feat(nix): update allowed-users configuration

- Added "@users" and "root" to `allowed-users` in nix settings.
2025-12-11 09:15:51 +01:00 · 2025-12-11 09:15:51 +01:00 · f023b67086
commit f023b67086
parent a03d1d8867
2 changed files with 35 additions and 29 deletions
--- a/modules/darwin/nix/default.nix
+++ b/modules/darwin/nix/default.nix
@ -1,7 +1,8 @@
-{ config
-, pkgs
-, lib
-, ...
+{
+  config,
+  pkgs,
+  lib,
+  ...
 }:
 with lib;
 with lib.metacfg;
@ -32,35 +33,37 @@ in
      {
        package = cfg.package;

-        settings =
-          {
-            experimental-features = "nix-command flakes";
-            http-connections = 50;
-            warn-dirty = false;
-            log-lines = 50;
+        settings = {
+          experimental-features = "nix-command flakes";
+          http-connections = 50;
+          warn-dirty = false;
+          log-lines = 50;

-            # Large builds apparently fail due to an issue with darwin:
-            # https://github.com/NixOS/nix/issues/4119
-            sandbox = false;
+          # Large builds apparently fail due to an issue with darwin:
+          # https://github.com/NixOS/nix/issues/4119
+          sandbox = false;

-            # This appears to break on darwin
-            # https://github.com/NixOS/nix/issues/7273
-            auto-optimise-store = false;
+          # This appears to break on darwin
+          # https://github.com/NixOS/nix/issues/7273
+          auto-optimise-store = false;

-            allow-import-from-derivation = true;
+          allow-import-from-derivation = true;

-            trusted-users = users;
-            allowed-users = users;
+          trusted-users = users;
+          allowed-users = [
+            "@users"
+            "root"
+          ];

-            # NOTE: This configuration is generated by nix-installer so I'm adding it here in
-            # case it becomes important.
-            extra-nix-path = "nixpkgs=flake:nixpkgs";
-            build-users-group = "nixbld";
-          }
-          // (lib.optionalAttrs config.metacfg.tools.direnv.enable {
-            keep-outputs = true;
-            keep-derivations = true;
-          });
+          # NOTE: This configuration is generated by nix-installer so I'm adding it here in
+          # case it becomes important.
+          extra-nix-path = "nixpkgs=flake:nixpkgs";
+          build-users-group = "nixbld";
+        }
+        // (lib.optionalAttrs config.metacfg.tools.direnv.enable {
+          keep-outputs = true;
+          keep-derivations = true;
+        });

        gc = {
          automatic = true;
--- a/modules/nixos/nix/default.nix
+++ b/modules/nixos/nix/default.nix
@ -75,7 +75,10 @@ in
          sandbox = true;
          auto-optimise-store = true;
          trusted-users = users;
-          allowed-users = users;
+          allowed-users = [
+            "@users"
+            "root"
+          ];

          substituters = [
            cfg.default-substituter.url