nyancat/flake
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nixos/nix: cleanup

Browse source
This commit is contained in:
Guanran Wang 2024-07-10 07:18:57 +08:00
parent dad9c73580
commit 3f16fe1f24
Signed by: nyancat
GPG key ID: 91F97D9ED12639CF
5 changed files with 44 additions and 78 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
nixos/profiles/core/default.nix
View file

@ -7,9 +7,10 @@
}: { }: {
imports = imports =
[ [
./nix
./hardening.nix ./hardening.nix
./networking.nix ./networking.nix
./nix.nix
"${inputs.srvos}/nixos/common/well-known-hosts.nix"
] ]
++ (with inputs; [ ++ (with inputs; [
aagl.nixosModules.default aagl.nixosModules.default
@ -27,10 +28,8 @@
inputs.self.overlays.patches inputs.self.overlays.patches
]; ];
### home-manager
home-manager.users.guanranwang = import ../../../home;
home-manager = { home-manager = {
users.guanranwang = import ../../../home;
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
extraSpecialArgs = {inherit inputs;}; # ??? isnt specialArgs imported by default ??? extraSpecialArgs = {inherit inputs;}; # ??? isnt specialArgs imported by default ???
@ -85,22 +84,27 @@
programs.dconf.enable = true; programs.dconf.enable = true;
programs.fish.enable = true; programs.fish.enable = true;
users.groups."nix-access-tokens" = {}; programs.command-not-found.enable = false;
nix.extraOptions = "!include ${config.sops.secrets.nix-access-tokens.path}"; environment.stub-ld.enable = false;
documentation = {
doc.enable = false;
info.enable = false;
nixos.enable = false;
};
# https://github.com/NixOS/nixpkgs/pull/308801
# nixos/switch-to-configuration: add new implementation
system.switch = {
enable = false;
enableNg = true;
};
### sops-nix ### sops-nix
sops = { sops = {
defaultSopsFile = ../../../secrets.yaml; defaultSopsFile = ../../../secrets.yaml;
age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
gnupg.sshKeyPaths = []; gnupg.sshKeyPaths = [];
secrets = { secrets."hashed-passwd".neededForUsers = true;
"hashed-passwd" = {
neededForUsers = true;
};
"nix-access-tokens" = {
group = config.users.groups."nix-access-tokens".name;
mode = "0440";
};
};
}; };
} }

35
nixos/profiles/core/nix/nix.nix → nixos/profiles/core/nix.nix
View file

@ -1,6 +1,7 @@
{ {
lib, lib,
config, config,
inputs,
... ...
}: { }: {
nix.settings = { nix.settings = {
@ -17,29 +18,43 @@
"guanran928.cachix.org-1:BE/iBCj2/pqJXG908wHRrcaV0B2fC+KbFjHsXY6b91c=" "guanran928.cachix.org-1:BE/iBCj2/pqJXG908wHRrcaV0B2fC+KbFjHsXY6b91c="
]; ];
trusted-users = ["@wheel"];
experimental-features = [ experimental-features = [
"auto-allocate-uids" "auto-allocate-uids"
"cgroups" "cgroups"
"flakes"
"nix-command"
"no-url-literals" "no-url-literals"
]; ];
flake-registry = "";
trusted-users = ["@wheel"];
allow-import-from-derivation = false; allow-import-from-derivation = false;
auto-allocate-uids = true; auto-allocate-uids = true;
auto-optimise-store = true;
builders-use-substitutes = true; builders-use-substitutes = true;
use-cgroups = true; use-cgroups = true;
use-xdg-base-directories = true; use-xdg-base-directories = true;
}; };
documentation = { nix = {
doc.enable = false; # Add each flake input as a registry
info.enable = false; # To make nix3 commands consistent with the flake
nixos.enable = false; registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
# Disable nix-channel
channel.enable = false;
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
extraOptions = "!include ${config.sops.secrets.nix-access-tokens.path}";
}; };
# https://github.com/NixOS/nixpkgs/pull/308801 users.groups."nix-access-tokens" = {};
# nixos/switch-to-configuration: add new implementation sops.secrets."nix-access-tokens" = {
system.switch = { group = config.users.groups."nix-access-tokens".name;
enable = false; mode = "0440";
enableNg = true;
}; };
} }

7
nixos/profiles/core/nix/default.nix
View file

@ -1,7 +0,0 @@
{...}: {
imports = [
./flake.nix
./nix.nix
./gc.nix
];
}

27
nixos/profiles/core/nix/flake.nix
View file

@ -1,27 +0,0 @@
# ref: https://github.com/Misterio77/nix-config/blob/main/hosts/common/global/nix.nix
{
pkgs,
inputs,
lib,
...
}: {
# Enable Flakes
nix.settings.experimental-features = ["nix-command" "flakes"];
# Disable nix-channel
nix.channel.enable = false;
# Disable flake-registry
nix.settings.flake-registry = "";
# Add each flake input as a registry
# To make nix3 commands consistent with the flake
nix.registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
# Install Git
environment.systemPackages = [pkgs.git];
# Does not work with Flake based configurations
system.copySystemConfiguration = false;
programs.command-not-found.enable = false;
}

19
nixos/profiles/core/nix/gc.nix
View file

@ -1,19 +0,0 @@
{
nix = {
### Auto hard linking
settings.auto-optimise-store = true;
### Automatically delete older NixOS builds
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
### optimiser
optimise = {
automatic = true;
dates = ["03:45"];
};
};
}