nix-daemon: switch to new settings syntax

roles/builder/default.nix

@@ -1,5 +1,3 @@
 { ... }: {
   imports = [ ./users.nix ];
-
-  nix.trustedUsers = [ "@trusted" ];
 }

roles/builder/users.nix

@@ -48,8 +48,6 @@ let
     };
 in {
   users = {
-    groups.trusted = {};
-
     mutableUsers = false;
     users = lib.mapAttrs descToUser users;
   };

roles/nix-daemon.nix

@@ -5,35 +5,36 @@ let
 in
 {
   nix = {
-    binaryCachePublicKeys = [
+    settings.trusted-public-keys = [
       "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
     ];
 
-    binaryCaches = [
+    settings.substituters = [
       "https://nix-community.cachix.org"
     ];
 
+    # Hard-link duplicated files
+    settings.auto-optimise-store = true;
+
+    # auto-free the /nix/store
+    settings.min-free = asGB 10;
+    settings.max-free = asGB 200;
+
+    # avoid copying unecessary stuff over SSH
+    settings.builders-use-substitutes = true;
+
+    # allow flakes
+    settings.experimental-features = "nix-command flakes";
+
+    # users in trusted group are trusted by the nix-daemon
+    settings.trusted-users = [ "@trusted" ];
+
     # useful for ad-hoc nix-shell's for debugging
     nixPath = [ "nixpkgs=${pkgs.path}" ];
 
-    extraOptions = ''
-      # auto-free the /nix/store
-      min-free = ${asGB 10}
-      max-free = ${asGB 200}
-
-      # avoid copying unecessary stuff over SSH
-      builders-use-substitutes = true
-
-      # allow flakes
-      experimental-features = nix-command flakes
-    '';
-    # Hard-link duplicated files
-    autoOptimiseStore = true;
-
-    # Add support for flakes
-    package = pkgs.nixUnstable;
-
     gc.automatic = true;
     gc.options = "--delete-older-than 30d";
   };
+
+  users.groups.trusted = {};
 }

users/adisbladis.nix

@@ -12,11 +12,8 @@ in
     useDefaultShell = true;
     isNormalUser = true;
     extraGroups = [
-      "wheel"
+      "wheel" "trusted"
     ];
     uid = userLib.mkUid "adis";
   };
-
-  nix.trustedUsers = [ "adisbladis" ];
-
 }

users/flokli.nix

@@ -11,10 +11,8 @@ in
     useDefaultShell = true;
     isNormalUser = true;
     extraGroups = [
-      "wheel"
+      "wheel" "trusted"
     ];
     uid = userLib.mkUid "flok";
   };
-
-  nix.trustedUsers = [ "flokli" ];
 }

users/lewo.nix

@@ -11,10 +11,8 @@ in
     useDefaultShell = true;
     isNormalUser = true;
     extraGroups = [
-      "wheel"
+      "wheel" "trusted"
     ];
     uid = userLib.mkUid "lewo";
   };
-
-  nix.trustedUsers = [ "lewo" ];
 }

users/mic92.nix

@@ -11,10 +11,8 @@ in
     useDefaultShell = true;
     isNormalUser = true;
     extraGroups = [
-      "wheel"
+      "wheel" "trusted"
     ];
     uid = userLib.mkUid "micc";
   };
-
-  nix.trustedUsers = [ "mic92" ];
 }

users/ryantm.nix

@@ -12,13 +12,8 @@ in
     useDefaultShell = true;
     isNormalUser = true;
     extraGroups = [
-      "wheel"
+      "wheel" "trusted"
     ];
     uid = userLib.mkUid "rytm";
   };
-
-  nix.trustedUsers = [
-    "ryantm"
-  ];
-
 }

users/timokau.nix

@@ -13,10 +13,8 @@ in
     useDefaultShell = true;
     isNormalUser = true;
     extraGroups = [
-      "wheel"
+      "wheel" "trusted"
     ];
     uid = userLib.mkUid "timo";
   };
-
-  nix.trustedUsers = [ "timo" ];
 }

users/zimbatm.nix

@@ -13,11 +13,8 @@ in
     useDefaultShell = true;
     isNormalUser = true;
     extraGroups = [
-      "wheel"
+      "wheel" "trusted"
     ];
     uid = userLib.mkUid "zimb";
   };
-
-  nix.trustedUsers = [ "zimbatm" ];
-
 }