mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

mkModule migration begin

Browse Source
This commit is contained in:
mjallen18
2025-12-14 22:47:51 -06:00
parent 34539045e5
commit fedba849a7
9 changed files with 302 additions and 667 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
lib/module/default.nix
View File

@@ -48,6 +48,12 @@ rec {
reverseProxies = [ reverseProxyConfig ];
};
# Open firewall
networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
allowedUDPPorts = [ cfg.port ];
};
users = lib.mkIf cfg.createUser {
users.${name} = {
isSystemUser = true;
@@ -57,6 +63,19 @@ rec {
groups.${name} = { };
};
services = {
# postgresql = lib.mkIf cfg.configureDb {
# enable = true;
# ensureDatabases = [ name ];
# ensureUsers = [
# {
# name = name;
# ensureDBOwnership = true;
# }
# ];
# };
};
systemd.tmpfiles.rules = [
"d ${cfg.configDir} 0700 ${name} ${name} - -"
"d ${cfg.configDir}/server-files 0700 ${name} ${name} - -"
@@ -73,12 +92,26 @@ rec {
port = mkOpt types.int 80 "Port for ${name} to be hosted on";
configDir = mkOpt types.str "/media/nas/main/nix-app-data/${name}" "Path to the config dir";
configDir = mkOpt types.str "/media/nas/main/nix-app-data" "Path to the config dir";
dataDir = mkOpt types.str "/media/nas/main/${name}" "Path to the data dir";
dataDir = mkOpt types.str "/media/nas/main" "Path to the data dir";
createUser = mkBoolOpt false "create a user for this module/service";
configureDb = mkBoolOpt false "Manage db for this service";
environmentFile = mkOpt types.str "" "Environment File";
puid = mkOpt types.str "911" "default user id";
pgid = mkOpt types.str "1000" "default group id";
timeZone = mkOpt types.str "America/Chicago" "default timezone";
listenAddress = mkOpt types.str "0.0.0.0" "Environment File";
openFirewall = mkBoolOpt true "Open the firewall";
reverseProxy = mkReverseProxyOpt;
}
// options;

19
modules/nixos/services/actual/default.nix
View File

@@ -10,29 +10,29 @@ let
name = "actual";
cfg = config.${namespace}.services.${name};
actualConfig = lib.${namespace}.mkModule rec {
inherit name;
actualConfig = lib.${namespace}.mkModule {
inherit config name;
description = "Actual Personal Finance Planner";
options = { };
moduleConfig = {
services.actual = {
enable = true;
openFirewall = true;
openFirewall = cfg.openFirewall;
settings = {
trustedProxies = [ config.${namespace}.network.ipv4.address ];
port = cfg.port;
configDir = cfg.configDir;
serverFiles = "${cfg.configDir}/server-files";
userFiles = "${cfg.configDir}/user-files";
configDir = "${cfg.configDir}/${name}";
serverFiles = "${cfg.configDir}/${name}/server-files";
userFiles = "${cfg.configDir}/${name}/user-files";
};
};
systemd.services = lib.mkIf cfg.createUser {
actual = {
environment.ACTUAL_CONFIG_PATH = lib.mkForce "${cfg.configDir}/config.json";
environment.ACTUAL_CONFIG_PATH = lib.mkForce "${cfg.configDir}/${name}/config.json";
serviceConfig = {
ExecStart = lib.mkForce "${lib.getExe pkgs.actual-server} --config ${cfg.configDir}/config.json";
WorkingDirectory = lib.mkForce cfg.configDir;
ExecStart = lib.mkForce "${lib.getExe pkgs.actual-server} --config ${cfg.configDir}/${name}/config.json";
WorkingDirectory = lib.mkForce "${cfg.configDir}/${name}";
StateDirectoryMode = lib.mkForce 700;
DynamicUser = lib.mkForce false;
ProtectSystem = lib.mkForce "full";
@@ -40,7 +40,6 @@ let
};
};
};
inherit config;
};
in
{

120
modules/nixos/services/ai/default.nix
View File

@@ -7,66 +7,74 @@
}:
with lib;
let
cfg = config.${namespace}.services.ai;
in
{
imports = [ ./options.nix ];
name = "ai";
cfg = config.${namespace}.services.${name};
config = mkIf cfg.enable {
services.ollama = {
enable = true;
package = pkgs.stable.ollama-rocm;
port = 11434;
host = "0.0.0.0";
user = "nix-apps";
group = "jallen-nas";
openFirewall = true;
rocmOverrideGfx = "11.0.2";
loadModels = [ "mistral:instruct" ];
home = "/media/nas/main/nix-app-data/ollama";
};
aiConfig = lib.${namespace}.mkModule {
inherit config name;
description = "AI Services";
options = { };
moduleConfig = {
services = {
ollama = {
enable = true;
package = pkgs.stable.ollama-rocm;
port = 11434;
host = "0.0.0.0";
user = "nix-apps";
group = "jallen-nas";
openFirewall = cfg.openFirewall;
rocmOverrideGfx = "11.0.2";
loadModels = [ "mistral:instruct" ];
home = "${cfg.configDir}/ollama";
};
services.llama-cpp = {
enable = true;
port = 8127;
host = "0.0.0.0";
openFirewall = true;
model = "/media/nas/main/nix-app-data/llama-cpp/models/functionary-small-v3.2-GGUF/functionary-small-v3.2.Q4_0.gguf";
package = pkgs.stable.llama-cpp-rocm;
extraFlags = [
"--n_gpu-layers"
"500"
"-c"
"0"
"--numa"
"numactl"
"--jinja"
];
};
llama-cpp = {
enable = true;
port = 8127;
host = "0.0.0.0";
openFirewall = cfg.openFirewall;
model = "${cfg.configDir}/llama-cpp/models/functionary-small-v3.2-GGUF/functionary-small-v3.2.Q4_0.gguf";
package = pkgs.stable.llama-cpp-rocm;
extraFlags = [
"--n_gpu-layers"
"500"
"-c"
"0"
"--numa"
"numactl"
"--jinja"
];
};
services.open-webui = {
enable = true;
package = pkgs.stable.open-webui;
host = "0.0.0.0";
port = 8888;
openFirewall = true;
# stateDir = "/media/nas/main/nix-app-data/open-webui";
environmentFile = config.sops.secrets."jallen-nas/open-webui".path;
environment = {
OPENID_PROVIDER_URL = "https://authentik.mjallen.dev/application/o/chat/.well-known/openid-configuration";
OAUTH_PROVIDER_NAME = "authentik";
OPENID_REDIRECT_URI = "https://chat.mjallen.dev/oauth/oidc/callback";
ENABLE_OAUTH_SIGNUP = "False";
OAUTH_MERGE_ACCOUNTS_BY_EMAIL = "True";
ENABLE_SIGNUP = "False";
ENABLE_LOGIN_FORM = "False";
ANONYMIZED_TELEMETRY = "False";
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
OLLAMA_API_BASE_URL = "http://127.0.0.1:11434";
LOCAL_FILES_ONLY = "False";
WEBUI_AUTH = "False";
open-webui = {
enable = true;
package = pkgs.stable.open-webui;
host = "0.0.0.0";
port = 8888;
openFirewall = cfg.openFirewall;
# stateDir = "/media/nas/main/nix-app-data/open-webui";
environmentFile = config.sops.secrets."jallen-nas/open-webui".path;
environment = {
OPENID_PROVIDER_URL = "https://authentik.mjallen.dev/application/o/chat/.well-known/openid-configuration";
OAUTH_PROVIDER_NAME = "authentik";
OPENID_REDIRECT_URI = "https://chat.mjallen.dev/oauth/oidc/callback";
ENABLE_OAUTH_SIGNUP = "False";
OAUTH_MERGE_ACCOUNTS_BY_EMAIL = "True";
ENABLE_SIGNUP = "False";
ENABLE_LOGIN_FORM = "False";
ANONYMIZED_TELEMETRY = "False";
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
OLLAMA_API_BASE_URL = "http://127.0.0.1:11434";
LOCAL_FILES_ONLY = "False";
WEBUI_AUTH = "False";
};
};
};
};
};
in
{
imports = [ aiConfig ];
}

7
modules/nixos/services/ai/options.nix
View File

@@ -1,7 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.ai = {
enable = mkEnableOption "enable ai";
};
}

102
modules/nixos/services/arrs/default.nix
View File

@@ -6,57 +6,63 @@
}:
with lib;
let
cfg = config.${namespace}.services.arrs;
in
{
imports = [ ./options.nix ];
name = "arrs";
cfg = config.${namespace}.services.${name};
config = mkIf cfg.enable {
# Enable radarr service
services.radarr = {
enable = cfg.radarr.enable;
openFirewall = true;
user = "nix-apps";
group = "jallen-nas";
dataDir = cfg.radarr.dataDir;
};
# Enable Sonarr service
services.sonarr = {
enable = cfg.sonarr.enable;
openFirewall = true;
user = "nix-apps";
group = "jallen-nas";
dataDir = cfg.sonarr.dataDir;
};
# Enable Sabnzbd service
services.sabnzbd = {
enable = cfg.sabnzbd.enable;
# openFirewall = true;
user = "nix-apps";
group = "jallen-nas";
configFile = "${cfg.sabnzbd.dataDir}/sabnzbd.ini";
};
services.deluge = {
enable = cfg.deluge.enable;
user = "nix-apps";
group = "jallen-nas";
openFirewall = true;
dataDir = "/media/nas/main";
web = {
arrsConfig = lib.${namespace}.mkModule {
inherit config name;
description = "*arr Services";
options = { };
moduleConfig = {
# Enable radarr service
services.radarr = {
enable = true;
port = cfg.deluge.port;
openFirewall = true;
openFirewall = cfg.openFirewall;
user = "nix-apps";
group = "jallen-nas";
dataDir = "${cfg.configDir}/radarr";
};
# Enable Sonarr service
services.sonarr = {
enable = true;
openFirewall = cfg.openFirewall;
user = "nix-apps";
group = "jallen-nas";
dataDir = "${cfg.configDir}/sonarr";
};
# Enable Sabnzbd service
services.sabnzbd = {
enable = true;
# openFirewall = cfg.openFirewall;
user = "nix-apps";
group = "jallen-nas";
configFile = "${cfg.configDir}/sabnzbd/sabnzbd.ini";
};
services.deluge = {
enable = false;
user = "nix-apps";
group = "jallen-nas";
openFirewall = cfg.openFirewall;
dataDir = cfg.dataDir;
web = {
enable = true;
port = 8112;
openFirewall = cfg.openFirewall;
};
};
services.jackett = {
enable = false;
user = "nix-apps";
group = "jallen-nas";
openFirewall = cfg.openFirewall;
};
};
services.jackett = {
enable = cfg.jackett.enable;
user = "nix-apps";
group = "jallen-nas";
openFirewall = true;
};
};
in
{
imports = [ arrsConfig ];
}

261
modules/nixos/services/arrs/default.nix.container
View File

@@ -1,261 +0,0 @@
{
config,
pkgs,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.arrs;
radarrDataDir = "/var/lib/radarr";
downloadDir = "/downloads";
incompleteDir = "/downloads-incomplete";
sonarrDataDir = "/var/lib/sonarr";
sabnzbdConfig = "/var/lib/sabnzbd";
jackettDir = "/var/lib/jackett/.config/Jackett";
mediaDir = "/media";
arrUserId = config.users.users.nix-apps.uid;
arrGroupId = config.users.groups.jallen-nas.gid;
radarrPkg = pkgs.radarr;
sonarrPkg = pkgs.sonarr;
delugePkg = pkgs.deluge;
jackettPkg = pkgs.jackett;
in
{
imports = [ ./options.nix ];
config = mkIf cfg.enable {
containers.arrs = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.0.1.3";
localAddress = cfg.localAddress;
config =
{
pkgs,
lib,
...
}:
{
nixpkgs.config = {
allowUnfree = lib.mkForce true;
allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"unrar"
];
};
# Enable radarr service
services.radarr = {
enable = cfg.radarr.enable;
openFirewall = true;
user = "arrs";
group = "media";
dataDir = radarrDataDir;
package = radarrPkg;
};
# Enable Sonarr service
services.sonarr = {
enable = cfg.sonarr.enable;
openFirewall = true;
user = "arrs";
group = "media";
dataDir = sonarrDataDir;
package = sonarrPkg;
};
# Enable Sabnzbd service
services.sabnzbd = {
enable = cfg.sabnzbd.enable;
openFirewall = true;
user = "arrs";
group = "media";
configFile = "${sabnzbdConfig}/sabnzbd.ini";
package = pkgs.sabnzbd;
};
services.deluge = {
enable = cfg.deluge.enable;
user = "arrs";
group = "media";
openFirewall = true;
dataDir = "/media";
package = delugePkg;
web = {
enable = true;
port = cfg.deluge.port;
openFirewall = true;
};
};
services.jackett = {
enable = cfg.jackett.enable;
user = "arrs";
group = "media";
openFirewall = true;
package = jackettPkg;
};
# Create required users and groups
users.users.arrs = {
isSystemUser = true;
uid = lib.mkForce arrUserId;
group = "media";
extraGroups = [ "downloads" ];
};
users.groups = {
media = {
gid = lib.mkForce arrGroupId;
};
downloads = { };
};
# System packages
environment.systemPackages = with pkgs; [
glib
sqlite
mono
mediainfo
protonvpn-cli_2
];
# Create and set permissions for required directories
system.activationScripts.arr-dirs = ''
mkdir -p ${radarrDataDir}
mkdir -p ${sonarrDataDir}
mkdir -p ${sabnzbdConfig}
mkdir -p ${downloadDir}
mkdir -p ${incompleteDir}
mkdir -p ${mediaDir}
chown -R arrs:media ${radarrDataDir}
chown -R arrs:media ${sonarrDataDir}
chown -R arrs:media ${sabnzbdConfig}
chown -R arrs:media ${downloadDir}
chown -R arrs:media ${incompleteDir}
chown -R arrs:media ${mediaDir}
chmod -R 775 ${radarrDataDir}
chmod -R 775 ${sonarrDataDir}
chmod -R 775 ${sabnzbdConfig}
chmod -R 775 ${downloadDir}
chmod -R 775 ${incompleteDir}
chmod -R 775 ${mediaDir}
'';
networking = {
firewall = {
enable = true;
allowedTCPPorts = [
cfg.radarr.port
cfg.sonarr.port
cfg.sabnzbd.port
8080
];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "23.11";
};
# Bind mount directories from host
bindMounts = {
"/etc/resolv.conf" = {
hostPath = "/etc/resolv.conf";
isReadOnly = true;
};
"${radarrDataDir}" = {
hostPath = cfg.radarr.dataDir;
isReadOnly = false;
};
"${sonarrDataDir}" = {
hostPath = cfg.sonarr.dataDir;
isReadOnly = false;
};
"${sabnzbdConfig}" = {
hostPath = cfg.sabnzbd.dataDir;
isReadOnly = false;
};
"${downloadDir}" = {
hostPath = cfg.downloadsDir;
isReadOnly = false;
};
"${incompleteDir}" = {
hostPath = cfg.incompleteDownloadsDir;
isReadOnly = false;
};
"${jackettDir}" = {
hostPath = cfg.jackett.dataDir;
isReadOnly = false;
};
"/media/movies" = {
hostPath = cfg.moviesDir;
isReadOnly = false;
};
"/media/tv" = {
hostPath = cfg.tvDir;
isReadOnly = false;
};
"/media/isos" = {
hostPath = cfg.isosDir;
isReadOnly = false;
};
};
};
networking = {
nat = {
forwardPorts = [
{
destination = "${cfg.localAddress}:${toString cfg.radarr.port}";
sourcePort = cfg.radarr.port;
}
{
destination = "${cfg.localAddress}:${toString cfg.sonarr.port}";
sourcePort = cfg.sonarr.port;
}
{
destination = "${cfg.localAddress}:8080";
sourcePort = cfg.sabnzbd.port;
}
{
destination = "${cfg.localAddress}:${toString cfg.deluge.port}";
sourcePort = cfg.deluge.port;
}
{
destination = "${cfg.localAddress}:${toString cfg.jackett.port}";
sourcePort = cfg.jackett.port;
}
];
};
firewall = {
allowedTCPPorts = [
cfg.radarr.port
cfg.sonarr.port
cfg.sabnzbd.port
8080
cfg.deluge.port
cfg.jackett.port
];
allowedUDPPorts = [
cfg.radarr.port
cfg.sonarr.port
cfg.sabnzbd.port
8080
cfg.deluge.port
cfg.jackett.port
];
};
};
};
}

112
modules/nixos/services/arrs/options.nix
View File

@@ -1,112 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.arrs = {
enable = mkEnableOption "arrs services";
radarr = {
enable = mkOption {
type = types.bool;
default = false;
};
port = mkOption {
type = types.int;
default = 7878;
};
dataDir = mkOption {
type = types.str;
default = "";
};
};
sonarr = {
enable = mkOption {
type = types.bool;
default = false;
};
port = mkOption {
type = types.int;
default = 8989;
};
dataDir = mkOption {
type = types.str;
default = "";
};
};
sabnzbd = {
enable = mkOption {
type = types.bool;
default = false;
};
port = mkOption {
type = types.int;
default = 8280;
};
dataDir = mkOption {
type = types.str;
default = "";
};
};
deluge = {
enable = mkOption {
type = types.bool;
default = false;
};
port = mkOption {
type = types.int;
default = 8112;
};
dataDir = mkOption {
type = types.str;
default = "";
};
};
jackett = {
enable = mkOption {
type = types.bool;
default = false;
};
port = mkOption {
type = types.int;
default = 9117;
};
dataDir = mkOption {
type = types.str;
default = "";
};
};
localAddress = mkOption {
type = types.str;
default = "127.0.0.1";
};
downloadsDir = mkOption {
type = types.str;
default = "";
};
incompleteDownloadsDir = mkOption {
type = types.str;
default = "";
};
moviesDir = mkOption {
type = types.str;
default = "";
};
tvDir = mkOption {
type = types.str;
default = "";
};
isosDir = mkOption {
type = types.str;
default = "";
};
};
}

280
modules/nixos/services/attic/default.nix
View File

@@ -7,152 +7,152 @@
}:
with lib;
let
cfg = config.${namespace}.services.attic;
in
{
imports = [ ./options.nix ];
name = "attic";
cfg = config.${namespace}.services.${name};
config = mkIf cfg.enable {
services.atticd = {
enable = true;
environmentFile = cfg.environmentFile;
settings = {
listen = "${cfg.listenAddress}:${toString cfg.port}";
};
};
# Open firewall for attic if enabled
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
allowedUDPPorts = [ cfg.port ];
};
# Include the attic watch-store service and rebuild cache services
systemd.services = {
attic-watch-store = {
atticConfig = lib.${namespace}.mkModule {
inherit config name;
description = "attic Service";
options = { };
moduleConfig = {
services.atticd = {
enable = true;
description = "watch store for cache";
serviceConfig = {
Type = "simple";
User = "admin";
Group = "jallen-nas";
WorkingDirectory = "/etc/nixos";
StandardOutput = "journal+console";
StandardError = "journal+console";
Restart = "always";
RestartSec = "5";
};
path = with pkgs; [
bash
attic-client
];
script = ''
#!/usr/bin/env bash
attic watch-store nas-cache
'';
};
nix-rebuild-cache = {
enable = true;
description = "Rebuild NixOS configurations for cache";
serviceConfig = {
Type = "oneshot";
User = "admin";
Group = "jallen-nas";
WorkingDirectory = "/etc/nixos";
StandardOutput = "journal+console";
StandardError = "journal+console";
Restart = "no";
TimeoutStartSec = "2h";
};
path = with pkgs; [
nix
git
coreutils
gnugrep
gnused
openssh
];
script = ''
#!/usr/bin/env bash
if [ -d .git ]; then
git pull || echo "Warning: Could not pull latest changes"
git stash
git pull || echo "Warning: Could not pull latest changes after stash"
return 1
fi
echo "Updating flake at $(date)"
if nix flake update; then
echo "flake updated successfully at $(date)"
else
echo "failed to update flake $(date)"
fi
if nix flake check; then
echo "flake checked successfully at $(date)"
else
echo "flake check failed at $(date)"
git reset --hard
fi
if nh os build --hostname=jallen-nas --out-link=result-nas; then
echo "nas built successfully at $(date)"
fi;
if nh os build --hostname=nuc-nixos --out-link=result-nuc; then
echo "nuc built successfully at $(date)"
fi;
if nh os build --hostname=matt-nixos --out-link=result-desktop; then
echo "desktop built successfully at $(date)"
fi;
if nh os build --hostname=steamdeck --out-link=result-steamdeck; then
echo "steamdeck built successfully at $(date)"
fi;
if nh os build --hostname=pi4 --out-link=result-pi4; then
echo "pi4 built successfully at $(date)"
fi;
if nh os build --hostname=pi5 --out-link=result-pi5; then
echo "pi5 built successfully at $(date)"
fi;
'';
};
};
# Include timers for cache rebuilds
systemd.timers = {
nix-rebuild-cache = {
description = "Timer for rebuilding NixOS configurations cache";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "weekly";
Persistent = true;
RandomizedDelaySec = "24h";
environmentFile = cfg.environmentFile;
settings = {
listen = "${cfg.listenAddress}:${toString cfg.port}";
};
};
};
# Configure distributed builds
nix = {
settings.builders-use-substitutes = true;
distributedBuilds = true;
buildMachines = [
{
hostName = "pi5.local";
system = "aarch64-linux";
maxJobs = 4;
sshUser = "matt";
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
# Include the attic watch-store service and rebuild cache services
systemd.services = {
attic-watch-store = {
enable = true;
description = "watch store for cache";
serviceConfig = {
Type = "simple";
User = "admin";
Group = "jallen-nas";
WorkingDirectory = "/etc/nixos";
StandardOutput = "journal+console";
StandardError = "journal+console";
Restart = "always";
RestartSec = "5";
};
path = with pkgs; [
bash
attic-client
];
}
];
script = ''
#!/usr/bin/env bash
attic watch-store nas-cache
'';
};
nix-rebuild-cache = {
enable = true;
description = "Rebuild NixOS configurations for cache";
serviceConfig = {
Type = "oneshot";
User = "admin";
Group = "jallen-nas";
WorkingDirectory = "/etc/nixos";
StandardOutput = "journal+console";
StandardError = "journal+console";
Restart = "no";
TimeoutStartSec = "2h";
};
path = with pkgs; [
nix
git
coreutils
gnugrep
gnused
openssh
];
script = ''
#!/usr/bin/env bash
if [ -d .git ]; then
git pull || echo "Warning: Could not pull latest changes"
git stash
git pull || echo "Warning: Could not pull latest changes after stash"
return 1
fi
echo "Updating flake at $(date)"
if nix flake update; then
echo "flake updated successfully at $(date)"
else
echo "failed to update flake $(date)"
fi
if nix flake check; then
echo "flake checked successfully at $(date)"
else
echo "flake check failed at $(date)"
git reset --hard
fi
if nh os build --hostname=jallen-nas --out-link=result-nas; then
echo "nas built successfully at $(date)"
fi;
if nh os build --hostname=nuc-nixos --out-link=result-nuc; then
echo "nuc built successfully at $(date)"
fi;
if nh os build --hostname=matt-nixos --out-link=result-desktop; then
echo "desktop built successfully at $(date)"
fi;
if nh os build --hostname=steamdeck --out-link=result-steamdeck; then
echo "steamdeck built successfully at $(date)"
fi;
if nh os build --hostname=pi4 --out-link=result-pi4; then
echo "pi4 built successfully at $(date)"
fi;
if nh os build --hostname=pi5 --out-link=result-pi5; then
echo "pi5 built successfully at $(date)"
fi;
'';
};
};
# Include timers for cache rebuilds
systemd.timers = {
nix-rebuild-cache = {
description = "Timer for rebuilding NixOS configurations cache";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "weekly";
Persistent = true;
RandomizedDelaySec = "24h";
};
};
};
# Configure distributed builds
nix = {
settings.builders-use-substitutes = true;
distributedBuilds = true;
buildMachines = [
{
hostName = "pi5.local";
system = "aarch64-linux";
maxJobs = 4;
sshUser = "matt";
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
}
];
};
};
};
in
{
imports = [ atticConfig ];
}

31
modules/nixos/services/attic/options.nix
View File

@@ -1,31 +0,0 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.services.attic = {
enable = mkEnableOption "attic binary cache daemon";
port = mkOption {
type = types.port;
default = 9012;
description = "Port for attic cache daemon";
};
openFirewall = mkOption {
type = types.bool;
default = true;
description = "Whether to open firewall for attic";
};
environmentFile = mkOption {
type = types.nullOr types.path;
default = null;
description = "Path to environment file containing attic secrets";
};
listenAddress = mkOption {
type = types.str;
default = "[::1]";
description = "Address to listen on";
};
};
}