nixos-config/modules/nix.nix

{ config, inputs, lib, pkgs, ... }:
let
  # Adapted from https://nixos.wiki/wiki/Overlays
  overlaysCompat = pkgs.writeTextFile {
    name = "overlays-compat";
    destination = "/overlays.nix";
    text = /* nix */ ''
      self: super:
      with super.lib;
      let
        # Load the system config and get the `nixpkgs.overlays` option
        # This fails gracefully if getFlake is not available
        overlays = if builtins.hasAttr "getFlake" builtins
          then (builtins.getFlake "/var/src/config").nixosConfigurations.${config.networking.hostName}.config.nixpkgs.overlays
          else [ ];
      in
        # Apply all overlays to the input of the current "main" overlay
        foldl' (flip extends) (_: super) overlays self
    '';
  };
in
{
  sops.secrets = lib.mkIf config.sbruder.trusted {
    binary-cache-secret-key = { };
    nix-netrc = {
      group = "wheel";
      mode = "0440";
    };
  };

  nix = {
    # nix with flake support
    package = pkgs.nixUnstable;

    registry = with inputs; {
      nixpkgs.flake = nixpkgs;
      nixpkgs-unstable.flake = nixpkgs-unstable;
    };

    nixPath = [
      "nixpkgs=${inputs.nixpkgs}"
      "nixpkgs-overlays=${overlaysCompat}"
    ];
    # Make sudoers trusted nix users
    trustedUsers = [ "@wheel" ];

    binaryCaches = [
      "https://nix-cache.sbruder.de/"
    ];
    binaryCachePublicKeys = [
      "nix-cache.sbruder.de-1:bU13eF6IMMW2hgO7StgB6JCAoZPeAQ27NAzV0kru1XM="
    ];

    # On-the-fly optimisation of nix store
    autoOptimiseStore = true;
    extraOptions = ''
      experimental-features = nix-command flakes
    '' + lib.optionalString config.sbruder.trusted ''
      # Binary cache upload
      secret-key-files = ${config.sops.secrets.binary-cache-secret-key.path}
      netrc-file = ${config.sops.secrets.nix-netrc.path}
    '' + lib.optionalString config.sbruder.full ''
      # Keep output of derivations with gc root
      keep-outputs = true
      keep-derivations = true
    '';

    # Make nix build in background less noticeable
    daemonNiceLevel = 10;
    daemonIONiceLevel = 5; # 0-7
  };

  nixpkgs.overlays = with inputs; [
    self.overlay
    nixpkgs-overlay.overlay
    (final: prev: {
      unstable = import nixpkgs-unstable {
        inherit (config.nixpkgs)
          config
          overlays
          system;
      };
    })

    AriaNg.overlay
  ];

  environment.systemPackages = with pkgs; [
    cached-nix-shell
  ];
}