modules/shared: add nix-daemon

2023-07-29 17:37:07 +10:00 · 2023-07-29 17:37:07 +10:00 · b553120a3c
commit b553120a3c
parent 9fe659f34a
3 changed files with 17 additions and 32 deletions
--- a/modules/darwin/common/default.nix
+++ b/modules/darwin/common/default.nix
@ -1,11 +1,9 @@
 { pkgs, ... }:
-let
-  asGB = size: toString (size * 1024 * 1024);
-in
 {
  imports = [
    ./flake-inputs.nix
    ./telegraf.nix
+    ../../shared/nix-daemon.nix
  ];

  # use the same version as srvos
@ -24,29 +22,15 @@ in
    "@admin"
  ];

+  # srvos
  nix.settings.builders-use-substitutes = true;

-  nix.settings.substituters = [ "https://nix-community.cachix.org/" ];
-  nix.settings.trusted-public-keys = [
-    "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-  ];
-
+  # srvos
  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];

-  nix.settings.auto-optimise-store = true;
-
-  nix.settings.min-free = asGB 10;
-  nix.settings.max-free = asGB 200;
-
-  # avoid search path warnings
-  nix.nixPath = pkgs.lib.mkForce [ "nixpkgs=${pkgs.path}" ];
-
-  nix.gc.automatic = true;
-  nix.gc.options = "--delete-older-than 14d";
-
  environment.systemPackages = with pkgs; [
    htop
  ];
--- a/modules/nixos/common/default.nix
+++ b/modules/nixos/common/default.nix
@ -2,7 +2,7 @@
 {
  imports = [
    ./auto-upgrade.nix
-    ./nix-daemon.nix
+    ../../shared/nix-daemon.nix
    ./reboot.nix
    ./security.nix
    ./sops-nix.nix
@ -12,6 +12,17 @@
    inputs.srvos.nixosModules.server
  ];

+  # users in trusted group are trusted by the nix-daemon
+  nix.settings.trusted-users = [ "@trusted" ];
+
+  users.groups.trusted = { };
+
+  # Sometimes it fails if a store path is still in use.
+  # This should fix intermediate issues.
+  systemd.services.nix-gc.serviceConfig = {
+    Restart = "on-failure";
+  };
+
  networking.firewall.allowedTCPPorts = [ 9273 ];

  srvos.flake = inputs.self;
--- a/modules/nixos/common/nix-daemon.nix
+++ b/modules/nixos/common/nix-daemon.nix
@ -20,21 +20,11 @@ in
    settings.min-free = asGB 10;
    settings.max-free = asGB 200;

-    # users in trusted group are trusted by the nix-daemon
-    settings.trusted-users = [ "@trusted" ];
-
    # useful for ad-hoc nix-shell's for debugging
-    nixPath = [ "nixpkgs=${pkgs.path}" ];
+    # use mkForce to avoid search path warnings with nix-darwin
+    nixPath = pkgs.lib.mkForce [ "nixpkgs=${pkgs.path}" ];

    gc.automatic = true;
    gc.options = "--delete-older-than 14d";
  };
-
-  # Sometimes it fails if a store path is still in use.
-  # This should fix intermediate issues.
-  systemd.services.nix-gc.serviceConfig = {
-    Restart = "on-failure";
-  };
-
-  users.groups.trusted = { };
 }