diff --git a/roles/builder/default.nix b/roles/builder/default.nix
index 8ba8c86..370a4b8 100644
--- a/roles/builder/default.nix
+++ b/roles/builder/default.nix
@@ -1,5 +1,3 @@
{ ... }: {
imports = [ ./users.nix ];
-
- nix.trustedUsers = [ "@trusted" ];
}
diff --git a/roles/builder/users.nix b/roles/builder/users.nix
index e5bb904..a5201f5 100644
--- a/roles/builder/users.nix
+++ b/roles/builder/users.nix
@@ -48,8 +48,6 @@ let
};
in {
users = {
- groups.trusted = {};
-
mutableUsers = false;
users = lib.mapAttrs descToUser users;
};
diff --git a/roles/nix-daemon.nix b/roles/nix-daemon.nix
index 8551cd7..004a6d9 100644
--- a/roles/nix-daemon.nix
+++ b/roles/nix-daemon.nix
@@ -5,35 +5,36 @@ let
in
{
nix = {
- binaryCachePublicKeys = [
+ settings.trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
- binaryCaches = [
+ settings.substituters = [
"https://nix-community.cachix.org"
];
+ # Hard-link duplicated files
+ settings.auto-optimise-store = true;
+
+ # auto-free the /nix/store
+ settings.min-free = asGB 10;
+ settings.max-free = asGB 200;
+
+ # avoid copying unecessary stuff over SSH
+ settings.builders-use-substitutes = true;
+
+ # allow flakes
+ settings.experimental-features = "nix-command flakes";
+
+ # users in trusted group are trusted by the nix-daemon
+ settings.trusted-users = [ "@trusted" ];
+
# useful for ad-hoc nix-shell's for debugging
nixPath = [ "nixpkgs=${pkgs.path}" ];
- extraOptions = ''
- # auto-free the /nix/store
- min-free = ${asGB 10}
- max-free = ${asGB 200}
-
- # avoid copying unecessary stuff over SSH
- builders-use-substitutes = true
-
- # allow flakes
- experimental-features = nix-command flakes
- '';
- # Hard-link duplicated files
- autoOptimiseStore = true;
-
- # Add support for flakes
- package = pkgs.nixUnstable;
-
gc.automatic = true;
gc.options = "--delete-older-than 30d";
};
+
+ users.groups.trusted = {};
}
diff --git a/users/adisbladis.nix b/users/adisbladis.nix
index f675bd0..a1de3a1 100644
--- a/users/adisbladis.nix
+++ b/users/adisbladis.nix
@@ -12,11 +12,8 @@ in
useDefaultShell = true;
isNormalUser = true;
extraGroups = [
- "wheel"
+ "wheel" "trusted"
];
uid = userLib.mkUid "adis";
};
-
- nix.trustedUsers = [ "adisbladis" ];
-
}
diff --git a/users/flokli.nix b/users/flokli.nix
index 651c47b..8bb6a18 100644
--- a/users/flokli.nix
+++ b/users/flokli.nix
@@ -11,10 +11,8 @@ in
useDefaultShell = true;
isNormalUser = true;
extraGroups = [
- "wheel"
+ "wheel" "trusted"
];
uid = userLib.mkUid "flok";
};
-
- nix.trustedUsers = [ "flokli" ];
}
diff --git a/users/lewo.nix b/users/lewo.nix
index 8ccd9a2..8d1dc16 100644
--- a/users/lewo.nix
+++ b/users/lewo.nix
@@ -11,10 +11,8 @@ in
useDefaultShell = true;
isNormalUser = true;
extraGroups = [
- "wheel"
+ "wheel" "trusted"
];
uid = userLib.mkUid "lewo";
};
-
- nix.trustedUsers = [ "lewo" ];
}
diff --git a/users/mic92.nix b/users/mic92.nix
index 59c197d..ca0d62e 100644
--- a/users/mic92.nix
+++ b/users/mic92.nix
@@ -11,10 +11,8 @@ in
useDefaultShell = true;
isNormalUser = true;
extraGroups = [
- "wheel"
+ "wheel" "trusted"
];
uid = userLib.mkUid "micc";
};
-
- nix.trustedUsers = [ "mic92" ];
}
diff --git a/users/ryantm.nix b/users/ryantm.nix
index 0f2d268..9d0c037 100644
--- a/users/ryantm.nix
+++ b/users/ryantm.nix
@@ -12,13 +12,8 @@ in
useDefaultShell = true;
isNormalUser = true;
extraGroups = [
- "wheel"
+ "wheel" "trusted"
];
uid = userLib.mkUid "rytm";
};
-
- nix.trustedUsers = [
- "ryantm"
- ];
-
}
diff --git a/users/timokau.nix b/users/timokau.nix
index b00be14..3bf4c24 100644
--- a/users/timokau.nix
+++ b/users/timokau.nix
@@ -13,10 +13,8 @@ in
useDefaultShell = true;
isNormalUser = true;
extraGroups = [
- "wheel"
+ "wheel" "trusted"
];
uid = userLib.mkUid "timo";
};
-
- nix.trustedUsers = [ "timo" ];
}
diff --git a/users/zimbatm.nix b/users/zimbatm.nix
index 6cee0b5..fae9567 100644
--- a/users/zimbatm.nix
+++ b/users/zimbatm.nix
@@ -13,11 +13,8 @@ in
useDefaultShell = true;
isNormalUser = true;
extraGroups = [
- "wheel"
+ "wheel" "trusted"
];
uid = userLib.mkUid "zimb";
};
-
- nix.trustedUsers = [ "zimbatm" ];
-
}