lix key fix

Author: randogoth

README.md

@@ -7,7 +7,7 @@
 - Lix: multi-user install baked in with persistence at `/var/home/nix`; `nix-daemon.service` enabled.
 (D) - First-login bootstrap: installs Lix/nix packages `devbox`, `mc`, and `micro` via `curator`
 - System packages added: `syncthing`, `uv`, `vscodium`, `waydroid`;
-- System flatpaks added: Telegram Desktop, Waterfox
+- System flatpaks added: Telegram Desktop, Zen Browser
 
 ## First login behavior
 - Triggers for each non-root user on their first session.

files/scripts/install-nix.sh

@@ -3,14 +3,42 @@ set -euo pipefail
 
 rpm_url="https://nix-community.github.io/nix-installers/lix/x86_64/lix-multi-user-2.91.1.rpm"
 
-install -d /usr/share/nix-store /var/lib/nix-store /var/cache/nix-store /nix
+install -d /usr/share/nix-store /var/lib/nix-store /var/cache/nix-store /nix /etc/nix
 
 # Avoid systemd calls during RPM %post in the image build environment.
 export SYSTEMD_OFFLINE=1
 
 # Install the RPM; allow missing GPG key since we fetch directly by URL.
 dnf install -y --nogpgcheck "$rpm_url"
 
+nix_conf=/etc/nix/nix.conf
+lix_cache_url="https://cache.lix.systems/"
+lix_cache_key="cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
+
+ensure_list_value() {
+  local key="$1" value="$2" escaped_value
+  escaped_value=$(printf '%s' "$value" | sed 's/[\\&]/\\&/g')
+
+  touch "$nix_conf"
+
+  if grep -Eq "^${key}[[:space:]]*=.*${escaped_value}" "$nix_conf"; then
+    return
+  fi
+
+  if grep -Eq "^${key}[[:space:]]*=" "$nix_conf"; then
+    sed -i "s|^${key}[[:space:]]*= *\\(.*\\)|${key} = \\1 ${escaped_value}|" "$nix_conf"
+  else
+    echo "${key} = ${value}" >>"$nix_conf"
+  fi
+}
+
+ensure_list_value "substituters" "$lix_cache_url"
+ensure_list_value "trusted-public-keys" "$lix_cache_key"
+
+# # Ensure the overlay mount service is enabled so /nix is populated on boot.
+# mkdir -p /etc/systemd/system/multi-user.target.wants
+# ln -sf /usr/lib/systemd/system/nix-overlay.service /etc/systemd/system/multi-user.target.wants/nix-overlay.service
+
 # Move the pre-populated store out of /nix so it can serve as the immutable lowerdir.
 if compgen -G "/nix/*" >/dev/null; then
   mv /nix/* /usr/share/nix-store/

files/system/usr/libexec/deinonyxus/curator.sh

@@ -6,4 +6,6 @@ curator_git="--from git+https://codeberg.org/randogoth/curator/"
 uvx $curator_git curator init
 uvx $curator_git curator add nix:mc nix:micro nix:devbox
 uvx $curator_git curator switch
-uv tool install $curator_git curator
+uv tool install $curator_git curator
+
+nix upgrade-nix

recipes/recipe.yml

@@ -66,7 +66,7 @@ modules:
         scope: system
         # If no repo information is specified, Flathub will be used by default
         install: # system flatpaks we want all users to have and not remove
-          - net.waterfox.waterfox
+          - app.zen_browser.zen
           - org.telegram.desktop
         remove: # replace default Firefox with Waterfox
           - org.mozilla.firefox