From 3f16fe1f24016f9d03434eee9a0bc24724e5d8e9 Mon Sep 17 00:00:00 2001 From: Guanran Wang Date: Wed, 10 Jul 2024 07:18:57 +0800 Subject: [PATCH] nixos/nix: cleanup --- nixos/profiles/core/default.nix | 34 ++++++++++++++------------ nixos/profiles/core/{nix => }/nix.nix | 35 +++++++++++++++++++-------- nixos/profiles/core/nix/default.nix | 7 ------ nixos/profiles/core/nix/flake.nix | 27 --------------------- nixos/profiles/core/nix/gc.nix | 19 --------------- 5 files changed, 44 insertions(+), 78 deletions(-) rename nixos/profiles/core/{nix => }/nix.nix (56%) delete mode 100644 nixos/profiles/core/nix/default.nix delete mode 100644 nixos/profiles/core/nix/flake.nix delete mode 100644 nixos/profiles/core/nix/gc.nix diff --git a/nixos/profiles/core/default.nix b/nixos/profiles/core/default.nix index 46116ff..c5dd39b 100644 --- a/nixos/profiles/core/default.nix +++ b/nixos/profiles/core/default.nix @@ -7,9 +7,10 @@ }: { imports = [ - ./nix ./hardening.nix ./networking.nix + ./nix.nix + "${inputs.srvos}/nixos/common/well-known-hosts.nix" ] ++ (with inputs; [ aagl.nixosModules.default @@ -27,10 +28,8 @@ inputs.self.overlays.patches ]; - ### home-manager - home-manager.users.guanranwang = import ../../../home; - home-manager = { + users.guanranwang = import ../../../home; useGlobalPkgs = true; useUserPackages = true; extraSpecialArgs = {inherit inputs;}; # ??? isnt specialArgs imported by default ??? @@ -85,22 +84,27 @@ programs.dconf.enable = true; programs.fish.enable = true; - users.groups."nix-access-tokens" = {}; - nix.extraOptions = "!include ${config.sops.secrets.nix-access-tokens.path}"; + programs.command-not-found.enable = false; + environment.stub-ld.enable = false; + + documentation = { + doc.enable = false; + info.enable = false; + nixos.enable = false; + }; + + # https://github.com/NixOS/nixpkgs/pull/308801 + # nixos/switch-to-configuration: add new implementation + system.switch = { + enable = false; + enableNg = true; + }; ### sops-nix sops = { defaultSopsFile = ../../../secrets.yaml; age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; gnupg.sshKeyPaths = []; - secrets = { - "hashed-passwd" = { - neededForUsers = true; - }; - "nix-access-tokens" = { - group = config.users.groups."nix-access-tokens".name; - mode = "0440"; - }; - }; + secrets."hashed-passwd".neededForUsers = true; }; } diff --git a/nixos/profiles/core/nix/nix.nix b/nixos/profiles/core/nix.nix similarity index 56% rename from nixos/profiles/core/nix/nix.nix rename to nixos/profiles/core/nix.nix index 109b7b3..573d7c1 100644 --- a/nixos/profiles/core/nix/nix.nix +++ b/nixos/profiles/core/nix.nix @@ -1,6 +1,7 @@ { lib, config, + inputs, ... }: { nix.settings = { @@ -17,29 +18,43 @@ "guanran928.cachix.org-1:BE/iBCj2/pqJXG908wHRrcaV0B2fC+KbFjHsXY6b91c=" ]; - trusted-users = ["@wheel"]; experimental-features = [ "auto-allocate-uids" "cgroups" + "flakes" + "nix-command" "no-url-literals" ]; + flake-registry = ""; + trusted-users = ["@wheel"]; allow-import-from-derivation = false; auto-allocate-uids = true; + auto-optimise-store = true; builders-use-substitutes = true; use-cgroups = true; use-xdg-base-directories = true; }; - documentation = { - doc.enable = false; - info.enable = false; - nixos.enable = false; + nix = { + # Add each flake input as a registry + # To make nix3 commands consistent with the flake + registry = lib.mapAttrs (_: value: {flake = value;}) inputs; + + # Disable nix-channel + channel.enable = false; + + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 7d"; + }; + + extraOptions = "!include ${config.sops.secrets.nix-access-tokens.path}"; }; - # https://github.com/NixOS/nixpkgs/pull/308801 - # nixos/switch-to-configuration: add new implementation - system.switch = { - enable = false; - enableNg = true; + users.groups."nix-access-tokens" = {}; + sops.secrets."nix-access-tokens" = { + group = config.users.groups."nix-access-tokens".name; + mode = "0440"; }; } diff --git a/nixos/profiles/core/nix/default.nix b/nixos/profiles/core/nix/default.nix deleted file mode 100644 index 8af348c..0000000 --- a/nixos/profiles/core/nix/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{...}: { - imports = [ - ./flake.nix - ./nix.nix - ./gc.nix - ]; -} diff --git a/nixos/profiles/core/nix/flake.nix b/nixos/profiles/core/nix/flake.nix deleted file mode 100644 index eafaa5d..0000000 --- a/nixos/profiles/core/nix/flake.nix +++ /dev/null @@ -1,27 +0,0 @@ -# ref: https://github.com/Misterio77/nix-config/blob/main/hosts/common/global/nix.nix -{ - pkgs, - inputs, - lib, - ... -}: { - # Enable Flakes - nix.settings.experimental-features = ["nix-command" "flakes"]; - - # Disable nix-channel - nix.channel.enable = false; - - # Disable flake-registry - nix.settings.flake-registry = ""; - - # Add each flake input as a registry - # To make nix3 commands consistent with the flake - nix.registry = lib.mapAttrs (_: value: {flake = value;}) inputs; - - # Install Git - environment.systemPackages = [pkgs.git]; - - # Does not work with Flake based configurations - system.copySystemConfiguration = false; - programs.command-not-found.enable = false; -} diff --git a/nixos/profiles/core/nix/gc.nix b/nixos/profiles/core/nix/gc.nix deleted file mode 100644 index 5fa497c..0000000 --- a/nixos/profiles/core/nix/gc.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - nix = { - ### Auto hard linking - settings.auto-optimise-store = true; - - ### Automatically delete older NixOS builds - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 7d"; - }; - - ### optimiser - optimise = { - automatic = true; - dates = ["03:45"]; - }; - }; -}