nix.settings.substituters(system-level) & nixConfig.extra-substituers(flake-only)

2026-04-10 11:23:40 +02:00 · 2023-12-09 16:16:22 +08:00
parent abdf6d181b
commit 5237bf31c5
2 changed files with 83 additions and 86 deletions
--- a/modules/system.nix
+++ b/modules/system.nix
@@ -1,6 +1,58 @@
-{ config, pkgs, ... }:
-
 {
+  pkgs,
+  lib,
+  ...
+}: let
+  username = "ryan";
+in {
+
+  # ============================= User related =============================
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.ryan = {
+    isNormalUser = true;
+    description = "ryan";
+    extraGroups = [ "networkmanager" "wheel" ];
+    openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJx3Sk20pLL1b2PPKZey2oTyioODrErq83xG78YpFBoj admin@ryan-MBP"
+    ];
+  };
+    # given the users in this list the right to specify additional substituters via:
+    #    1. `nixConfig.substituers` in `flake.nix`
+    #    2. command line args `--options substituers http://xxx`
+  nix.settings.trusted-users = [username];
+
+  # customise /etc/nix/nix.conf declaratively via `nix.settings`
+  nix.settings = {
+    # enable flakes globally
+    experimental-features = ["nix-command" "flakes"];
+
+    substituters = [
+      # cache mirror located in China
+      # status: https://mirror.sjtu.edu.cn/
+      "https://mirror.sjtu.edu.cn/nix-channels/store"
+      # status: https://mirrors.ustc.edu.cn/status/
+      # "https://mirrors.ustc.edu.cn/nix-channels/store"
+
+      "https://cache.nixos.org"
+    ];
+
+    trusted-public-keys = [
+      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+    ];
+    builders-use-substitutes = true;
+  };
+
+  # do garbage collection weekly to keep disk usage low
+  nix.gc = {
+    automatic = lib.mkDefault true;
+    dates = lib.mkDefault "weekly";
+    options = lib.mkDefault "--delete-older-than 7d";
+  };
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = lib.mkDefault false;
+
  # Set your time zone.
  time.timeZone = "Asia/Shanghai";

@@ -21,7 +73,6 @@

  # Enable CUPS to print documents.
  services.printing.enable = true;
-  

  fonts = {
    fonts = with pkgs; [
@@ -34,7 +85,7 @@
      noto-fonts-emoji

      # nerdfonts
-      (nerdfonts.override { fonts = [ "FiraCode" "JetBrainsMono" ]; })
+      (nerdfonts.override {fonts = ["FiraCode" "JetBrainsMono"];})
    ];

    # use fonts specified by user rather than default ones
@@ -44,10 +95,10 @@
    # the reason there's Noto Color Emoji everywhere is to override DejaVu's
    # B&W emojis that would sometimes show instead of some Color emojis
    fontconfig.defaultFonts = {
-      serif = [ "Noto Serif" "Noto Color Emoji" ];
-      sansSerif = [ "Noto Sans" "Noto Color Emoji" ];
-      monospace = [ "JetBrainsMono Nerd Font" "Noto Color Emoji" ];
-      emoji = [ "Noto Color Emoji" ];
+      serif = ["Noto Serif" "Noto Color Emoji"];
+      sansSerif = ["Noto Sans" "Noto Color Emoji"];
+      monospace = ["JetBrainsMono Nerd Font" "Noto Color Emoji"];
+      emoji = ["Noto Color Emoji"];
    };
  };

@@ -63,15 +114,12 @@
    enable = true;
    settings = {
      X11Forwarding = true;
-      PermitRootLogin = "no";         # disable root login
+      PermitRootLogin = "no"; # disable root login
      PasswordAuthentication = false; # disable password login
    };
    openFirewall = true;
  };

-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
-
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
@@ -80,13 +128,13 @@
    curl
    git
    sysstat
-    lm_sensors  # for `sensors` command
+    lm_sensors # for `sensors` command
    # minimal screen capture tool, used by i3 blur lock to take a screenshot
    # print screen key is also bound to this tool in i3 config
    scrot
    neofetch
-    xfce.thunar  # xfce4's file manager
-    nnn          # terminal file manager
+    xfce.thunar # xfce4's file manager
+    nnn # terminal file manager
  ];

  # Enable sound with pipewire.
@@ -98,7 +146,7 @@
  security.polkit.enable = true;

  services = {
-    dbus.packages = [ pkgs.gcr ];
+    dbus.packages = [pkgs.gcr];

    geoclue2.enable = true;

@@ -115,16 +163,6 @@
      #media-session.enable = true;
    };

-    udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
+    udev.packages = with pkgs; [gnome.gnome-settings-daemon];
  };
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.ryan = {
-    isNormalUser = true;
-    description = "ryan";
-    extraGroups = [ "networkmanager" "wheel" ];
-    openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJx3Sk20pLL1b2PPKZey2oTyioODrErq83xG78YpFBoj admin@ryan-MBP"
-    ];
-  };
-}
+}