shared/nix.nix at main · andreijiroh.dev/nixops-config

andreijiroh.dev / nixops-config
fork
NixOS + home-manager configs, mirrored from GitLab SaaS. gitlab.com/andreijiroh-dev/nixops-config
nix-flake nixos home-manager nixpkgs nix-flakes
fork
nixops-config / shared / nix.nix
at main 147 lines 4.8 kB view raw
wrap content
Andrei Jiroh Halili chore(secretops): tweak configs relating to agenix-rekey stuff 3w ago
3108a503
  1# This is the meta config file for nixpkgs and nix cli itself, including
  2# trusted keys for cachix caches and stateVersion for NixOS.
  3
  4{
  5  config,
  6  pkgs,
  7  lib,
  8  self,
  9  nix4vscode,
 10  llm-agents,
 11  agenix-rekey,
 12  ...
 13}:
 14
 15{
 16  # Adopted from https://fnordig.de/til/nix/home-manager-allow-unfree.html,
 17  # but we'll also enable it system-wide too.
 18  config = {
 19    nixpkgs = {
 20      config = {
 21        allowUnfree = true;
 22        # https://github.com/nix-community/home-manager/issues/2942
 23        allowUnfreePredicate = (_: true);
 24      };
 25      overlays = [
 26        self.overlays.default
 27        nix4vscode.overlays.default
 28        agenix-rekey.overlays.default
 29        llm-agents.overlays.default
 30      ];
 31    };
 32
 33    nix = {
 34      gc = {
 35        automatic = true;
 36        dates = [ "weekly" ];
 37        randomizedDelaySec = "30min";
 38      };
 39      settings = {
 40        # See https://nix.dev/manual/nix/latest/development/experimental-features
 41        # for latest supported feature flags.
 42        experimental-features = [
 43          "nix-command"
 44          "flakes"
 45
 46          "auto-allocate-uids"
 47          "blake3-hashes"
 48          "ca-derivations"
 49          "cgroups"
 50          "configurable-impure-env"
 51          #"daemon-trust-override"
 52          "dynamic-derivations"
 53          "external-builders"
 54          "fetch-closure"
 55          "fetch-tree"
 56          "git-hashing"
 57          "impure-derivations"
 58          "local-overlay-store"
 59          "mounted-ssh-store"
 60          "no-url-literals"
 61          "pipe-operators"
 62          "read-only-local-store"
 63          #"recursive-nix"
 64          "verified-fetches"
 65        ];
 66
 67        trusted-users = [
 68          "@wheel"
 69          "root"
 70          "gildedguy"
 71          "ajhalili2006"
 72          "nixos"
 73        ];
 74
 75        # just sync with trusted-users, but w/o root
 76        allowed-users = [
 77          "@wheel"
 78          "gildedguy"
 79          "ajhalili2006"
 80          "nixos"
 81        ];
 82
 83        trusted-public-keys = [
 84          # cache.nixos.org
 85          "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
 86
 87          # cache.flakehub.com
 88          "cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM="
 89          "cache.flakehub.com-4:Asi8qIv291s0aYLyH6IOnr5Kf6+OF14WVjkE6t3xMio="
 90          "cache.flakehub.com-5:zB96CRlL7tiPtzA9/WKyPkp3A2vqxqgdgyTVNGShPDU="
 91          "cache.flakehub.com-6:W4EGFwAGgBj3he7c5fNh9NkOXw0PUVaxygCVKeuvaqU="
 92          "cache.flakehub.com-7:mvxJ2DZVHn/kRxlIaxYNMuDG1OvMckZu32um1TadOR8="
 93          "cache.flakehub.com-8:moO+OVS0mnTjBTcOUh2kYLQEd59ExzyoW1QgQ8XAARQ="
 94          "cache.flakehub.com-9:wChaSeTI6TeCuV/Sg2513ZIM9i0qJaYsF+lZCXg0J6o="
 95          "cache.flakehub.com-10:2GqeNlIp6AKp4EF2MVbE1kBOp9iBSyo0UPR9KoR0o1Y="
 96
 97          # nix-community
 98          "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
 99
100          # devenv.sh
101          "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
102
103          # my caches for nixos and nixpkgs related builds (including devenvs)
104          "ajhalili2006-nixos-builds.cachix.org-1:fA8HXvGR1i792D+CxL2iW/TQzUcyoW7zPUmC9Q4mQLg="
105
106          # the main cache itself
107          "andreijiroh-dev.cachix.org-1:7Jd0STdBOLiNu5fiA+AKwcMqQD2PA1j9zLDGyDkuyBo="
108
109          # recaptime.dev cache
110          "recaptime-dev.cachix.org-1:b0UBO1zONf6ceTIoR06AKhgid4ZOl5kxB/gOIdZ9J6g="
111
112          # numtide
113          "niks3.numtide.com-1:DTx8wZduET09hRmMtKdQDxNNthLQETkc/yaX7M4qK0g="
114        ];
115
116        # also list them all too
117        trusted-substituters = [
118          "https://cache.nixos.org"
119          "https://cache.flakehub.com"
120          "https://nix-community.cachix.org"
121          "https://devenv.cachix.org"
122          "https://andreijiroh-dev.cachix.org"
123          "https://ajhalili2006-nixos-builds.cachix.org"
124          "https://recaptime-dev.cachix.org"
125          "https://cache.numtide.com"
126        ];
127      };
128    };
129
130    # Needed since Determinate Nix manages the main config file for system.
131    # Commented out for a while to test if it's really needed.
132    #environment.etc."nix/nix.custom.conf" = {
133    #  source = ../misc/nix/nix.custom.conf;
134    #  mode = "0644";
135    #};
136
137    # This value determines the NixOS release from which the default
138    # settings for stateful data, like file locations and database versions
139    # on your system were taken. It‘s perfectly fine and recommended to leave
140    # this value at the release version of the first install of this system.
141    # Before changing this value read the documentation for this option
142    # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
143    # TODO: Always bump this to next point release once the current value is
144    #       officially released to stable after reading the changelog.
145    system.stateVersion = "26.05"; # Did you read the comment?
146  };
147}
Configure Feed

Configure Feed
