# needs to be kept compatible to both NixOS and nix-darwin { config, pkgs, lib, ... }: let inputs = config.inputInjection.flake-inputs; unstable = inputs.nixos-unstable; in { nix = { # expose all flake inputs through nix Path and registry registry = (lib.mapAttrs (_: value: { flake = value; }) inputs) // { nixpkgs.flake = inputs.nixpkgs; }; nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; }; nix.settings = builtins.mapAttrs (_: lib.mkDefault) { # keep around all inputs necessary for offline-rebuilding the system keep-outputs = true; keep-derivations = true; trusted-users = [ "spiollinux" ]; experimental-features = [ "nix-command" "flakes" ]; # use all cores for building cores = 0; }; # TODO: manage access token with sops instead of manual deployment # permissions: needs to be readable by the user invoking nix and root (for nix daemon) nix.extraOptions = '' !include /etc/nix/secrets.conf ''; }