os/modules/nix/default.nix

{
  config,
  pkgs,
  lib,
  flake,
  ...
}: {
  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
    "1password"
    "1password-cli"
    "brscan5"
    "brscan5-etc-files"
    "facetimehd-firmware"
    "nomad"
    "slack"
    "veracrypt"
    "zoom"
  ];

  system.activationScripts.diff-closures = {
    text =''
      if [[ -e /run/current-system ]]; then
        ${config.nix.package}/bin/nix store diff-closures \
          /run/current-system "$systemConfig" \
          --extra-experimental-features nix-command
      fi
    '';
    supportsDryActivation = true;
  };

  nix = {
    # Use default version alias for nix package
    package = pkgs.nix;
    gc.automatic = true;
    optimise.automatic = true;

    registry = {
      nixpkgs.flake = flake.inputs.nixpkgs;
      unstable.flake = flake.inputs.unstable;
      master.flake = flake.inputs.master;
      system.flake = flake.self;
    };

    settings = {
      # Improve nix store disk usage
      auto-optimise-store = true;
      # Prevents impurities in builds
      sandbox = true;
      # Give root and @wheel special privileges with nix
      trusted-users = ["root" "@wheel"];
      # Allow only group wheel to connect to the nix daemon
      allowed-users = ["@wheel"];

      substituters = [
        "https://pub-solar.cachix.org/"
      ];

      trusted-public-keys = [
        "pub-solar.cachix.org-1:ZicXIxKgdxMtgSJECWR8iihZxHRvu8ObL4n2cuBmtos="
      ];
    };

    # Generally useful nix option defaults
    extraOptions = lib.mkForce ''
      experimental-features = flakes nix-command
      min-free = 536870912
      keep-outputs = true
      keep-derivations = true
      fallback = true
    '';

    nixPath = [
      "nixpkgs=${flake.inputs.nixpkgs}"
      "nixos-config=${../../lib/compat/nixos}"
      "home-manager=${flake.inputs.home-manager}"
    ];
  };
}
feature/restructure-core-profile (#109) Co-authored-by: Hendrik Sokolowski <hensoko@gssws.de> Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/109 Reviewed-by: Benjamin Bädorf <b12f@noreply.example.org> Reviewed-by: teutat3s <teutates@mailbox.org> 2022-08-13 20:35:43 +00:00			`{`
nix: use new nix.settings syntax 2022-11-22 11:30:54 +00:00			`config,`
			`pkgs,`
			`lib,`
feat: convert to flake-parts Thanks @b12f 2023-11-10 18:48:06 +00:00			`flake,`
nix: use new nix.settings syntax 2022-11-22 11:30:54 +00:00			`...`
			`}: {`
feat: convert to flake-parts Thanks @b12f 2023-11-10 18:48:06 +00:00			`nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [`
chore: cleanup overlays as we're following nixos-unstable 2023-11-20 17:43:39 +00:00			`"1password"`
			`"1password-cli"`
feat: enable sane + brscan5 for scanning 2024-01-25 18:21:12 +00:00			`"brscan5"`
			`"brscan5-etc-files"`
feat: convert to flake-parts Thanks @b12f 2023-11-10 18:48:06 +00:00			`"facetimehd-firmware"`
fix: use unfree nomad, add activation script to show closure diffs 2024-03-06 17:50:48 +00:00			`"nomad"`
chore: cleanup overlays as we're following nixos-unstable 2023-11-20 17:43:39 +00:00			`"slack"`
feat: convert to flake-parts Thanks @b12f 2023-11-10 18:48:06 +00:00			`"veracrypt"`
			`"zoom"`
			`];`

fix: use unfree nomad, add activation script to show closure diffs 2024-03-06 17:50:48 +00:00			`system.activationScripts.diff-closures = {`
			`text =''`
			`if [[ -e /run/current-system ]]; then`
			`${config.nix.package}/bin/nix store diff-closures \`
			`/run/current-system "$systemConfig" \`
			`--extra-experimental-features nix-command`
			`fi`
			`'';`
			`supportsDryActivation = true;`
			`};`

feature/restructure-core-profile (#109) Co-authored-by: Hendrik Sokolowski <hensoko@gssws.de> Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/109 Reviewed-by: Benjamin Bädorf <b12f@noreply.example.org> Reviewed-by: teutat3s <teutates@mailbox.org> 2022-08-13 20:35:43 +00:00			`nix = {`
nix: set nix.package to force overlays/ overrides.nix to apply use nix as default version alias in devshell as well 2022-08-23 22:53:38 +00:00			`# Use default version alias for nix package`
			`package = pkgs.nix;`
feature/restructure-core-profile (#109) Co-authored-by: Hendrik Sokolowski <hensoko@gssws.de> Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/109 Reviewed-by: Benjamin Bädorf <b12f@noreply.example.org> Reviewed-by: teutat3s <teutates@mailbox.org> 2022-08-13 20:35:43 +00:00			`gc.automatic = true;`
			`optimise.automatic = true;`
feat: convert to flake-parts Thanks @b12f 2023-11-10 18:48:06 +00:00
			`registry = {`
			`nixpkgs.flake = flake.inputs.nixpkgs;`
			`unstable.flake = flake.inputs.unstable;`
			`master.flake = flake.inputs.master;`
			`system.flake = flake.self;`
			`};`

nix: use new nix.settings syntax 2022-11-22 11:30:54 +00:00			`settings = {`
			`# Improve nix store disk usage`
			`auto-optimise-store = true;`
			`# Prevents impurities in builds`
			`sandbox = true;`
flake: pull in changes from digga upstream See: https://github.com/divnix/digga/compare/54ede8e591d288c176a09d6fcf4b123896c0bf0f...0595ae70cdb5ccf1ab031199fe98551c4b378bd9?diff=unified 2023-03-27 11:35:59 +00:00			`# Give root and @wheel special privileges with nix`
nix: use new nix.settings syntax 2022-11-22 11:30:54 +00:00			`trusted-users = ["root" "@wheel"];`
flake: pull in changes from digga upstream See: https://github.com/divnix/digga/compare/54ede8e591d288c176a09d6fcf4b123896c0bf0f...0595ae70cdb5ccf1ab031199fe98551c4b378bd9?diff=unified 2023-03-27 11:35:59 +00:00			`# Allow only group wheel to connect to the nix daemon`
			`allowed-users = ["@wheel"];`
feat: convert to flake-parts Thanks @b12f 2023-11-10 18:48:06 +00:00
			`substituters = [`
			`"https://pub-solar.cachix.org/"`
			`];`

			`trusted-public-keys = [`
			`"pub-solar.cachix.org-1:ZicXIxKgdxMtgSJECWR8iihZxHRvu8ObL4n2cuBmtos="`
			`];`
nix: use new nix.settings syntax 2022-11-22 11:30:54 +00:00			`};`
feat: convert to flake-parts Thanks @b12f 2023-11-10 18:48:06 +00:00
feature/restructure-core-profile (#109) Co-authored-by: Hendrik Sokolowski <hensoko@gssws.de> Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/109 Reviewed-by: Benjamin Bädorf <b12f@noreply.example.org> Reviewed-by: teutat3s <teutates@mailbox.org> 2022-08-13 20:35:43 +00:00			`# Generally useful nix option defaults`
cachix: default binary cache is nixos.org, no need to specify it explicitly (results in double entry in nix.conf) Also force our nix.extraOptions because digga tries real hard to put their binary caches there: https://github.com/divnix/digga/blob/0595ae70cdb5ccf1ab031199fe98551c4b378bd9/modules/nix-config.nix#L19-L23 2023-03-27 16:03:28 +00:00			`extraOptions = lib.mkForce ''`
nix.conf: add back required experimental features 2023-03-27 16:53:54 +00:00			`experimental-features = flakes nix-command`
feature/restructure-core-profile (#109) Co-authored-by: Hendrik Sokolowski <hensoko@gssws.de> Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/109 Reviewed-by: Benjamin Bädorf <b12f@noreply.example.org> Reviewed-by: teutat3s <teutates@mailbox.org> 2022-08-13 20:35:43 +00:00			`min-free = 536870912`
			`keep-outputs = true`
			`keep-derivations = true`
			`fallback = true`
			`'';`
feat: convert to flake-parts Thanks @b12f 2023-11-10 18:48:06 +00:00
			`nixPath = [`
			`"nixpkgs=${flake.inputs.nixpkgs}"`
			`"nixos-config=${../../lib/compat/nixos}"`
			`"home-manager=${flake.inputs.home-manager}"`
			`];`
feature/restructure-core-profile (#109) Co-authored-by: Hendrik Sokolowski <hensoko@gssws.de> Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/109 Reviewed-by: Benjamin Bädorf <b12f@noreply.example.org> Reviewed-by: teutat3s <teutates@mailbox.org> 2022-08-13 20:35:43 +00:00			`};`
			`}`