aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--bash/env.sh7
-rw-r--r--nixos/configuration.nix54
2 files changed, 55 insertions, 6 deletions
diff --git a/bash/env.sh b/bash/env.sh
index 93d03b4..25fd601 100644
--- a/bash/env.sh
+++ b/bash/env.sh
@@ -60,3 +60,10 @@ export LEIN_SUPPRESS_USER_LEVEL_REPO_WARNINGS=1
isLinux && {
export SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
}
+
+
+#
+# Guix
+#
+
+export PATH="$HOME/.guix-profile/bin${PATH:+:}$PATH"
diff --git a/nixos/configuration.nix b/nixos/configuration.nix
index 1ef1104..dc4ad73 100644
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@@ -303,18 +303,60 @@
users = {
mutableUsers = false;
- extraUsers.andreh = {
- isNormalUser = true;
- uid = 1000;
- description = "EuAndreh";
- extraGroups = [ "wheel" "networkmanager" "docker" ];
- passwordFile = "/home/andreh/annex/dev/code/dotfiles/encrypted/password-hash.txt";
+
+ extraUsers =
+ let
+ andrehUser = {
+ andreh = {
+ isNormalUser = true;
+ uid = 1000;
+ description = "EuAndreh";
+ passwordFile = "/home/andreh/annex/dev/code/dotfiles/encrypted/password-hash.txt";
+ };
+ };
+ # From the Guix manual:
+ # https://www.gnu.org/software/guix/manual/en/html_node/Build-Environment-Setup.html#Build-Environment-Setup
+ buildUser = (i:
+ {
+ "guixbuilder${i}" = { # guixbuilder$i
+ group = "guixbuild"; # -g guixbuild
+ extraGroups = ["guixbuild"]; # -G guixbuild
+ home = "/var/empty"; # -d /var/empty
+ shell = pkgs.nologin; # -s `which nologin`
+ description = "Guix build user ${i}"; # -c "Guix buid user $i"
+ isSystemUser = true; # --system
+ };
+ }
+ );
+ in
+ # merge all users
+ pkgs.lib.fold (str: acc: acc // buildUser str)
+ andrehUser
+ # for i in `seq -w 1 10`
+ (map (pkgs.lib.fixedWidthNumber 2) (builtins.genList (n: n+1) 10));
+
+ extraGroups.guixbuild = {
+ name = "guixbuild";
};
};
security = {
pam.services.lightdm.enableGnomeKeyring = true;
sudo.enable = true;
+ # Derived from Guix guix-daemon.service.in
+ # https://git.savannah.gnu.org/cgit/guix.git/tree/etc/guix-daemon.service.in?id=00c86a888488b16ce30634d3a3a9d871ed6734a2
+ systemd.services.guix-daemon = {
+ enable = true;
+ description = "Build daemon for GNU Guix";
+ serviceConfig = {
+ ExecStart = "/var/guix/profiles/per-user/root/guix-profile/bin/guix-daemon --build-users-group=guixbuild";
+ Environment="GUIX_LOCPATH=/root/.guix-profile/lib/locale";
+ RemainAfterExit="yes";
+ StandardOutput="syslog";
+ StandardError="syslog";
+ TaskMax= 8192;
+ };
+ wantedBy = [ "multi-user.target" ];
};
# This value determines the NixOS release with which your system is to be