about summary refs log tree commit diff stats
path: root/modules/system/services/nix/default.nix
blob: e4fe11d114ab2ffea99b2ec6af029f12dadaf06d (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
{
  pkgs,
  # flakes
  nixpkgs_as_input,
  templates,
  self,
  system,
  ...
}: {
  nix = {
    package = pkgs.nixVersions.latest;

    # Disable nix channels  (this is a remnant of old days)
    channel.enable = false;

    registry = {
      nixpkgs.flake = nixpkgs_as_input;
      n.flake =
        nixpkgs_as_input
        // {
          # Otherwise nixpkgs's config and overlays are not available:
          outputs.legacyPackages."${system}" = pkgs;
        };

      t.flake = templates;

      my_flake.flake = self;
      m.flake = self;
    };

    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 7d";
    };

    settings = {
      auto-optimise-store = true;
      experimental-features = [
        "nix-command"
        "flakes"
        #"ca-derivations"
      ];

      use-xdg-base-directories = true;

      #substituters = ["https://cache.ngi0.nixos.org/"];
      #trusted-public-keys = ["cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA="];

      fallback = true; # Build from source, if binary can't be substituted

      keep-failed = true; # keep failed tmp build dirs
      pure-eval = true; # restrict file system and network access to hash

      sandbox-fallback = false; # Don't disable the sandbox, if the kernel doesn't support it
    };
  };
}