{ options, config, pkgs, lib, inputs, ... }: with lib; with lib.plusultra; let cfg = config.plusultra.nix; substituters-submodule = types.submodule ({ name, ... }: { options = with types; { key = mkOpt (nullOr str) null "The trusted public key for this substituter."; }; }); in { options.plusultra.nix = with types; { enable = mkBoolOpt false "Whether or not to manage nix configuration."; package = mkOpt package pkgs.nix "Which nix package to use."; default-substituter = { url = mkOpt str "https://cache.nixos.org" "The url for the substituter."; key = mkOpt str "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "The trusted public key for the substituter."; }; extra-substituters = mkOpt (attrsOf substituters-submodule) { } "Extra substituters to configure."; }; config = mkIf cfg.enable { assertions = mapAttrsToList (name: value: { assertion = value.key != null; message = "plusultra.nix.extra-substituters.${name}.key must be set"; }) cfg.extra-substituters; environment.systemPackages = with pkgs; [ plusultra.nixos-revision (plusultra.nixos-hosts.override { hosts = inputs.self.nixosConfigurations; }) deploy-rs nixfmt nix-index nix-prefetch-git nix-output-monitor ]; nix = let users = [ "root" config.plusultra.user.name ] ++ optional config.services.hydra.enable "hydra"; extra-substituters = cfg.extra-substituters // { "https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE="; }; in { package = cfg.package; settings = { experimental-features = "nix-command flakes"; http-connections = 50; warn-dirty = false; log-lines = 50; sandbox = "relaxed"; auto-optimise-store = true; trusted-users = users; allowed-users = users; substituters = [ cfg.default-substituter.url ] ++ (mapAttrsToList (name: value: name) extra-substituters); trusted-public-keys = [ cfg.default-substituter.key ] ++ (mapAttrsToList (name: value: value.key) extra-substituters); } // (lib.optionalAttrs config.plusultra.tools.direnv.enable { keep-outputs = true; keep-derivations = true; }); gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 30d"; }; # flake-utils-plus generateRegistryFromInputs = true; generateNixPathFromInputs = true; linkInputs = true; }; }; }