nix: expose nixosModules

2025-12-06 14:49:14 +00:00 · 2024-07-12 23:29:55 +02:00 · 2024-07-12 23:29:55 +02:00 · 47ec3b0d57
commit 47ec3b0d57
parent 5b7839dde9
5 changed files with 9 additions and 3 deletions
--- a/nix/nixosModules/default.nix
+++ b/nix/nixosModules/default.nix
@ -0,0 +1,6 @@
+{
+  flake.nixosModules._.imports = [
+    ./sudo-conf.nix
+    ./system-nixconf.nix
+  ];
+}
--- a/nix/nixosModules/sudo-conf.nix
+++ b/nix/nixosModules/sudo-conf.nix
@ -0,0 +1,30 @@
+{ pkgs, ... }:
+{
+  nix = {
+    extraOptions = ''
+      experimental-features = nix-command flakes
+      allow-import-from-derivation = true
+      sandbox = true
+    '';
+  };
+
+  security.sudo.extraConfig = ''
+    Defaults        lecture = always
+    Defaults        lecture_file = ${pkgs.writeText "sudo_lecture_file" ''
+      λλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλ
+
+           λλλλ
+             λλλ
+              λλλ
+               λλλ                       Beep Boop
+              λ λλλ               Are you sure about this?
+             λ   λλλ                  Think twice :3
+            λ     λλλ
+           λ       λλλ
+          λ         λλλ
+         λ           λλλλ
+
+      λλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλλ
+    ''}
+  '';
+}
--- a/nix/nixosModules/system-nixconf.nix
+++ b/nix/nixosModules/system-nixconf.nix
@ -0,0 +1,34 @@
+# generates global config
+# should be used with nixos or nix-darwin
+{ pkgs, ... }:
+{
+  nix.package = pkgs.nixVersions.nix_2_21;
+  nix.settings = {
+    /*
+      substituters can only be used by users that are trusted by nix -> nix trusts the user to do it right
+      trusted-substituters can be used by any user -> nix trusts everything the substituter provides
+
+      "In addition, each store path should be trusted as described in trusted-public-keys"
+      -> keys for everything
+    */
+
+    substituters = [
+      "https://nix-community.cachix.org"
+      "https://leana8959.cachix.org"
+    ];
+    trusted-substituters = [
+      "https://nix-community.cachix.org"
+      "https://leana8959.cachix.org"
+    ];
+    trusted-public-keys = [
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      "leana8959.cachix.org-1:CxQSAp8lcgMv8Me459of0jdXRW2tcyeYRKTiiUq8z0M="
+    ];
+
+    experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+    allow-import-from-derivation = "true";
+  };
+}