infrastructure/hosts/aurum/system/nix/default.nix

50 lines
1.2 KiB
Nix

{
lib,
pkgs,
inputs,
...
}: {
# restrict nix command to sudoers
nix.settings.allowed-users = ["root" "@wheel"];
nix.settings.trusted-users = ["root" "@wheel"];
# experimental features
nix.settings.experimental-features = ["nix-command" "flakes"];
# limit number of cores when building
nix.settings.max-jobs = 6;
# optimizations
nix.settings.auto-optimise-store = true;
nix.optimise = {
automatic = true;
dates = ["12:00"];
};
# garbage collection
nix.gc = {
automatic = true;
dates = "12:00";
options = "--delete-older-than 30d";
};
# pin nixpkgs registry
nix.registry.nixpkgs.flake = inputs.nixpkgs;
# list of allowed unfree packages
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"vscode"
"vscode-extension-github-copilot"
"vscode-extension-github-copilot-chat"
"vscode-extension-ms-vsliveshare-vsliveshare"
"libfprint-2-tod1-goodix" # fingerprint reader
];
# print diff between two generations
system.activationScripts.nvd-report-changes = ''
PATH=$PATH:${lib.makeBinPath [pkgs.nvd pkgs.nix]}
nvd diff $(ls -dv /nix/var/nix/profiles/system-*-link | tail -2)
'';
}