diff options
| -rw-r--r-- | bash/env.sh | 7 | ||||
| -rw-r--r-- | nixos/configuration.nix | 54 |
2 files changed, 55 insertions, 6 deletions
diff --git a/bash/env.sh b/bash/env.sh index 93d03b4..25fd601 100644 --- a/bash/env.sh +++ b/bash/env.sh @@ -60,3 +60,10 @@ export LEIN_SUPPRESS_USER_LEVEL_REPO_WARNINGS=1 isLinux && { export SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt } + + +# +# Guix +# + +export PATH="$HOME/.guix-profile/bin${PATH:+:}$PATH" diff --git a/nixos/configuration.nix b/nixos/configuration.nix index 1ef1104..dc4ad73 100644 --- a/nixos/configuration.nix +++ b/nixos/configuration.nix @@ -303,18 +303,60 @@ users = { mutableUsers = false; - extraUsers.andreh = { - isNormalUser = true; - uid = 1000; - description = "EuAndreh"; - extraGroups = [ "wheel" "networkmanager" "docker" ]; - passwordFile = "/home/andreh/annex/dev/code/dotfiles/encrypted/password-hash.txt"; + + extraUsers = + let + andrehUser = { + andreh = { + isNormalUser = true; + uid = 1000; + description = "EuAndreh"; + passwordFile = "/home/andreh/annex/dev/code/dotfiles/encrypted/password-hash.txt"; + }; + }; + # From the Guix manual: + # https://www.gnu.org/software/guix/manual/en/html_node/Build-Environment-Setup.html#Build-Environment-Setup + buildUser = (i: + { + "guixbuilder${i}" = { # guixbuilder$i + group = "guixbuild"; # -g guixbuild + extraGroups = ["guixbuild"]; # -G guixbuild + home = "/var/empty"; # -d /var/empty + shell = pkgs.nologin; # -s `which nologin` + description = "Guix build user ${i}"; # -c "Guix buid user $i" + isSystemUser = true; # --system + }; + } + ); + in + # merge all users + pkgs.lib.fold (str: acc: acc // buildUser str) + andrehUser + # for i in `seq -w 1 10` + (map (pkgs.lib.fixedWidthNumber 2) (builtins.genList (n: n+1) 10)); + + extraGroups.guixbuild = { + name = "guixbuild"; }; }; security = { pam.services.lightdm.enableGnomeKeyring = true; sudo.enable = true; + # Derived from Guix guix-daemon.service.in + # https://git.savannah.gnu.org/cgit/guix.git/tree/etc/guix-daemon.service.in?id=00c86a888488b16ce30634d3a3a9d871ed6734a2 + systemd.services.guix-daemon = { + enable = true; + description = "Build daemon for GNU Guix"; + serviceConfig = { + ExecStart = "/var/guix/profiles/per-user/root/guix-profile/bin/guix-daemon --build-users-group=guixbuild"; + Environment="GUIX_LOCPATH=/root/.guix-profile/lib/locale"; + RemainAfterExit="yes"; + StandardOutput="syslog"; + StandardError="syslog"; + TaskMax= 8192; + }; + wantedBy = [ "multi-user.target" ]; }; # This value determines the NixOS release with which your system is to be |