forked from pub-solar/infra
teutat3s
e48fe612e2
This is useful when updating a host, by doing a dry-run with deploy-rs we get a list of changed package versions.
67 lines
1.6 KiB
Nix
67 lines
1.6 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
flake,
|
|
...
|
|
}:
|
|
{
|
|
nixpkgs.config = lib.mkDefault {
|
|
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ ];
|
|
permittedInsecurePackages = [ "olm-3.2.16" ];
|
|
};
|
|
|
|
system.activationScripts.diff-closures = {
|
|
text = ''
|
|
if [[ -e /run/current-system ]]; then
|
|
${config.nix.package}/bin/nix store diff-closures \
|
|
/run/current-system "$systemConfig" \
|
|
--extra-experimental-features nix-command
|
|
fi
|
|
'';
|
|
supportsDryActivation = true;
|
|
};
|
|
|
|
nix = {
|
|
# Use default version alias for nix package
|
|
package = pkgs.nix;
|
|
gc.automatic = true;
|
|
optimise.automatic = true;
|
|
|
|
registry = {
|
|
nixpkgs.flake = flake.inputs.nixpkgs;
|
|
unstable.flake = flake.inputs.unstable;
|
|
system.flake = flake.self;
|
|
};
|
|
|
|
settings = {
|
|
# Improve nix store disk usage
|
|
auto-optimise-store = true;
|
|
# Prevents impurities in builds
|
|
sandbox = true;
|
|
# Give root and @wheel special privileges with nix
|
|
trusted-users = [
|
|
"root"
|
|
"@wheel"
|
|
];
|
|
# Allow only group wheel to connect to the nix daemon
|
|
allowed-users = [ "@wheel" ];
|
|
};
|
|
|
|
# Generally useful nix option defaults
|
|
extraOptions = lib.mkForce ''
|
|
experimental-features = flakes nix-command
|
|
min-free = 536870912
|
|
keep-outputs = true
|
|
keep-derivations = true
|
|
fallback = true
|
|
'';
|
|
|
|
nixPath = [
|
|
"nixpkgs=${flake.inputs.nixpkgs}"
|
|
"nixos-config=${../../lib/compat/nixos}"
|
|
"home-manager=${flake.inputs.home-manager}"
|
|
];
|
|
};
|
|
}
|