Rework of the nix (the package manager) config #45
			No reviewers
			
		
		
		
	
	
	
		Labels
		
	
	
	
	No labels
	
		
			
	
	Kind/Breaking
		
			Kind/Bug
		
			Kind/Documentation
		
			Kind/Enhancement
		
			Kind/Feature
		
			Kind/Security
		
			Kind/Testing
		
			Priority
Critical
		
			Priority
High
		
			Priority
Low
		
			Priority
Medium
		
			Reviewed
Confirmed
		
			Reviewed
Duplicate
		
			Reviewed
Invalid
		
			Reviewed
Won't Fix
		
			Status
Abandoned
		
			Status
Blocked
		
			Status
Need More Info
		
		
	
		No milestone
		
			
		
	No project
	
		
	
	
	
	
		No assignees
		
	
	
		
			
		
	
	
	
		2 participants
	
	
		
		
	Notifications
	
		
	
	
	
		
	
	
	Due date
No due date set.
	
		Dependencies
		
		
	
	
	No dependencies set.
	
	
		
	
	
		
			Reference
		
	
	
		
	
	
			Fachschaft/nixConfig!45
			
		
	
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue
	
	
	No description provided.
		
		Delete branch "nerf/nixConfig:nix-config"
	
	Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This should fix [#44], by running the garbage collector weekly deleting all old generations, it also configures some other things like storage optimization through hard linking.
This might slow down nix store operations when building, but the performance critical machines shouldn't build anything anyway.
It sets some options that are irrelevant right now, but would be better like this than the default if they should become relevant. Like
fallbackandbuilders-use-substitutes.If there is anything missing that we should set let me know.
We might think about getting all user config in one place, aka getting the trusted keys into the admin.nix file. Not sure though if this is a great idea, any comments?
Thanks for taking this up.
@ -0,0 +1,25 @@{nix.settings = {trusted-public-keys = [While part of
nix.settingsI would prefer to move these toadmin.nixand leave a reference comment here. If we start our own builder we may start to trust it here.Yes let me think how to do this later
@ -0,0 +10,4 @@];auto-optimise-store = true;fallback = true;builders-use-substitus = true;typo
And i messed up the grouping completely, dafuq
@ -0,0 +13,4 @@builders-use-substitus = true;};gc = {persistent = true;Please comment on why this is a good idea on
/astmpfs. Feels like it adds a garbage collection right after every restart compared to missed ones on downtime. I have no idea which we prefer.I don't think this is important. On true it will catch up missed runs when the machine was down, on false it will just start the timer
on boot. So if false we could run into the problem that we never garbage collect if we restarted a machine more then once per week.
And yes I didn't thought about where systemd stored this and it would need some impermanence, sigh
note for myself it is
/var/lib/systemd/timersSo de we want more persistency things, or risking to never garbage collect on machines that restart often.
The upside of this behavior would be that you never boot a new generation and run into a garbage collection that is scheduled
directly after. The more I think it is more sensible to have a week from last reboot and not from last garbage collect.
@ -0,0 +19,4 @@randomizedDelaySec = "5h";};optimise = {dates = [];optimise = true, but never? Is that how the emptydatesarray works?Yes, line 11 makes it optimise on store operations, but if i understood it correctly only if this option is true. Date can be used to make regular optimization runs. But this setup seemed to be more sensible to me as we don't have regular store operations. So we can
just do that when we update.
The option
auto-optimise-storeis applied when something is built, but for me it feels like this setting needs to be set on the building system (e.g. my private config) rather than on our VMs. Furthermore it may slow down builds as well as downloads from remote builders significantly (Github comment).The
nix.optimisehowever configures asystemdtimer that is run on the given dates. Nothing in its definition file gives me the impression that this interacts withauto-optimise-store. I think that this is what we actually want on our VMs.Setting the
datesempty gives an erroneous systemd-timer on my system.Hmm, i don't know how the nix store copy exactly works, my assumption was kind of that the target machine would optimize, when I copy to it. It will also substitute everything it can from cache, so local storage optimizations of the building machine shouldn't play a role. If it would then the cache would need this option.
For the second part I missread the documentation then, will fix that.
If we are strict about this, merging would incur a redeployment of all nix machines, but I think we don't have to do this and just let this
change creep in with the natural next builds.
5f1f973f72tob2e5d28f2bnix config to save some spaceto WIP: nix config to save some spaceb2e5d28f2bto372a42a9edWIP: nix config to save some spaceto nix config to save some spaceI changed the admin handling, please check extra carefully. I don't want to brick all logins
@ -32,2 +39,4 @@mkNixKeys = _: {nixKeys, ...}: nixKeys;in {users.users = mkMerge (mapAttrsToList mkAdmin admins);nix.settings.trusted-public-keys = lists.concatLists (mapAttrsToList mkNixKeys admins);If someone knows a solution without
mapAttrsToListlet me know. It feels a bit like overkill. (esp. as we don't need the username here).nix config to save some spaceto Rework of the nix (the package manager) config372a42a9edto83b7262090@ -0,0 +1,20 @@{nix = {settings = {Please add a comment here that
nix.settings.trusted-public-keysis also (currently only) set inadmin.nix.@ -0,0 +10,4 @@fallback = true;builders-use-substitutes = true;};gc = {Please also set
nix.gc.automatic = true.83b7262090toec46a28278Login on ghatanothoa still works. Lets see if garbage collection works. Currently, we have
It deleted 560MB according to logs this night.