sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

modules/shared: add nix-daemon

Browse source
This commit is contained in:
zowoq 2023-07-29 17:37:07 +10:00
parent 9fe659f34a
commit b553120a3c
3 changed files with 17 additions and 32 deletions
modules
darwin/common
default.nix
nixos/common
default.nix
shared
nix-daemon.nix

22
modules/darwin/common/default.nix
View file

@ -1,11 +1,9 @@
{ pkgs, ... }: { pkgs, ... }:
let
asGB = size: toString (size * 1024 * 1024);
in
{ {
imports = [ imports = [
./flake-inputs.nix ./flake-inputs.nix
./telegraf.nix ./telegraf.nix
../../shared/nix-daemon.nix
]; ];
# use the same version as srvos # use the same version as srvos
@ -24,29 +22,15 @@ in
"@admin" "@admin"
]; ];
# srvos
nix.settings.builders-use-substitutes = true; nix.settings.builders-use-substitutes = true;
nix.settings.substituters = [ "https://nix-community.cachix.org/" ]; # srvos
nix.settings.trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
nix.settings.experimental-features = [ nix.settings.experimental-features = [
"nix-command" "nix-command"
"flakes" "flakes"
]; ];
nix.settings.auto-optimise-store = true;
nix.settings.min-free = asGB 10;
nix.settings.max-free = asGB 200;
# avoid search path warnings
nix.nixPath = pkgs.lib.mkForce [ "nixpkgs=${pkgs.path}" ];
nix.gc.automatic = true;
nix.gc.options = "--delete-older-than 14d";
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
htop htop
]; ];

13
modules/nixos/common/default.nix
View file

@ -2,7 +2,7 @@
{ {
imports = [ imports = [
./auto-upgrade.nix ./auto-upgrade.nix
./nix-daemon.nix ../../shared/nix-daemon.nix
./reboot.nix ./reboot.nix
./security.nix ./security.nix
./sops-nix.nix ./sops-nix.nix
@ -12,6 +12,17 @@
inputs.srvos.nixosModules.server inputs.srvos.nixosModules.server
]; ];
# users in trusted group are trusted by the nix-daemon
nix.settings.trusted-users = [ "@trusted" ];
users.groups.trusted = { };
# Sometimes it fails if a store path is still in use.
# This should fix intermediate issues.
systemd.services.nix-gc.serviceConfig = {
Restart = "on-failure";
};
networking.firewall.allowedTCPPorts = [ 9273 ]; networking.firewall.allowedTCPPorts = [ 9273 ];
srvos.flake = inputs.self; srvos.flake = inputs.self;

14
modules/nixos/common/nix-daemon.nix → modules/shared/nix-daemon.nix
View file

@ -20,21 +20,11 @@ in
settings.min-free = asGB 10; settings.min-free = asGB 10;
settings.max-free = asGB 200; settings.max-free = asGB 200;
# users in trusted group are trusted by the nix-daemon
settings.trusted-users = [ "@trusted" ];
# useful for ad-hoc nix-shell's for debugging # useful for ad-hoc nix-shell's for debugging
nixPath = [ "nixpkgs=${pkgs.path}" ]; # use mkForce to avoid search path warnings with nix-darwin
nixPath = pkgs.lib.mkForce [ "nixpkgs=${pkgs.path}" ];
gc.automatic = true; gc.automatic = true;
gc.options = "--delete-older-than 14d"; gc.options = "--delete-older-than 14d";
}; };
# Sometimes it fails if a store path is still in use.
# This should fix intermediate issues.
systemd.services.nix-gc.serviceConfig = {
Restart = "on-failure";
};
users.groups.trusted = { };
} }