nix-community/srvos
1
1
Fork 0
mirror of https://github.com/nix-community/srvos.git synced 2024-09-11 14:17:02 +03:00
Code Issues Packages Projects Releases Wiki Activity

mixins-nix-experimental: not so common experimental features to its own module

Browse Source
This commit is contained in:
Jörg Thalheim 2023-10-13 22:01:18 +02:00
parent 773baff17c
commit fbc038210c
4 changed files with 28 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/nixos/mixins.md
View File

@ -14,10 +14,15 @@ Configure systemd-boot as bootloader.
Enables a generic telegraf configuration. See [Mic's dotfiles](https://github.com/Mic92/dotfiles/blob/master/nixos/eva/modules/prometheus/alert-rules.nix) for monitoring rules targeting this telegraf configuration.
### `nixosModules.nginx`
### `nixosModules.mixins-nginx`
Configure Nginx with recommended settings. Is quite useful when using nginx as a reverse-proxy on the machine to other services.
### `nixosModules.mixins-nix-experimental`
Enables all experimental features in nix, that are known safe to use (i.e. are only used when explicitly requested in a build).
This for example unlocks use of containers in the nix sandbox.
### `nixosModules.mixins-trusted-nix-caches`
Add the common list of public nix binary caches that we trust.
Add the common list of public nix binary caches that we trust.

2
nixos/common/nix.nix
View File

@ -8,8 +8,6 @@
"nix-command"
"flakes"
"repl-flake"
"impure-derivations"
"auto-allocate-uids"
];
# The default at 10 is rarely enough.

1
nixos/default.nix
View File

@ -53,6 +53,7 @@ exposeModules ./. [
./mixins/terminfo.nix
./mixins/tracing.nix
./mixins/trusted-nix-caches.nix
./mixins/nix-experimental.nix
./roles/github-actions-runner.nix
./roles/nix-remote-builder.nix
./roles/prometheus

20
nixos/mixins/nix-experimental.nix Normal file
View File

@ -0,0 +1,20 @@
{ lib, config, ... }:
{
# Enable flakes
nix.settings.experimental-features = [
# for container in builds support
"auto-allocate-uids"
"cgroups"
# run builds with network access but without fixed-output checksum
"impure-derivations"
] ++ lib.optional (lib.versionOlder (lib.versions.majorMinor config.nix.package.version) "2.18") [
# allows to drop references from filesystem images
"discard-references"
];
# no longer need to pre-allocate build users for everything
nix.settings.auto-allocate-uids = true;
# for container in builds support
nix.settings.system-features = lib.mkDefault [ "uid-range" ];
}