{ options, config, pkgs, lib, inputs, ... }: with lib; with lib.metacfg; let cfg = config.metacfg.nix; substituters-submodule = types.submodule ( { name, ... }: { options = with types; { key = mkOpt (nullOr str) null "The trusted public key for this substituter."; }; } ); in { options.metacfg.nix = with types; { enable = mkBoolOpt false "Whether or not to manage nix configuration."; package = mkOpt package pkgs.nix "Which nix package to use."; default-substituter = { url = mkOpt str "https://cache.nixos.org" "The url for the substituter."; key = mkOpt str "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "The trusted public key for the substituter."; }; extra-substituters = mkOpt (attrsOf substituters-submodule) { } "Extra substituters to configure."; }; config = mkIf cfg.enable { assertions = mapAttrsToList (name: value: { assertion = value.key != null; message = "metacfg.nix.extra-substituters.${name}.key must be set"; }) cfg.extra-substituters; environment.systemPackages = with pkgs; [ metacfg.nixos-revision (metacfg.nixos-hosts.override { hosts = inputs.self.nixosConfigurations; }) deploy-rs nixfmt nix-index nix-prefetch-git nix-output-monitor ]; systemd.services.nix-daemon.environment.TMPDIR = "/var/tmp"; nix = let users = [ "root" config.metacfg.user.name ] ++ optional config.services.hydra.enable "hydra"; extra-substituters = cfg.extra-substituters // { "https://attic.teepot.org/tee-pot".key = "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg="; }; in { package = cfg.package; settings = { experimental-features = "nix-command flakes"; http-connections = 50; warn-dirty = false; log-lines = 50; sandbox = true; auto-optimise-store = true; trusted-users = users; allowed-users = users; substituters = [ cfg.default-substituter.url ] ++ (mapAttrsToList (name: value: name) extra-substituters); trusted-public-keys = [ cfg.default-substituter.key ] ++ (mapAttrsToList (name: value: value.key) extra-substituters); } // (lib.optionalAttrs config.metacfg.tools.direnv.enable { keep-outputs = true; keep-derivations = true; }); gc = { automatic = true; dates = lib.mkDefault "weekly"; options = lib.mkDefault "--delete-older-than 14d"; }; # flake-utils-plus generateRegistryFromInputs = true; generateNixPathFromInputs = true; linkInputs = true; }; }; }