nixos/nix: cleanup
This commit is contained in:
parent
f883c2526f
commit
16f0af6e1a
5 changed files with 44 additions and 78 deletions
|
@ -7,9 +7,10 @@
|
|||
}: {
|
||||
imports =
|
||||
[
|
||||
./nix
|
||||
./hardening.nix
|
||||
./networking.nix
|
||||
./nix.nix
|
||||
"${inputs.srvos}/nixos/common/well-known-hosts.nix"
|
||||
]
|
||||
++ (with inputs; [
|
||||
aagl.nixosModules.default
|
||||
|
@ -27,10 +28,8 @@
|
|||
inputs.self.overlays.patches
|
||||
];
|
||||
|
||||
### home-manager
|
||||
home-manager.users.guanranwang = import ../../../home;
|
||||
|
||||
home-manager = {
|
||||
users.guanranwang = import ../../../home;
|
||||
useGlobalPkgs = true;
|
||||
useUserPackages = true;
|
||||
extraSpecialArgs = {inherit inputs;}; # ??? isnt specialArgs imported by default ???
|
||||
|
@ -85,22 +84,27 @@
|
|||
|
||||
programs.dconf.enable = true;
|
||||
programs.fish.enable = true;
|
||||
users.groups."nix-access-tokens" = {};
|
||||
nix.extraOptions = "!include ${config.sops.secrets.nix-access-tokens.path}";
|
||||
programs.command-not-found.enable = false;
|
||||
environment.stub-ld.enable = false;
|
||||
|
||||
documentation = {
|
||||
doc.enable = false;
|
||||
info.enable = false;
|
||||
nixos.enable = false;
|
||||
};
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/pull/308801
|
||||
# nixos/switch-to-configuration: add new implementation
|
||||
system.switch = {
|
||||
enable = false;
|
||||
enableNg = true;
|
||||
};
|
||||
|
||||
### sops-nix
|
||||
sops = {
|
||||
defaultSopsFile = ../../../secrets.yaml;
|
||||
age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
|
||||
gnupg.sshKeyPaths = [];
|
||||
secrets = {
|
||||
"hashed-passwd" = {
|
||||
neededForUsers = true;
|
||||
};
|
||||
"nix-access-tokens" = {
|
||||
group = config.users.groups."nix-access-tokens".name;
|
||||
mode = "0440";
|
||||
};
|
||||
};
|
||||
secrets."hashed-passwd".neededForUsers = true;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
inputs,
|
||||
...
|
||||
}: {
|
||||
nix.settings = {
|
||||
|
@ -17,29 +18,43 @@
|
|||
"guanran928.cachix.org-1:BE/iBCj2/pqJXG908wHRrcaV0B2fC+KbFjHsXY6b91c="
|
||||
];
|
||||
|
||||
trusted-users = ["@wheel"];
|
||||
experimental-features = [
|
||||
"auto-allocate-uids"
|
||||
"cgroups"
|
||||
"flakes"
|
||||
"nix-command"
|
||||
"no-url-literals"
|
||||
];
|
||||
flake-registry = "";
|
||||
trusted-users = ["@wheel"];
|
||||
allow-import-from-derivation = false;
|
||||
auto-allocate-uids = true;
|
||||
auto-optimise-store = true;
|
||||
builders-use-substitutes = true;
|
||||
use-cgroups = true;
|
||||
use-xdg-base-directories = true;
|
||||
};
|
||||
|
||||
documentation = {
|
||||
doc.enable = false;
|
||||
info.enable = false;
|
||||
nixos.enable = false;
|
||||
nix = {
|
||||
# Add each flake input as a registry
|
||||
# To make nix3 commands consistent with the flake
|
||||
registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
|
||||
|
||||
# Disable nix-channel
|
||||
channel.enable = false;
|
||||
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 7d";
|
||||
};
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/pull/308801
|
||||
# nixos/switch-to-configuration: add new implementation
|
||||
system.switch = {
|
||||
enable = false;
|
||||
enableNg = true;
|
||||
extraOptions = "!include ${config.sops.secrets.nix-access-tokens.path}";
|
||||
};
|
||||
|
||||
users.groups."nix-access-tokens" = {};
|
||||
sops.secrets."nix-access-tokens" = {
|
||||
group = config.users.groups."nix-access-tokens".name;
|
||||
mode = "0440";
|
||||
};
|
||||
}
|
|
@ -1,7 +0,0 @@
|
|||
{...}: {
|
||||
imports = [
|
||||
./flake.nix
|
||||
./nix.nix
|
||||
./gc.nix
|
||||
];
|
||||
}
|
|
@ -1,27 +0,0 @@
|
|||
# ref: https://github.com/Misterio77/nix-config/blob/main/hosts/common/global/nix.nix
|
||||
{
|
||||
pkgs,
|
||||
inputs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
# Enable Flakes
|
||||
nix.settings.experimental-features = ["nix-command" "flakes"];
|
||||
|
||||
# Disable nix-channel
|
||||
nix.channel.enable = false;
|
||||
|
||||
# Disable flake-registry
|
||||
nix.settings.flake-registry = "";
|
||||
|
||||
# Add each flake input as a registry
|
||||
# To make nix3 commands consistent with the flake
|
||||
nix.registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
|
||||
|
||||
# Install Git
|
||||
environment.systemPackages = [pkgs.git];
|
||||
|
||||
# Does not work with Flake based configurations
|
||||
system.copySystemConfiguration = false;
|
||||
programs.command-not-found.enable = false;
|
||||
}
|
|
@ -1,19 +0,0 @@
|
|||
{
|
||||
nix = {
|
||||
### Auto hard linking
|
||||
settings.auto-optimise-store = true;
|
||||
|
||||
### Automatically delete older NixOS builds
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 7d";
|
||||
};
|
||||
|
||||
### optimiser
|
||||
optimise = {
|
||||
automatic = true;
|
||||
dates = ["03:45"];
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue