system-manager.nix

  1{
  2  config,
  3  hostname,
  4  inputs,
  5  lib,
  6  outputs,
  7  ...
  8}:
  9{
 10  imports = [
 11    (./. + "/${hostname}/system.nix")
 12
 13    # ./common/base
 14  ];
 15
 16  nixpkgs = {
 17    overlays = [
 18      # Our own flake exports (from overlays and pkgs dir)
 19      outputs.overlays.additions
 20      outputs.overlays.modifications
 21      outputs.overlays.unstable-packages
 22
 23      # And from other flakes
 24      inputs.emacs-overlay.overlay
 25      inputs.chapeau-rouge.overlays.openshift
 26      inputs.chick-group.overlays.default
 27      inputs.agenix.overlays.default
 28
 29      # Migrate to "modifications"
 30      (_: prev: {
 31        inherit (inputs.buildkit-tekton.packages.${prev.system}) tkn-local;
 32        inherit (inputs.dagger.packages.${prev.system}) dagger;
 33      })
 34    ];
 35    config = {
 36      allowUnfree = true;
 37    };
 38  };
 39  nix = {
 40    # This will add each flake input as a registry
 41    # To make nix3 commands consistent with your flake
 42    registry = lib.mkForce (lib.mapAttrs (_: value: { flake = value; }) inputs);
 43
 44    # This will additionally add your inputs to the system's legacy channels
 45    # Making legacy nix commands consistent as well, awesome!
 46    nixPath = lib.mkForce (
 47      lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry
 48    );
 49
 50    optimise = {
 51      automatic = true;
 52      dates = [
 53        "01:10"
 54        "12:10"
 55      ];
 56    };
 57
 58    settings = {
 59      auto-optimise-store = true;
 60      experimental-features = [
 61        "nix-command"
 62        "flakes"
 63      ];
 64      sandbox = true;
 65      allowed-users = [
 66        "@wheel"
 67      ];
 68      trusted-users = [
 69        "root"
 70        "@wheel"
 71      ];
 72      # See https://nixos.org/manual/nix/stable/command-ref/conf-file#conf-use-xdg-base-directories
 73      use-xdg-base-directories = true;
 74
 75      # Add some "caches" (substituters)
 76      substituters = [
 77        "https://cache.nixos.org/"
 78        "https://r-ryantm.cachix.org"
 79        "https://shortbrain.cachix.org"
 80        "https://vdemeester.cachix.org"
 81        "https://chapeau-rouge.cachix.org"
 82      ];
 83      trusted-public-keys = [
 84        "r-ryantm.cachix.org-1:gkUbLkouDAyvBdpBX0JOdIiD2/DP1ldF3Z3Y6Gqcc4c="
 85        "shortbrain.cachix.org-1:dqXcXzM0yXs3eo9ChmMfmob93eemwNyhTx7wCR4IjeQ="
 86        "mic92.cachix.org-1:gi8IhgiT3CYZnJsaW7fxznzTkMUOn1RY4GmXdT/nXYQ="
 87        "chapeau-rouge.cachix.org-1:r34IG766Ez4Eeanr7Zx+egzXLE2Zgvc+XRspYZPDAn8="
 88        "vdemeester.cachix.org-1:eZWNOrLR9A9szeMahn9ENaoT9DB3WgOos8va+d2CU44="
 89      ];
 90    };
 91
 92    extraOptions = ''
 93      connect-timeout = 20
 94      build-cores = 0
 95      keep-outputs = true
 96      keep-derivations = true
 97      builders-use-substitutes = true
 98    '';
 99
100    # On laptops at least, make the daemon and builders low priority
101    # to have a responding system while building
102    daemonIOSchedClass = "idle";
103    daemonCPUSchedPolicy = "idle";
104  };
105}