feat(nix): update allowed-users configuration

- Added "@users" and "root" to `allowed-users` in nix settings.
2025-12-11 09:15:51 +01:00 · 2025-12-11 09:15:51 +01:00 · f023b67086
commit f023b67086
parent a03d1d8867
2 changed files with 35 additions and 29 deletions
--- a/modules/darwin/nix/default.nix
+++ b/modules/darwin/nix/default.nix
@ -1,7 +1,8 @@
-{ config
+{
-, pkgs
+  config,
-, lib
+  pkgs,
-, ...
+  lib,
  ...
 }:
 with lib;
 with lib.metacfg;
@ -32,35 +33,37 @@ in
      {
        package = cfg.package;
-        settings =
+        settings = {
-          {
+          experimental-features = "nix-command flakes";
-            experimental-features = "nix-command flakes";
+          http-connections = 50;
-            http-connections = 50;
+          warn-dirty = false;
-            warn-dirty = false;
+          log-lines = 50;
            log-lines = 50;
-            # Large builds apparently fail due to an issue with darwin:
+          # Large builds apparently fail due to an issue with darwin:
-            # https://github.com/NixOS/nix/issues/4119
+          # https://github.com/NixOS/nix/issues/4119
-            sandbox = false;
+          sandbox = false;
-            # This appears to break on darwin
+          # This appears to break on darwin
-            # https://github.com/NixOS/nix/issues/7273
+          # https://github.com/NixOS/nix/issues/7273
-            auto-optimise-store = false;
+          auto-optimise-store = false;
-            allow-import-from-derivation = true;
+          allow-import-from-derivation = true;
-            trusted-users = users;
+          trusted-users = users;
-            allowed-users = users;
+          allowed-users = [
            "@users"
            "root"
          ];
-            # NOTE: This configuration is generated by nix-installer so I'm adding it here in
+          # NOTE: This configuration is generated by nix-installer so I'm adding it here in
-            # case it becomes important.
+          # case it becomes important.
-            extra-nix-path = "nixpkgs=flake:nixpkgs";
+          extra-nix-path = "nixpkgs=flake:nixpkgs";
-            build-users-group = "nixbld";
+          build-users-group = "nixbld";
-          }
+        }
-          // (lib.optionalAttrs config.metacfg.tools.direnv.enable {
+        // (lib.optionalAttrs config.metacfg.tools.direnv.enable {
-            keep-outputs = true;
+          keep-outputs = true;
-            keep-derivations = true;
+          keep-derivations = true;
-          });
+        });
        gc = {
          automatic = true;
--- a/modules/nixos/nix/default.nix
+++ b/modules/nixos/nix/default.nix
@ -75,7 +75,10 @@ in
          sandbox = true;
          auto-optimise-store = true;
          trusted-users = users;
-          allowed-users = users;
+          allowed-users = [
            "@users"
            "root"
          ];
          substituters = [
            cfg.default-substituter.url