test building optimized packages

home-manager/firefox/config/privacy.nix

@@ -57,14 +57,14 @@
   # Load the pages displayed on the new tab page in a private container when
   # creating thumbnails.
   "privacy.usercontext.about_newtab_segregation.enabled" = true;
-  # Disable WebGL
+  # Disable WebGL (override: enabled, to make those websites work.)
   # Disables the WebGL function, to prevent (ab)use the full power of the graphics
   # card (http://www.uniquemachine.org/">fingerprinting with WebGL</a>. Another
   # issue is, that websites can <a
   # href="https://isc.sans.edu/forums/diary/Time+to+disable+WebGL/10867). WebGL is
   # part of some fingerprinting scripts used in the wild. Some interactive websites
   # will not work, which are mostly games.
-  "webgl.disabled" = true;
+  "webgl.disabled" = false;
   # Override graphics card vendor and model strings in the WebGL API
   # Websites can read the graphics card vendor and model using a WebGL API. This
   # setting overrides both with " " without disabling WebGL.

modules/nix/settings.nix

@@ -1,6 +1,8 @@
 { lib, inputs, config, pkgsVersion, ... }:
 with lib;
-let cfg = config.custom.nix.settings;
+let
+  cfg = config.custom.nix.settings;
+  cache = "https://cache.nixos.org";
 in {
   options.custom.nix.settings = {
     enable = mkEnableOption "Enables various nix settings";
@@ -18,6 +20,11 @@ in {
     nix = {
       optimise.automatic = cfg.optimise;
       settings.experimental-features = [ "nix-command" "flakes" ];
+      settings.substituters =
+        lib.mkIf (config.networking.hostName == "kop-pc")
+        [ "http://192.168.0.20:5000" ];
+      settings.trusted-public-keys =
+        [ "amd-server:r5S7vv/3sZ0knhMvpUzRHXFlBHgov2tLhtoKqLXYf28=" ];
       registry.nixpkgs.flake = pkgsVersion;
       gc = {
         automatic = true;

modules/services/nix-cache.nix

@@ -0,0 +1,18 @@
+{ config, ... }: {
+
+  age.secrets.binary-cache = {
+    file = ../../secrets/binary-cache.age;
+  };
+  nix.sshServe = {
+    enable = true;
+    keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeP6qtVqE/gu72ZUZE8cdRi3INiUW9NqDR7SjXIzTw2 kopatz"
+    ];
+  };
+  services.nix-serve = {
+    enable = true;
+    openFirewall = true;
+    port = 5000;
+    secretKeyFile = config.age.secrets.binary-cache.path;
+  };
+}

secrets/binary-cache.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 DCzi1A LrkyZ8axOcdIB+uaATOmn785EzMzTvhujhcSxmBx8kE
+E57IVdAOTIt1TWeyBYsHembim1YPKRxJYDQTNiPhIGI
+-> ssh-ed25519 lNJElA Y1jcFIXsCN0/s6xiLCLhQQhrc0N5Acpmv5K9xIYu42k
+WrhmfkCpLL4e+QhFwFICeH5BZDUQOOk4WyFoYnGbcVU
+--- LIVAI67ZG/+WLYki2A3HEmf6HMaLMZiAiDhgQYoWxdA
+>”cÛìTª{cR~‡©±‚\þ<>Üß<C39F>.ûík;$9m…–Ì-s7²÷>éZ ]žÛ<C5BE>êIŸ62‘æãÞÀÌ	§Š¿—ÑñBÔ±ï~0.-—0}¾j¸ú÷˜×ÝŠ0æ<30>J£eIa……œHë(òÚÑw˜ƪjG4ÿ>FM.­tÙó	b®SÆ

secrets/secrets.nix

@@ -35,4 +35,5 @@ in
   "plausible-keybase.age".publicKeys = [ adam-site kop ];
   "adminarea.age".publicKeys = [ adam-site kop ];
   "radicale.age".publicKeys = [ mini-pc mini-pc-proxmox kop ];
+  "binary-cache.age".publicKeys = [ kop amd-server ];
 }

systems/amd-server/configuration.nix

@@ -9,6 +9,7 @@
     ./hardware-configuration.nix
     ../../modules/kernel.nix
     ../../modules/services/ssh.nix
+    ../../modules/services/nix-cache.nix
   ];
 
   custom = {

systems/pc/configuration.nix

@@ -134,6 +134,14 @@
     #}
   ];
 
+  # https://github.com/NixOS/nixpkgs/blob/master/lib/systems/architectures.nix
+  nix.settings.system-features = ["znver3" "gccarch-znver3" ];
+  nixpkgs.hostPlatform = {
+    gcc.arch = "znver3";
+    gcc.tune = "znver3";
+    system = "x86_64-linux";
+  };
+
   # fix index
   services.xserver.extraConfig = ''
     Section "Monitor"