nix-daemon: switch to new settings syntax

2022-01-29 11:24:20 +01:00 · 2022-01-29 11:24:20 +01:00 · 3d47b2a538
commit 3d47b2a538
parent 05f8532173
10 changed files with 27 additions and 49 deletions
--- a/roles/builder/default.nix
+++ b/roles/builder/default.nix
@ -1,5 +1,3 @@
 { ... }: {
  imports = [ ./users.nix ];
-
-  nix.trustedUsers = [ "@trusted" ];
 }
--- a/roles/builder/users.nix
+++ b/roles/builder/users.nix
@ -48,8 +48,6 @@ let
    };
 in {
  users = {
-    groups.trusted = {};
-
    mutableUsers = false;
    users = lib.mapAttrs descToUser users;
  };
--- a/roles/nix-daemon.nix
+++ b/roles/nix-daemon.nix
@ -5,35 +5,36 @@ let
 in
 {
  nix = {
-    binaryCachePublicKeys = [
+    settings.trusted-public-keys = [
      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
    ];

-    binaryCaches = [
+    settings.substituters = [
      "https://nix-community.cachix.org"
    ];

+    # Hard-link duplicated files
+    settings.auto-optimise-store = true;
+
+    # auto-free the /nix/store
+    settings.min-free = asGB 10;
+    settings.max-free = asGB 200;
+
+    # avoid copying unecessary stuff over SSH
+    settings.builders-use-substitutes = true;
+
+    # allow flakes
+    settings.experimental-features = "nix-command flakes";
+
+    # users in trusted group are trusted by the nix-daemon
+    settings.trusted-users = [ "@trusted" ];
+
    # useful for ad-hoc nix-shell's for debugging
    nixPath = [ "nixpkgs=${pkgs.path}" ];

-    extraOptions = ''
-      # auto-free the /nix/store
-      min-free = ${asGB 10}
-      max-free = ${asGB 200}
-
-      # avoid copying unecessary stuff over SSH
-      builders-use-substitutes = true
-
-      # allow flakes
-      experimental-features = nix-command flakes
-    '';
-    # Hard-link duplicated files
-    autoOptimiseStore = true;
-
-    # Add support for flakes
-    package = pkgs.nixUnstable;
-
    gc.automatic = true;
    gc.options = "--delete-older-than 30d";
  };
+
+  users.groups.trusted = {};
 }
--- a/users/adisbladis.nix
+++ b/users/adisbladis.nix
@ -12,11 +12,8 @@ in
    useDefaultShell = true;
    isNormalUser = true;
    extraGroups = [
-      "wheel"
+      "wheel" "trusted"
    ];
    uid = userLib.mkUid "adis";
  };
-
-  nix.trustedUsers = [ "adisbladis" ];
-
 }
--- a/users/flokli.nix
+++ b/users/flokli.nix
@ -11,10 +11,8 @@ in
    useDefaultShell = true;
    isNormalUser = true;
    extraGroups = [
-      "wheel"
+      "wheel" "trusted"
    ];
    uid = userLib.mkUid "flok";
  };
-
-  nix.trustedUsers = [ "flokli" ];
 }
--- a/users/lewo.nix
+++ b/users/lewo.nix
@ -11,10 +11,8 @@ in
    useDefaultShell = true;
    isNormalUser = true;
    extraGroups = [
-      "wheel"
+      "wheel" "trusted"
    ];
    uid = userLib.mkUid "lewo";
  };
-
-  nix.trustedUsers = [ "lewo" ];
 }
--- a/users/mic92.nix
+++ b/users/mic92.nix
@ -11,10 +11,8 @@ in
    useDefaultShell = true;
    isNormalUser = true;
    extraGroups = [
-      "wheel"
+      "wheel" "trusted"
    ];
    uid = userLib.mkUid "micc";
  };
-
-  nix.trustedUsers = [ "mic92" ];
 }
--- a/users/ryantm.nix
+++ b/users/ryantm.nix
@ -12,13 +12,8 @@ in
    useDefaultShell = true;
    isNormalUser = true;
    extraGroups = [
-      "wheel"
+      "wheel" "trusted"
    ];
    uid = userLib.mkUid "rytm";
  };
-
-  nix.trustedUsers = [
-    "ryantm"
-  ];
-
 }
--- a/users/timokau.nix
+++ b/users/timokau.nix
@ -13,10 +13,8 @@ in
    useDefaultShell = true;
    isNormalUser = true;
    extraGroups = [
-      "wheel"
+      "wheel" "trusted"
    ];
    uid = userLib.mkUid "timo";
  };
-
-  nix.trustedUsers = [ "timo" ];
 }
--- a/users/zimbatm.nix
+++ b/users/zimbatm.nix
@ -13,11 +13,8 @@ in
    useDefaultShell = true;
    isNormalUser = true;
    extraGroups = [
-      "wheel"
+      "wheel" "trusted"
    ];
    uid = userLib.mkUid "zimb";
  };
-
-  nix.trustedUsers = [ "zimbatm" ];
-
 }