diff --git a/ops/nixos/default.nix b/ops/nixos/default.nix index 1f256363a6..197053e9b5 100644 --- a/ops/nixos/default.nix +++ b/ops/nixos/default.nix @@ -19,6 +19,9 @@ let exec sudo "$0" "$@" fi + export AWS_ACCESS_KEY_ID="${depot.ops.secrets.nixCache.AWS_ACCESS_KEY_ID}" + export AWS_SECRET_ACCESS_KEY="${depot.ops.secrets.nixCache.AWS_SECRET_ACCESS_KEY}" + system="$(nix-build -E '(import {}).ops.nixos.${system}' --no-out-link)" nix-env -p /nix/var/nix/profiles/system --set "$system" "$system/bin/switch-to-configuration" switch diff --git a/ops/nixos/lib/common.nix b/ops/nixos/lib/common.nix index 3a60cc4a24..adb751964b 100644 --- a/ops/nixos/lib/common.nix +++ b/ops/nixos/lib/common.nix @@ -5,7 +5,13 @@ in { hardware.enableRedistributableFirmware = true; - nix.nixPath = [ "depot=/home/lukegb/depot/" "nixpkgs=/home/lukegb/depot/third_party/nixpkgs/" ]; + nix = { + nixPath = [ "depot=/home/lukegb/depot/" "nixpkgs=/home/lukegb/depot/third_party/nixpkgs/" ]; + trustedUsers = [ "root" "@wheel" ]; + binaryCaches = lib.mkForce [ "https://hydra.nixos.org/" "s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1" ]; + trustedBinaryCaches = lib.mkForce [ "https://hydra.nixos.org/" "s3://lukegb-nix-cache?endpoint=storage.googleapis.com&trusted=1" ]; + }; + nixpkgs.config = { allowUnfree = true; }; i18n.defaultLocale = "en_GB.UTF-8"; console.keyMap = "us"; @@ -20,8 +26,6 @@ in allowPing = true; }; - nixpkgs.config = { allowUnfree = true; }; - users.mutableUsers = false; users.users = let secrets = depot.ops.secrets; in { root.hashedPassword = secrets.passwordHashes.root;