diff --git a/hosts/configuration.nix b/hosts/configuration.nix index bb79bf9..0172261 100644 --- a/hosts/configuration.nix +++ b/hosts/configuration.nix @@ -25,26 +25,33 @@ in # allow mounting ntfs filesystems boot.supportedFilesystems = [ "ntfs" ]; - # Fallback quickly if substituters are not available. - nix.settings.connect-timeout = 5; - nix.settings.download-attempts = 3; - # The default at 10 is rarely enough. - nix.settings.log-lines = 50; - # Avoid disk full issues - nix.settings.max-free = (3000 * 1024 * 1024); - nix.settings.min-free = (1000 * 1024 * 1024); - # Avoid copying unnecessary stuff over SSH - nix.settings.builders-use-substitutes = true; - # Slower but mroe robust during crash TODO enable once we upgrade nix - # nix.settings.fsync-store-paths = true; - # nix.settings.fsync-metadata = true; - nix.settings.auto-optimise-store = true; + nix.settings = { + # Fallback quickly if substituters are not available. + connect-timeout = 5; + download-attempts = 3; + # The default at 10 is rarely enough. + log-lines = 50; + # Avoid disk full issues + max-free = (3000 * 1024 * 1024); + min-free = (1000 * 1024 * 1024); + # Avoid copying unnecessary stuff over SSH + builders-use-substitutes = true; + # Slower but more robust during crash TODO enable once we upgrade nix + # fsync-store-paths = true; + # fsync-metadata = true; + auto-optimise-store = true; - # TODO should I have this set for my user... - nix.settings.trusted-users = [ "root" "${settings.user.username}" ]; + # TODO should I have this set for my user... + trusted-users = [ + "root" + "${settings.user.username}" + ]; + }; # rate limiting for github nix.extraOptions = '' + keep-outputs = true + keep-derivations = true !include ${config.age.secrets.github_read_token.path} ''; @@ -52,7 +59,7 @@ in programs.nh = { enable = true; clean.enable = true; - clean.extraArgs = "--keep 3"; + clean.extraArgs = "--keep 10"; # TODO this may need to be defined higher up if it is ever different for a machine... flake = "/home/${settings.user.username}/.config/nixos-config"; }; diff --git a/hosts/lio/configuration.nix b/hosts/lio/configuration.nix index f9fc25a..6c02e7d 100644 --- a/hosts/lio/configuration.nix +++ b/hosts/lio/configuration.nix @@ -25,7 +25,7 @@ stormd.enable = true; nebula.enable = true; rustdesk.enable = true; - saber.enable = true; + # saber.enable = true; }; # opening this port for dev purposes @@ -45,4 +45,4 @@ # System76 hardware.system76.enableAll = true; -} + } diff --git a/users/josh/by_hosts/lio/nix_modules/ssh_authorized.nix b/users/josh/by_hosts/lio/nix_modules/ssh_authorized.nix index 0ce5ab1..69b9d2a 100644 --- a/users/josh/by_hosts/lio/nix_modules/ssh_authorized.nix +++ b/users/josh/by_hosts/lio/nix_modules/ssh_authorized.nix @@ -1,6 +1,11 @@ -{ settings, ... }: +{ settings, config, ... }: { users.users.${settings.user.username}.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJN2nsLmAlF6zj5dEBkNSJaqcCya+aB6I0imY8Q5Ew0S nix2lio" ]; + + # Also allow this key to work for root user, this will let us use this as a remote builder + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJN2nsLmAlF6zj5dEBkNSJaqcCya+aB6I0imY8Q5Ew0S nix2lio" + ]; } diff --git a/users/josh/home_manager/file_browser.nix b/users/josh/home_manager/file_browser.nix index 86c3157..159cc3f 100644 --- a/users/josh/home_manager/file_browser.nix +++ b/users/josh/home_manager/file_browser.nix @@ -5,5 +5,5 @@ ... }: { - home.packages = lib.mkIf (!nixConfig.mods.de_cosmic.enable) (with pkgs; [ gnome.nautilus qimgv ]); + home.packages = lib.mkIf (!nixConfig.mods.de_cosmic.enable) (with pkgs; [ nautilus qimgv ]); }