From 8dac282cb678d20871670c4b697bacf2ea7bf9cc Mon Sep 17 00:00:00 2001 From: Ganga Ram Date: Tue, 10 Dec 2024 14:14:55 +0400 Subject: [PATCH] Disable nix tooling - Disable nix tooling if development setup is not enabled - Indirectly disables nix tooling in release build - Enable automatic garbage collection in ghaf-host only Signed-off-by: Ganga Ram --- modules/common/development/nix.nix | 65 +++++++++++-------- .../virtualization/microvm/microvm-host.nix | 1 + 2 files changed, 40 insertions(+), 26 deletions(-) diff --git a/modules/common/development/nix.nix b/modules/common/development/nix.nix index 7b7f45ffe..f105fb1bb 100644 --- a/modules/common/development/nix.nix +++ b/modules/common/development/nix.nix @@ -7,6 +7,7 @@ let mkEnableOption mkOption mkIf + mkMerge types ; in @@ -18,37 +19,49 @@ in default = null; description = "Path to the nixpkgs repository"; }; + automatic-gc = { + enable = mkEnableOption "Enable automatic garbage collection"; + }; }; - config = mkIf cfg.enable { - nix = { - settings = { - experimental-features = [ - "nix-command" - "flakes" - ]; - keep-outputs = true; - keep-derivations = true; - }; + config = mkMerge [ + (mkIf cfg.enable { + nix = { + settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + keep-outputs = true; + keep-derivations = true; + }; - # avoid scenario where the host rootfs gets filled - # with nixos-rebuild ... switch generated excess - # generations and becomes unbootable - gc = { - automatic = true; - dates = "daily"; - options = "--delete-older-than 3d"; - }; + # avoid scenario where the host rootfs gets filled + # with nixos-rebuild ... switch generated excess + # generations and becomes unbootable + gc = mkIf cfg.automatic-gc.enable { + automatic = true; + dates = "daily"; + options = "--delete-older-than 3d"; + }; - # Set the path and registry so that e.g. nix-shell and repl work - nixPath = lib.mkIf (cfg.nixpkgs != null) [ "nixpkgs=${cfg.nixpkgs}" ]; + # Set the path and registry so that e.g. nix-shell and repl work + nixPath = mkIf (cfg.nixpkgs != null) [ "nixpkgs=${cfg.nixpkgs}" ]; - registry = lib.mkIf (cfg.nixpkgs != null) { - nixpkgs.to = { - type = "path"; - path = cfg.nixpkgs; + registry = mkIf (cfg.nixpkgs != null) { + nixpkgs.to = { + type = "path"; + path = cfg.nixpkgs; + }; }; }; - }; - }; + }) + + (mkIf (!cfg.enable) { + nix = { + enable = lib.mkForce false; + gc.automatic = lib.mkForce false; + }; + }) + ]; } diff --git a/modules/microvm/virtualization/microvm/microvm-host.nix b/modules/microvm/virtualization/microvm/microvm-host.nix index c5944c0b0..e8bff4739 100644 --- a/modules/microvm/virtualization/microvm/microvm-host.nix +++ b/modules/microvm/virtualization/microvm/microvm-host.nix @@ -73,6 +73,7 @@ in withHardenedConfigs = true; }; ghaf.givc.host.enable = true; + ghaf.development.nix-setup.automatic-gc.enable = config.ghaf.development.nix-setup.enable; services.logind.lidSwitch = "ignore"; # TODO: remove hardcoded paths