nixos/nix: cleanup

nixos/profiles/core/default.nix

@@ -7,9 +7,10 @@
 }: {
   imports =
     [
-      ./nix
       ./hardening.nix
       ./networking.nix
+      ./nix.nix
+      "${inputs.srvos}/nixos/common/well-known-hosts.nix"
     ]
     ++ (with inputs; [
       aagl.nixosModules.default
@@ -27,10 +28,8 @@
     inputs.self.overlays.patches
   ];
 
-  ### home-manager
-  home-manager.users.guanranwang = import ../../../home;
-
   home-manager = {
+    users.guanranwang = import ../../../home;
     useGlobalPkgs = true;
     useUserPackages = true;
     extraSpecialArgs = {inherit inputs;}; # ??? isnt specialArgs imported by default ???
@@ -85,22 +84,27 @@
 
   programs.dconf.enable = true;
   programs.fish.enable = true;
-  users.groups."nix-access-tokens" = {};
-  nix.extraOptions = "!include ${config.sops.secrets.nix-access-tokens.path}";
+  programs.command-not-found.enable = false;
+  environment.stub-ld.enable = false;
+
+  documentation = {
+    doc.enable = false;
+    info.enable = false;
+    nixos.enable = false;
+  };
+
+  # https://github.com/NixOS/nixpkgs/pull/308801
+  # nixos/switch-to-configuration: add new implementation
+  system.switch = {
+    enable = false;
+    enableNg = true;
+  };
 
   ### sops-nix
   sops = {
     defaultSopsFile = ../../../secrets.yaml;
     age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
     gnupg.sshKeyPaths = [];
-    secrets = {
-      "hashed-passwd" = {
-        neededForUsers = true;
-      };
-      "nix-access-tokens" = {
-        group = config.users.groups."nix-access-tokens".name;
-        mode = "0440";
-      };
-    };
+    secrets."hashed-passwd".neededForUsers = true;
   };
 }

nixos/profiles/core/nix.nix

@@ -1,6 +1,7 @@
 {
   lib,
   config,
+  inputs,
   ...
 }: {
   nix.settings = {
@@ -17,29 +18,43 @@
       "guanran928.cachix.org-1:BE/iBCj2/pqJXG908wHRrcaV0B2fC+KbFjHsXY6b91c="
     ];
 
-    trusted-users = ["@wheel"];
     experimental-features = [
       "auto-allocate-uids"
       "cgroups"
+      "flakes"
+      "nix-command"
       "no-url-literals"
     ];
+    flake-registry = "";
+    trusted-users = ["@wheel"];
     allow-import-from-derivation = false;
     auto-allocate-uids = true;
+    auto-optimise-store = true;
     builders-use-substitutes = true;
     use-cgroups = true;
     use-xdg-base-directories = true;
   };
 
-  documentation = {
-    doc.enable = false;
-    info.enable = false;
-    nixos.enable = false;
+  nix = {
+    # Add each flake input as a registry
+    # To make nix3 commands consistent with the flake
+    registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
+
+    # Disable nix-channel
+    channel.enable = false;
+
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 7d";
     };
 
-  # https://github.com/NixOS/nixpkgs/pull/308801
-  # nixos/switch-to-configuration: add new implementation
-  system.switch = {
-    enable = false;
-    enableNg = true;
+    extraOptions = "!include ${config.sops.secrets.nix-access-tokens.path}";
+  };
+
+  users.groups."nix-access-tokens" = {};
+  sops.secrets."nix-access-tokens" = {
+    group = config.users.groups."nix-access-tokens".name;
+    mode = "0440";
   };
 }

nixos/profiles/core/nix/default.nix

@@ -1,7 +0,0 @@
-{...}: {
-  imports = [
-    ./flake.nix
-    ./nix.nix
-    ./gc.nix
-  ];
-}

nixos/profiles/core/nix/flake.nix

@@ -1,27 +0,0 @@
-# ref: https://github.com/Misterio77/nix-config/blob/main/hosts/common/global/nix.nix
-{
-  pkgs,
-  inputs,
-  lib,
-  ...
-}: {
-  # Enable Flakes
-  nix.settings.experimental-features = ["nix-command" "flakes"];
-
-  # Disable nix-channel
-  nix.channel.enable = false;
-
-  # Disable flake-registry
-  nix.settings.flake-registry = "";
-
-  # Add each flake input as a registry
-  # To make nix3 commands consistent with the flake
-  nix.registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
-
-  # Install Git
-  environment.systemPackages = [pkgs.git];
-
-  # Does not work with Flake based configurations
-  system.copySystemConfiguration = false;
-  programs.command-not-found.enable = false;
-}

nixos/profiles/core/nix/gc.nix

@@ -1,19 +0,0 @@
-{
-  nix = {
-    ### Auto hard linking
-    settings.auto-optimise-store = true;
-
-    ### Automatically delete older NixOS builds
-    gc = {
-      automatic = true;
-      dates = "weekly";
-      options = "--delete-older-than 7d";
-    };
-
-    ### optimiser
-    optimise = {
-      automatic = true;
-      dates = ["03:45"];
-    };
-  };
-}