{ config, pkgs, lib, flake, ... }: { nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "1password" "1password-cli" "brscan5" "brscan5-etc-files" "facetimehd-firmware" "nomad" "slack" "veracrypt" "zoom" ]; system.activationScripts.diff-closures = { text ='' if [[ -e /run/current-system ]]; then ${config.nix.package}/bin/nix store diff-closures \ /run/current-system "$systemConfig" \ --extra-experimental-features nix-command fi ''; supportsDryActivation = true; }; nix = { # Use default version alias for nix package package = pkgs.nix; gc.automatic = true; optimise.automatic = true; registry = { nixpkgs.flake = flake.inputs.nixpkgs; unstable.flake = flake.inputs.unstable; master.flake = flake.inputs.master; system.flake = flake.self; }; settings = { # Improve nix store disk usage auto-optimise-store = true; # Prevents impurities in builds sandbox = true; # Give root and @wheel special privileges with nix trusted-users = ["root" "@wheel"]; # Allow only group wheel to connect to the nix daemon allowed-users = ["@wheel"]; substituters = [ "https://pub-solar.cachix.org/" ]; trusted-public-keys = [ "pub-solar.cachix.org-1:ZicXIxKgdxMtgSJECWR8iihZxHRvu8ObL4n2cuBmtos=" ]; }; # Generally useful nix option defaults extraOptions = lib.mkForce '' experimental-features = flakes nix-command min-free = 536870912 keep-outputs = true keep-derivations = true fallback = true ''; nixPath = [ "nixpkgs=${flake.inputs.nixpkgs}" "nixos-config=${../../lib/compat/nixos}" "home-manager=${flake.inputs.home-manager}" ]; }; }