|
|
needed.
|
|
|
|
'';
|
|
|
|
};
|
2016-12-15 12:26:22 +00:00
|
|
|
|
2017-07-23 14:05:46 +00:00
|
|
|
nix.binaryCaches = mkOption {
|
|
|
|
type = types.listOf types.str;
|
|
|
|
example = [ https://cache.example.org/ ];
|
|
|
|
description = ''
|
|
|
|
List of binary cache URLs used to obtain pre-built binaries
|
|
|
|
of Nix packages.
|
|
|
|
'';
|
|
|
|
};
|
2016-12-15 12:26:22 +00:00
|
|
|
|
2017-07-23 14:05:46 +00:00
|
|
|
nix.trustedBinaryCaches = mkOption {
|
|
|
|
type = types.listOf types.str;
|
|
|
|
default = [ ];
|
|
|
|
example = [ https://hydra.example.org/ ];
|
|
|
|
description = ''
|
|
|
|
List of binary cache URLs that non-root users can use (in
|
|
|
|
addition to those specified using
|
|
|
|
<option>nix.binaryCaches</option>) by passing
|
|
|
|
<literal>--option binary-caches</literal> to Nix commands.
|
|
|
|
'';
|
|
|
|
};
|
2016-12-15 12:26:22 +00:00
|
|
|
|
2017-07-23 14:05:46 +00:00
|
|
|
nix.requireSignedBinaryCaches = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = true;
|
|
|
|
description = ''
|
|
|
|
If enabled (the default), Nix will only download binaries from binary caches if
|
|
|
|
they are cryptographically signed with any of the keys listed in
|
|
|
|
<option>nix.binaryCachePublicKeys</option>. If disabled, signatures are neither
|
|
|
|
required nor checked, so it's strongly recommended that you use only
|
|
|
|
trustworthy caches and https to prevent man-in-the-middle attacks.
|
|
|
|
'';
|
|
|
|
};
|
2016-12-15 12:26:22 +00:00
|
|
|
|
2017-07-23 14:05:46 +00:00
|
|
|
nix.binaryCachePublicKeys = mkOption {
|
|
|
|
type = types.listOf types.str;
|
|
|
|
example = [ "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ];
|
|
|
|
description = ''
|
|
|
|
List of public keys used to sign binary caches. If
|
|
|
|
<option>nix.requireSignedBinaryCaches</option> is enabled,
|
|
|
|
then Nix will use a binary from a binary cache if and only
|
|
|
|
if it is signed by <emphasis>any</emphasis> of the keys
|
|
|
|
listed here. By default, only the key for
|
|
|
|
<uri>cache.nixos.org</uri> is included.
|
|
|
|
'';
|
|
|
|
};
|
2016-12-15 12:26:22 +00:00
|
|
|
|
2017-07-23 14:05:46 +00:00
|
|
|
nix.trustedUsers = mkOption {
|
|
|
|
type = types.listOf types.str;
|
|
|
|
default = [ "root" ];
|
|
|
|
example = [ "root" "alice" "@wheel" ];
|
|
|
|
description = ''
|
|
|
|
A list of names of users that have additional rights when
|
|
|
|
connecting to the Nix daemon, such as the ability to specify
|
|
|
|
additional binary caches, or to import unsigned NARs. You
|
|
|
|
can also specify groups by prefixing them with
|
|
|
|
<literal>@</literal>; for instance,
|
|
|
|
<literal>@wheel</literal> means all users in the wheel
|
|
|
|
group.
|
|
|
|
'';
|
|
|
|
};
|
2016-12-15 12:26:22 +00:00
|
|
|
|
2017-07-23 14:05:46 +00:00
|
|
|
nix.allowedUsers = mkOption {
|
|
|
|
type = types.listOf types.str;
|
|
|
|
default = [ "*" ];
|
|
|
|
example = [ "@wheel" "@builders" "alice" "bob" ];
|
|
|
|
description = ''
|
|
|
|
A list of names of users (separated by whitespace) that are
|
|
|
|
allowed to connect to the Nix daemon. As with
|
|
|
|
<option>nix.trustedUsers</option>, you can specify groups by
|
|
|
|
prefixing them with <literal>@</literal>. Also, you can
|
|
|
|
allow all users by specifying <literal>*</literal>. The
|
|
|
|
default is <literal>*</literal>. Note that trusted users are
|
|
|
|
always allowed to connect.
|
|
|
|
'';
|
2016-12-15 12:26:22 +00:00
|
|
|
};
|
|
|
|
|
2017-07-23 14:05:46 +00:00
|
|
|
nix.nixPath = mkOption {
|
2019-05-01 10:30:00 +00:00
|
|
|
type = mkOptionType {
|
|
|
|
name = "nix path";
|
|
|
|
merge = loc: defs:
|
|
|
|
let
|
|
|
|
values = flatten (map (def:
|
|
|
|
(map (x:
|
|
|
|
if isAttrs x then (mapAttrsToList nameValuePair x)
|
|
|
|
else if isString x then x
|
|
|
|
else throw "The option value `${showOption loc}` in `${def.file}` is not a attset or string.")
|
|
|
|
(if isList def.value then def.value else [def.value]))) defs);
|
|
|
|
|
|
|
|
namedPaths = mapAttrsToList (n: v: "${n}=${(head v).value}")
|
|
|
|
(zipAttrs
|
|
|
|
(map (x: { "${x.name}" = { inherit (x) value; }; })
|
|
|
|
(filter isAttrs values)));
|
|
|
|
|
|
|
|
searchPaths = unique
|
|
|
|
(filter isString values);
|
|
|
|
in
|
|
|
|
namedPaths ++ searchPaths;
|
|
|
|
};
|
2017-07-23 14:05:46 +00:00
|
|
|
default =
|
2017-07-23 16:13:18 +00:00
|
|
|
[ # Include default path <darwin-config>.
|
2019-05-01 10:30:00 +00:00
|
|
|
{ darwin-config = "${config.environment.darwinConfig}"; }
|
2018-10-26 17:04:08 +00:00
|
|
|
"/nix/var/nix/profiles/per-user/root/channels"
|
|
|
|
"$HOME/.nix-defexpr/channels"
|
2017-07-23 14:05:46 +00:00
|
|
|
];
|
2019-05-01 10:30:00 +00:00
|
|
|
example =
|
|
|
|
[ { trunk = "/src/nixpkgs"; }
|
|
|
|
];
|
2017-07-23 14:05:46 +00:00
|
|
|
description = ''
|
|
|
|
The default Nix expression search path, used by the Nix
|
|
|
|
evaluator to look up paths enclosed in angle brackets
|
2018-10-26 17:04:08 +00:00
|
|
|
(e.g. <literal><nixpkgs></literal>).
|
2019-05-01 10:30:00 +00:00
|
|
|
|
|
|
|
Named entries can be specified using an attribute set, if an
|
|
|
|
entry is configured multiple times the value with the lowest
|
|
|
|
ordering will be used.
|
2017-07-23 14:05:46 +00:00
|
|
|
'';
|
|
|
|
};
|
2020-12-22 18:44:21 +00:00
|
|
|
|
|
|
|
nix.registry = mkOption {
|
|
|
|
type = types.attrsOf (types.submodule (
|
|
|
|
let
|
|
|
|
inputAttrs = types.attrsOf (types.oneOf [types.str types.int types.bool types.package]);
|
|
|
|
in
|
|
|
|
{ config, name, ... }:
|
|
|
|
{ options = {
|
|
|
|
from = mkOption {
|
|
|
|
type = inputAttrs;
|
|
|
|
example = { type = "indirect"; id = "nixpkgs"; };
|
|
|
|
description = "The flake reference to be rewritten.";
|
|
|
|
};
|
|
|
|
to = mkOption {
|
|
|
|
type = inputAttrs;
|
|
|
|
example = { type = "github"; owner = "my-org"; repo = "my-nixpkgs"; };
|
|
|
|
description = "The flake reference to which <option>from></option> is to be rewritten.";
|
|
|
|
};
|
|
|
|
flake = mkOption {
|
|
|
|
type = types.unspecified;
|
|
|
|
default = null;
|
2021-10-23 13:05:52 +00:00
|
|
|
example = literalExpression "nixpkgs";
|
2020-12-22 18:44:21 +00:00
|
|
|
description = ''
|
|
|
|
The flake input to which <option>from></option> is to be rewritten.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
exact = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = true;
|
|
|
|
description = ''
|
|
|
|
Whether the <option>from</option> reference needs to match exactly. If set,
|
|
|
|
a <option>from</option> reference like <literal>nixpkgs</literal> does not
|
|
|
|
match with a reference like <literal>nixpkgs/nixos-20.03</literal>.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
config = {
|
|
|
|
from = mkDefault { type = "indirect"; id = name; };
|
|
|
|
to = mkIf (config.flake != null)
|
|
|
|
({ type = "path";
|
|
|
|
path = config.flake.outPath;
|
|
|
|
} // lib.filterAttrs
|
|
|
|
(n: v: n == "lastModified" || n == "rev" || n == "revCount" || n == "narHash")
|
|
|
|
config.flake);
|
|
|
|
};
|
|
|
|
}
|
|
|
|
));
|
|
|
|
default = {};
|
|
|
|
description = ''
|
|
|
|
A system-wide flake registry.
|
|
|
|
'';
|
|
|
|
};
|
2016-12-15 12:26:22 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
config = {
|
|
|
|
|
2018-01-09 21:34:28 +00:00
|
|
|
warnings = [
|
|
|
|
(mkIf (!config.services.activate-system.enable && cfg.distributedBuilds) "services.activate-system is not enabled, a reboot could cause distributed builds to stop working.")
|
|
|
|
(mkIf (!cfg.distributedBuilds && cfg.buildMachines != []) "nix.distributedBuilds is not enabled, build machines won't be configured.")
|
|
|
|
];
|
2017-02-19 12:32:22 +00:00
|
|
|
|
2017-07-18 19:13:36 +00:00
|
|
|
nix.binaryCaches = mkAfter [ https://cache.nixos.org/ ];
|
|
|
|
nix.binaryCachePublicKeys = mkAfter [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
|
2016-12-15 12:26:22 +00:00
|
|
|
|
2019-05-01 10:42:31 +00:00
|
|
|
nix.nixPath = mkMerge [
|
|
|
|
(mkIf (config.system.stateVersion < 2) (mkDefault
|
2017-10-01 14:26:13 +00:00
|
|
|
[ "darwin=$HOME/.nix-defexpr/darwin"
|
|
|
|
"darwin-config=$HOME/.nixpkgs/darwin-configuration.nix"
|
|
|
|
"/nix/var/nix/profiles/per-user/root/channels"
|
2019-05-01 10:42:31 +00:00
|
|
|
]))
|
|
|
|
(mkIf (config.system.stateVersion > 3) (mkOrder 1200
|
|
|
|
[ { darwin-config = "${config.environment.darwinConfig}"; }
|
|
|
|
"/nix/var/nix/profiles/per-user/root/channels"
|
|
|
|
"$HOME/.nix-defexpr/channels"
|
|
|
|
]))
|
|
|
|
];
|
2017-10-01 14:26:13 +00:00
|
|
|
|
2019-05-01 10:30:00 +00:00
|
|
|
|
2018-03-29 19:00:49 +00:00
|
|
|
nix.package = mkIf (config.system.stateVersion < 3)
|
2018-03-29 20:09:26 +00:00
|
|
|
(mkDefault "/nix/var/nix/profiles/default");
|
2018-03-29 19:00:49 +00:00
|
|
|
|
2018-03-29 19:19:37 +00:00
|
|
|
nix.version = mkIf (isDerivation cfg.package) cfg.package.version or "<unknown>";
|
|
|
|
|
2018-01-13 17:18:48 +00:00
|
|
|
environment.systemPackages = mkIf (isDerivation cfg.package)
|
|
|
|
[ cfg.package ];
|
|
|
|
|
2016-12-15 12:26:22 +00:00
|
|
|
environment.etc."nix/nix.conf".source = nixConf;
|
|
|
|
|
2020-06-17 16:35:37 +00:00
|
|
|
environment.etc."nix/nix.conf".knownSha256Hashes = [
|
2021-12-21 20:20:33 +00:00
|
|
|
"7c2d80499b39256b03ee9abd3d6258343718306aca8d472c26ac32c9b0949093" # nix installer
|
|
|
|
"19299897fa312d9d32b3c968c2872dd143085aa727140cec51f57c59083e93b9"
|
|
|
|
"c4ecc3d541c163c8fcc954ccae6b8cab28c973dc283fea5995c69aaabcdf785f"
|
2020-06-17 16:35:37 +00:00
|
|
|
];
|
|
|
|
|
2020-12-22 18:44:21 +00:00
|
|
|
environment.etc."nix/registry.json".text = builtins.toJSON {
|
|
|
|
version = 2;
|
|
|
|
flakes = mapAttrsToList (n: v: { inherit (v) from to exact; }) cfg.registry;
|
|
|
|
};
|
|
|
|
|
2016-12-15 12:26:22 +00:00
|
|
|
# List of machines for distributed Nix builds in the format
|
2017-07-18 20:31:31 +00:00
|
|
|
# expected by build-remote.
|
2016-12-15 12:26:22 +00:00
|
|
|
environment.etc."nix/machines" =
|
|
|
|
{ enable = cfg.buildMachines != [];
|
|
|
|
text =
|
|
|
|
concatMapStrings (machine:
|
|
|
|
"${if machine ? sshUser then "${machine.sshUser}@" else ""}${machine.hostName} "
|
|
|
|
+ machine.system or (concatStringsSep "," machine.systems)
|
|
|
|
+ " ${machine.sshKey or "-"} ${toString machine.maxJobs or 1} "
|
|
|
|
+ toString (machine.speedFactor or 1)
|
|
|
|
+ " "
|
|
|
|
+ concatStringsSep "," (machine.mandatoryFeatures or [] ++ machine.supportedFeatures or [])
|
|
|
|
+ " "
|
|
|
|
+ concatStringsSep "," machine.mandatoryFeatures or []
|
|
|
|
+ "\n"
|
|
|
|
) cfg.buildMachines;
|
|
|
|
};
|
|
|
|
|
2020-10-25 14:17:36 +00:00
|
|
|
environment.extraInit = ''
|
2018-01-03 19:10:24 +00:00
|
|
|
# Set up secure multi-user builds: non-root users build through the
|
|
|
|
# Nix daemon.
|
2018-01-16 23:36:38 +00:00
|
|
|
if [ ! -w /nix/var/nix/db ]; then
|
2018-01-03 19:10:24 +00:00
|
|
|
export NIX_REMOTE=daemon
|
|
|
|
fi
|
|
|
|
'';
|
|
|
|
|
2016-12-15 12:26:22 +00:00
|
|
|
# Set up the environment variables for running Nix.
|
|
|
|
environment.variables = cfg.envVars //
|
|
|
|
{ NIX_PATH = concatStringsSep ":" cfg.nixPath;
|
|
|
|
};
|
|
|
|
|
2018-01-03 19:10:24 +00:00
|
|
|
system.activationScripts.nix-daemon.text = mkIf cfg.useDaemon ''
|
|
|
|
if ! diff /etc/nix/nix.conf /run/current-system/etc/nix/nix.conf &> /dev/null; then
|
2020-03-28 16:16:11 +00:00
|
|
|
echo "reloading nix-daemon..." >&2
|
|
|
|
launchctl kill HUP system/org.nixos.nix-daemon
|
2018-01-03 19:10:24 +00:00
|
|
|
fi
|
2020-03-28 16:16:11 +00:00
|
|
|
while ! nix-store --store daemon -q --hash ${pkgs.stdenv.shell} &>/dev/null; do
|
|
|
|
echo "waiting for nix-daemon" >&2
|
|
|
|
launchctl kickstart system/org.nixos.nix-daemon
|
|
|
|
done
|
2018-01-03 19:10:24 +00:00
|
|
|
'';
|
|
|
|
|
2016-12-15 12:26:22 +00:00
|
|
|
};
|
|
|
|
}
|