diff options
| author | Malo Bourgon <mbourgon@gmail.com> | 2022-08-13 12:34:47 -0700 |
|---|---|---|
| committer | Malo Bourgon <mbourgon@gmail.com> | 2022-08-16 10:41:51 -0700 |
| commit | 9a5fb50ea91631c2862b0c917ea2b4e1d37ef3ac (patch) | |
| tree | 2ffe4aa446042507ce747e87390b2d7c234ae242 | |
| parent | f729a09a28043159d6221df04b343260b1314644 (diff) | |
Reorder `nix` module options to match order in NixOS module
| -rw-r--r-- | modules/nix/default.nix | 306 |
1 files changed, 155 insertions, 151 deletions
diff --git a/modules/nix/default.nix b/modules/nix/default.nix index 56d5597..294f7f4 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -77,6 +77,7 @@ in ''; }; + # Not in NixOS module nix.version = mkOption { type = types.str; default = "<unknown>"; @@ -84,6 +85,7 @@ in description = "The version of nix. Used to determine what settings to configure in nix.conf"; }; + # Not in NixOS module nix.useDaemon = mkOption { type = types.bool; default = false; @@ -94,80 +96,6 @@ in "; }; - nix.settings.max-jobs = mkOption { - type = types.either types.int (types.enum [ "auto" ]); - default = "auto"; - example = 64; - description = '' - This option defines the maximum number of jobs that Nix will try to - build in parallel. The default is auto, which means it will use all - available logical cores. It is recommend to set it to the total - number of logical cores in your system (e.g., 16 for two CPUs with 4 - cores each and hyper-threading). - ''; - }; - - nix.settings.auto-optimise-store = mkOption { - type = types.bool; - default = false; - example = true; - description = '' - If set to true, Nix automatically detects files in the store that have - identical contents, and replaces them with hard links to a single copy. - This saves disk space. If set to false (the default), you can still run - nix-store --optimise to get rid of duplicate files. - ''; - }; - - nix.settings.cores = mkOption { - type = types.int; - default = 0; - example = 64; - description = '' - This option defines the maximum number of concurrent tasks during - one build. It affects, e.g., -j option for make. - The special value 0 means that the builder should use all - available CPU cores in the system. Some builds may become - non-deterministic with this option; use with care! Packages will - only be affected if enableParallelBuilding is set for them. - ''; - }; - - nix.settings.sandbox = mkOption { - type = types.either types.bool (types.enum [ "relaxed" ]); - default = false; - description = '' - If set, Nix will perform builds in a sandboxed environment that it - will set up automatically for each build. This prevents impurities - in builds by disallowing access to dependencies outside of the Nix - store by using network and mount namespaces in a chroot environment. - This is enabled by default even though it has a possible performance - impact due to the initial setup time of a sandbox for each build. It - doesn't affect derivation hashes, so changing this option will not - trigger a rebuild of packages. - ''; - }; - - nix.settings.extra-sandbox-paths = mkOption { - type = types.listOf types.str; - default = [ ]; - example = [ "/dev" "/proc" ]; - description = '' - Directories from the host filesystem to be included - in the sandbox. - ''; - }; - - nix.extraOptions = mkOption { - type = types.lines; - default = ""; - example = '' - gc-keep-outputs = true - gc-keep-derivations = true - ''; - description = "Additional text appended to <filename>nix.conf</filename>."; - }; - nix.distributedBuilds = mkOption { type = types.bool; default = false; @@ -180,6 +108,7 @@ in ''; }; + # Not in NixOS module nix.daemonNiceLevel = mkOption { type = types.int; default = 0; @@ -189,6 +118,7 @@ in ''; }; + # Not in NixOS module nix.daemonIONice = mkOption { type = types.bool; default = false; @@ -263,83 +193,6 @@ in ''; }; - nix.settings.substituters = mkOption { - type = types.listOf types.str; - description = '' - List of binary cache URLs used to obtain pre-built binaries - of Nix packages. - - By default https://cache.nixos.org/ is added. - ''; - }; - - nix.settings.trusted-substituters = mkOption { - type = types.listOf types.str; - default = [ ]; - example = [ "https://hydra.nixos.org/" ]; - description = '' - List of binary cache URLs that non-root users can use (in - addition to those specified using - <option>nix.settings.substituters</option>) by passing - <literal>--option binary-caches</literal> to Nix commands. - ''; - }; - - nix.settings.require-sigs = mkOption { - type = types.bool; - default = true; - description = '' - If enabled (the default), Nix will only download binaries from binary caches if - they are cryptographically signed with any of the keys listed in - <option>nix.settings.trusted-public-keys</option>. If disabled, signatures are neither - required nor checked, so it's strongly recommended that you use only - trustworthy caches and https to prevent man-in-the-middle attacks. - ''; - }; - - nix.settings.trusted-public-keys = mkOption { - type = types.listOf types.str; - example = [ "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ]; - description = '' - List of public keys used to sign binary caches. If - <option>nix.settings.trusted-public-keys</option> is enabled, - then Nix will use a binary from a binary cache if and only - if it is signed by <emphasis>any</emphasis> of the keys - listed here. By default, only the key for - <uri>cache.nixos.org</uri> is included. - ''; - }; - - nix.settings.trusted-users = mkOption { - type = types.listOf types.str; - default = [ "root" ]; - example = [ "root" "alice" "@wheel" ]; - description = '' - A list of names of users that have additional rights when - connecting to the Nix daemon, such as the ability to specify - additional binary caches, or to import unsigned NARs. You - can also specify groups by prefixing them with - <literal>@</literal>; for instance, - <literal>@wheel</literal> means all users in the wheel - group. - ''; - }; - - nix.settings.allowed-users = mkOption { - type = types.listOf types.str; - default = [ "*" ]; - example = [ "@wheel" "@builders" "alice" "bob" ]; - description = '' - A list of names of users (separated by whitespace) that are - allowed to connect to the Nix daemon. As with - <option>nix.settings.trusted-users</option>, you can specify groups by - prefixing them with <literal>@</literal>. Also, you can - allow all users by specifying <literal>*</literal>. The - default is <literal>*</literal>. Note that trusted users are - always allowed to connect. - ''; - }; - nix.nixPath = mkOption { type = mkOptionType { name = "nix path"; @@ -433,6 +286,157 @@ in A system-wide flake registry. ''; }; + + nix.extraOptions = mkOption { + type = types.lines; + default = ""; + example = '' + gc-keep-outputs = true + gc-keep-derivations = true + ''; + description = "Additional text appended to <filename>nix.conf</filename>."; + }; + + nix.settings.max-jobs = mkOption { + type = types.either types.int (types.enum [ "auto" ]); + default = "auto"; + example = 64; + description = '' + This option defines the maximum number of jobs that Nix will try to + build in parallel. The default is auto, which means it will use all + available logical cores. It is recommend to set it to the total + number of logical cores in your system (e.g., 16 for two CPUs with 4 + cores each and hyper-threading). + ''; + }; + + nix.settings.auto-optimise-store = mkOption { + type = types.bool; + default = false; + example = true; + description = '' + If set to true, Nix automatically detects files in the store that have + identical contents, and replaces them with hard links to a single copy. + This saves disk space. If set to false (the default), you can still run + nix-store --optimise to get rid of duplicate files. + ''; + }; + + nix.settings.cores = mkOption { + type = types.int; + default = 0; + example = 64; + description = '' + This option defines the maximum number of concurrent tasks during + one build. It affects, e.g., -j option for make. + The special value 0 means that the builder should use all + available CPU cores in the system. Some builds may become + non-deterministic with this option; use with care! Packages will + only be affected if enableParallelBuilding is set for them. + ''; + }; + + nix.settings.sandbox = mkOption { + type = types.either types.bool (types.enum [ "relaxed" ]); + default = false; + description = '' + If set, Nix will perform builds in a sandboxed environment that it + will set up automatically for each build. This prevents impurities + in builds by disallowing access to dependencies outside of the Nix + store by using network and mount namespaces in a chroot environment. + This is enabled by default even though it has a possible performance + impact due to the initial setup time of a sandbox for each build. It + doesn't affect derivation hashes, so changing this option will not + trigger a rebuild of packages. + ''; + }; + + nix.settings.extra-sandbox-paths = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "/dev" "/proc" ]; + description = '' + Directories from the host filesystem to be included + in the sandbox. + ''; + }; + + nix.settings.substituters = mkOption { + type = types.listOf types.str; + description = '' + List of binary cache URLs used to obtain pre-built binaries + of Nix packages. + + By default https://cache.nixos.org/ is added. + ''; + }; + + nix.settings.trusted-substituters = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ "https://hydra.nixos.org/" ]; + description = '' + List of binary cache URLs that non-root users can use (in + addition to those specified using + <option>nix.settings.substituters</option>) by passing + <literal>--option binary-caches</literal> to Nix commands. + ''; + }; + + nix.settings.require-sigs = mkOption { + type = types.bool; + default = true; + description = '' + If enabled (the default), Nix will only download binaries from binary caches if + they are cryptographically signed with any of the keys listed in + <option>nix.settings.trusted-public-keys</option>. If disabled, signatures are neither + required nor checked, so it's strongly recommended that you use only + trustworthy caches and https to prevent man-in-the-middle attacks. + ''; + }; + + nix.settings.trusted-public-keys = mkOption { + type = types.listOf types.str; + example = [ "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ]; + description = '' + List of public keys used to sign binary caches. If + <option>nix.settings.trusted-public-keys</option> is enabled, + then Nix will use a binary from a binary cache if and only + if it is signed by <emphasis>any</emphasis> of the keys + listed here. By default, only the key for + <uri>cache.nixos.org</uri> is included. + ''; + }; + + nix.settings.trusted-users = mkOption { + type = types.listOf types.str; + default = [ "root" ]; + example = [ "root" "alice" "@wheel" ]; + description = '' + A list of names of users that have additional rights when + connecting to the Nix daemon, such as the ability to specify + additional binary caches, or to import unsigned NARs. You + can also specify groups by prefixing them with + <literal>@</literal>; for instance, + <literal>@wheel</literal> means all users in the wheel + group. + ''; + }; + + nix.settings.allowed-users = mkOption { + type = types.listOf types.str; + default = [ "*" ]; + example = [ "@wheel" "@builders" "alice" "bob" ]; + description = '' + A list of names of users (separated by whitespace) that are + allowed to connect to the Nix daemon. As with + <option>nix.settings.trusted-users</option>, you can specify groups by + prefixing them with <literal>@</literal>. Also, you can + allow all users by specifying <literal>*</literal>. The + default is <literal>*</literal>. Note that trusted users are + always allowed to connect. + ''; + }; }; config = { |