2024-04-07 02:09:46 +02:00
|
|
|
# needs to be kept compatible to both NixOS and nix-darwin
|
|
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
pkgs,
|
|
|
|
|
lib,
|
|
|
|
|
...
|
|
|
|
|
}:
|
|
|
|
|
|
|
|
|
|
let
|
|
|
|
|
inputs = config.inputInjection.flake-inputs;
|
|
|
|
|
unstable = inputs.nixos-unstable;
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
nix = {
|
|
|
|
|
# expose all flake inputs through nix Path and registry
|
|
|
|
|
registry = (lib.mapAttrs (_: value: { flake = value; }) inputs) // {
|
|
|
|
|
nixpkgs.flake = inputs.nixpkgs;
|
|
|
|
|
};
|
|
|
|
|
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
|
|
|
|
|
};
|
|
|
|
|
nix.settings = builtins.mapAttrs (_: lib.mkDefault) {
|
|
|
|
|
# keep around all inputs necessary for offline-rebuilding the system
|
|
|
|
|
keep-outputs = true;
|
|
|
|
|
keep-derivations = true;
|
|
|
|
|
trusted-users = [ "spiollinux" ];
|
|
|
|
|
experimental-features = [
|
|
|
|
|
"nix-command"
|
|
|
|
|
"flakes"
|
|
|
|
|
"repl-flake"
|
|
|
|
|
];
|
|
|
|
|
# use all cores for building
|
|
|
|
|
cores = 0;
|
|
|
|
|
};
|
2024-10-25 17:23:09 +02:00
|
|
|
# TODO: manage access token with sops instead of manual deployment
|
|
|
|
|
# permissions: needs to be readable by the user invoking nix and root (for nix daemon)
|
|
|
|
|
nix.extraOptions = ''
|
|
|
|
|
!include /etc/nix/secrets.conf
|
|
|
|
|
'';
|
2024-04-07 02:09:46 +02:00
|
|
|
}
|
