Compare commits
2 commits
e5bd395fd8
...
6c39724060
Author | SHA1 | Date | |
---|---|---|---|
6c39724060 | |||
e36875131b |
9 changed files with 81 additions and 59 deletions
12
flake.lock
12
flake.lock
|
@ -174,16 +174,16 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1720768451,
|
||||
"narHash": "sha256-EYekUHJE2gxeo2pM/zM9Wlqw1Uw2XTJXOSAO79ksc4Y=",
|
||||
"owner": "nixos",
|
||||
"lastModified": 1721187324,
|
||||
"narHash": "sha256-QA/hwTo9TsEbtTxFjHdyIopyRqVbC3psML9D1CuSGcg=",
|
||||
"owner": "xinyangli",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9",
|
||||
"rev": "5a00e83edebdcf87790dfa0a304b092f4e3ed694",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-unstable",
|
||||
"owner": "xinyangli",
|
||||
"ref": "deploy",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
|
|
|
@ -120,7 +120,6 @@
|
|||
nixpkgs = import nixpkgs {
|
||||
system = "x86_64-linux";
|
||||
};
|
||||
machinesFile = ./nixbuild.net;
|
||||
specialArgs = {
|
||||
inherit inputs;
|
||||
};
|
||||
|
@ -194,7 +193,7 @@
|
|||
{
|
||||
devShells = {
|
||||
default = pkgs.mkShell {
|
||||
packages = with pkgs; [ git colmena sops nix-output-monitor nil nvd ];
|
||||
packages = with pkgs; [ nix git colmena sops nix-output-monitor nil nvd ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -20,9 +20,6 @@
|
|||
inetutils
|
||||
];
|
||||
|
||||
# Required for standalone home configuration
|
||||
nix.package = lib.mkForce pkgs.nixVersions.latest;
|
||||
nix.extraOptions = ''
|
||||
extra-substituters = https://nix-community.cachix.org
|
||||
extra-trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
|
||||
'';
|
||||
}
|
||||
|
|
|
@ -9,6 +9,13 @@
|
|||
../sops.nix
|
||||
];
|
||||
|
||||
commonSettings = {
|
||||
nix = {
|
||||
enableMirrors = true;
|
||||
signing.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Bootloader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
@ -229,23 +236,6 @@
|
|||
|
||||
system.stateVersion = "22.05";
|
||||
|
||||
# Use mirror for binary cache
|
||||
nix.settings.substituters = [
|
||||
"https://mirrors.bfsu.edu.cn/nix-channels/store"
|
||||
"https://mirrors.ustc.edu.cn/nix-channels/store"
|
||||
];
|
||||
nix.gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 30d";
|
||||
};
|
||||
nix.optimise.automatic = true;
|
||||
|
||||
nix.settings = {
|
||||
experimental-features = [ "nix-command" "flakes" ];
|
||||
auto-optimise-store = true;
|
||||
trusted-users = [ "xin" "root" ];
|
||||
};
|
||||
nix.extraOptions = ''
|
||||
!include "${config.sops.secrets.github_public_token.path}"
|
||||
'';
|
||||
|
|
|
@ -79,10 +79,6 @@ in
|
|||
wheelNeedsPassword = false;
|
||||
};
|
||||
|
||||
nix.settings = {
|
||||
trusted-users = [ "root" ];
|
||||
};
|
||||
|
||||
services.sing-box = let
|
||||
singTls = {
|
||||
enabled = true;
|
||||
|
|
|
@ -46,21 +46,6 @@
|
|||
git
|
||||
];
|
||||
|
||||
nix.settings = {
|
||||
experimental-features = [ "nix-command" "flakes" ];
|
||||
substituters = "https://cache.garnix.io";
|
||||
trusted-public-keys = "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=";
|
||||
};
|
||||
|
||||
nix.gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 7d";
|
||||
};
|
||||
nix.optimise.automatic = true;
|
||||
nix.settings.auto-optimise-store = true;
|
||||
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
|
||||
networking = {
|
||||
|
|
|
@ -4,6 +4,9 @@
|
|||
imports = [
|
||||
./hass.nix
|
||||
];
|
||||
|
||||
commonSettings.nix.enableMirrors = true;
|
||||
|
||||
nixpkgs.overlays = [
|
||||
# Workaround https://github.com/NixOS/nixpkgs/issues/126755#issuecomment-869149243
|
||||
(final: super: {
|
||||
|
@ -18,13 +21,6 @@
|
|||
raspberrypi-eeprom
|
||||
];
|
||||
|
||||
# Use mirror for binary cache
|
||||
nix.settings.substituters = [
|
||||
"https://mirrors.bfsu.edu.cn/nix-channels/store"
|
||||
"https://mirrors.ustc.edu.cn/nix-channels/store"
|
||||
];
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
|
||||
networking = {
|
||||
|
@ -51,10 +47,6 @@
|
|||
wheelNeedsPassword = false;
|
||||
};
|
||||
|
||||
nix.settings = {
|
||||
trusted-users = [ "@wheel" ];
|
||||
};
|
||||
|
||||
# fileSystems."/".fsType = lib.mkForce "btrfs";
|
||||
boot.supportedFilesystems.zfs = lib.mkForce false;
|
||||
|
||||
|
|
62
modules/nixos/common-nix-conf.nix
Normal file
62
modules/nixos/common-nix-conf.nix
Normal file
|
@ -0,0 +1,62 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (lib) mkIf mkEnableOption mkOption types;
|
||||
|
||||
cfg = config.commonSettings.nix;
|
||||
in
|
||||
{
|
||||
options.commonSettings.nix = {
|
||||
enable = mkOption {
|
||||
default = true;
|
||||
type = types.bool;
|
||||
};
|
||||
enableMirrors = mkEnableOption "cache.nixos.org mirrors in Mainland China";
|
||||
signing = {
|
||||
enable = mkEnableOption "Sign locally-built paths";
|
||||
keyFile = mkOption {
|
||||
default = "/etc/nix/key.private";
|
||||
type = types.str;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
nix.package = pkgs.nixVersions.latest;
|
||||
|
||||
nix.gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 30d";
|
||||
};
|
||||
|
||||
nix.optimise.automatic = true;
|
||||
|
||||
nix.settings = {
|
||||
experimental-features = [ "nix-command" "flakes" ];
|
||||
auto-optimise-store = true;
|
||||
trusted-users = [ "root" ];
|
||||
|
||||
substituters = [
|
||||
"https://nix-community.cachix.org"
|
||||
"https://cache.garnix.io"
|
||||
];
|
||||
|
||||
extra-substituters = mkIf cfg.enableMirrors [
|
||||
"https://mirrors.bfsu.edu.cn/nix-channels/store"
|
||||
"https://mirrors.ustc.edu.cn/nix-channels/store"
|
||||
];
|
||||
|
||||
trusted-public-keys = [
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
|
||||
"xin-1:8/ul1IhdWLswERF/8RfeAw8VZqjwHrJ1x55y1yjxQ+Y="
|
||||
];
|
||||
|
||||
secret-key-files = mkIf cfg.signing.enable [
|
||||
cfg.signing.keyFile
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
./common-nix-conf.nix
|
||||
./restic.nix
|
||||
./vaultwarden.nix
|
||||
./prometheus.nix
|
||||
|
|
Loading…
Reference in a new issue