old
1{
2 pkgs,
3 config,
4 myvars,
5 programsdb,
6 ...
7}: {
8 nix.settings = {
9 experimental-features = ["nix-command" "flakes"];
10 trusted-users = [myvars.username];
11 substituters = [
12 # cache mirror located in China
13 # "https://mirrors.ustc.edu.cn/nix-channels/store?priority=10"
14 # "https://mirror.sjtu.edu.cn/nix-channels/store?priority=10"
15 "https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store?priority=10"
16
17 "https://nix-community.cachix.org?priority=20"
18 ];
19 trusted-public-keys = [
20 "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
21 "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
22 ];
23 builders-use-substitutes = true;
24 };
25
26 nix.extraOptions = ''
27 !include ${config.sops.templates.access-tokens.path}
28 '';
29
30 sops.templates.access-tokens = {
31 content = ''
32 access-tokens = github.com=${config.sops.placeholder.github-access-token}
33 '';
34 mode = "0444"; # file must be accessible (r) to all users, because only the build daemon runs as root and not nix evaluator itself.
35 };
36
37 environment.etc."programs.sqlite".source = programsdb.packages.${pkgs.system}.programs-sqlite;
38 programs.command-not-found.dbPath = "/etc/programs.sqlite";
39}