nixcfg/modules/common.nix at main · gkze/nixcfg · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
{
  config,
  hostname ? null,
  inputs ? { },
  lib,
  pkgs,
  slib ? null,
  system ? pkgs.stdenv.hostPlatform.system,
  ...
}:
let
  inherit (lib)
    mkDefault
    mkIf
    mkOption
    types
    ;

  cfg = config.nixcfg.common;

  kernel =
    if slib != null then
      slib.kernel system
    else if lib.hasSuffix "-darwin" system then
      "darwin"
    else if lib.hasSuffix "-linux" system then
      "linux"
    else
      throw "modules/common.nix: unsupported system '${system}'";

  flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
in
{
  options.nixcfg.common = {
    hostname = mkOption {
      type = types.nullOr types.str;
      default = hostname;
      description = "Hostname value to apply via networking.hostName.";
    };

    nix = {
      substituters = mkOption {
        type = types.listOf types.str;
        default = [
          "https://gkze.cachix.org"
          "https://zed.cachix.org"
          "https://cache.garnix.io"
          "https://cache.nixos.org"
        ];
        description = "Binary cache URLs configured in nix.settings.substituters.";
      };

      trustedPublicKeys = mkOption {
        type = types.listOf types.str;
        default = [
          "gkze.cachix.org-1:vO2wq3fAFvRL1TA7R02JnU/R5iKGhoHMLGYbnzPRJjI="
          "zed.cachix.org-1:/pHQ6dpMsAZk2DiP4WCL0p9YDNKWj2Q5FL20bNmw1cU="
          "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
          "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
        ];
        description = "Trusted cache keys configured in nix.settings.trusted-public-keys.";
      };
    };
  };

  config = {
    networking.hostName = mkIf (cfg.hostname != null) (mkDefault cfg.hostname);

    nix = {
      gc = {
        automatic = true;
        options = "--delete-older-than 3d";
      }
      // {
        darwin.interval = {
          Hour = 9;
          Minute = 30;
        };
        linux.dates = "09:30";
      }
      .${kernel};
      settings = {
        experimental-features = [
          "nix-command"
          "flakes"
        ];
        keep-derivations = true;
        keep-outputs = true;
        inherit (cfg.nix) substituters;
        trusted-public-keys = cfg.nix.trustedPublicKeys;
      };
      channel.enable = false;
      package = pkgs.nixVersions.git;
      registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs;
      nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
    };

    nixpkgs = {
      hostPlatform = system;
      config = {
        allowUnfree = true;
        # Per-package insecure overrides should be used instead of global allowInsecure
        # Note: allowInsecurePredicate is set in flake.nix at the flakelight level
      };
    };

    environment.pathsToLink = [ "/share/zsh" ];

    documentation = {
      doc.enable = true;
      info.enable = true;
      man.enable = true;
    };

    programs.zsh.enable = true;
  };
}