From e36875131bd1dd78d3527f982282d98d7bd8da36 Mon Sep 17 00:00:00 2001
From: xinyangli <lixinyang411@gmail.com>
Date: Wed, 17 Jul 2024 15:52:30 +0800
Subject: [PATCH] feat(modules): move nix settings to a seperate module

---
 flake.lock                         | 12 +++----
 home/xin/common/default.nix        |  5 +--
 machines/calcite/configuration.nix | 21 +++---------
 machines/dolomite/default.nix      |  4 ---
 machines/massicot/default.nix      | 15 ---------
 machines/raspite/configuration.nix | 14 ++------
 modules/nixos/common-nix-conf.nix  | 51 ++++++++++++++++++++++++++++++
 modules/nixos/default.nix          |  1 +
 8 files changed, 66 insertions(+), 57 deletions(-)
 create mode 100644 modules/nixos/common-nix-conf.nix

diff --git a/flake.lock b/flake.lock
index 4e0d662..299f626 100644
--- a/flake.lock
+++ b/flake.lock
@@ -174,16 +174,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1720768451,
-        "narHash": "sha256-EYekUHJE2gxeo2pM/zM9Wlqw1Uw2XTJXOSAO79ksc4Y=",
-        "owner": "nixos",
+        "lastModified": 1721187324,
+        "narHash": "sha256-QA/hwTo9TsEbtTxFjHdyIopyRqVbC3psML9D1CuSGcg=",
+        "owner": "xinyangli",
         "repo": "nixpkgs",
-        "rev": "7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9",
+        "rev": "5a00e83edebdcf87790dfa0a304b092f4e3ed694",
         "type": "github"
       },
       "original": {
-        "owner": "nixos",
-        "ref": "nixos-unstable",
+        "owner": "xinyangli",
+        "ref": "deploy",
         "repo": "nixpkgs",
         "type": "github"
       }
diff --git a/home/xin/common/default.nix b/home/xin/common/default.nix
index 0eb2bae..6957c4d 100644
--- a/home/xin/common/default.nix
+++ b/home/xin/common/default.nix
@@ -20,9 +20,6 @@
     inetutils
   ];
 
+  # Required for standalone home configuration
   nix.package = lib.mkForce pkgs.nixVersions.latest;
-  nix.extraOptions = ''
-    extra-substituters = https://nix-community.cachix.org
-    extra-trusted-public-keys = nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
-  '';
 }
diff --git a/machines/calcite/configuration.nix b/machines/calcite/configuration.nix
index 458e1db..d5a152f 100644
--- a/machines/calcite/configuration.nix
+++ b/machines/calcite/configuration.nix
@@ -9,6 +9,10 @@
       ../sops.nix
     ];
 
+  commonSettings = {
+    nix.enableMirrors = true;
+  };
+
   # Bootloader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
@@ -229,23 +233,6 @@
 
   system.stateVersion = "22.05";
 
-  # Use mirror for binary cache
-  nix.settings.substituters = [
-    "https://mirrors.bfsu.edu.cn/nix-channels/store"
-    "https://mirrors.ustc.edu.cn/nix-channels/store"
-  ];
-  nix.gc = {
-    automatic = true;
-    dates = "weekly";
-    options = "--delete-older-than 30d";
-  };
-  nix.optimise.automatic = true;
-
-  nix.settings = {
-    experimental-features = [ "nix-command" "flakes" ];
-    auto-optimise-store = true;
-    trusted-users = [ "xin" "root" ];
-  };
   nix.extraOptions = ''
     !include "${config.sops.secrets.github_public_token.path}"
   '';
diff --git a/machines/dolomite/default.nix b/machines/dolomite/default.nix
index 69ac5cc..3965655 100644
--- a/machines/dolomite/default.nix
+++ b/machines/dolomite/default.nix
@@ -79,10 +79,6 @@ in
       wheelNeedsPassword = false;
     };
 
-    nix.settings = {
-      trusted-users = [ "root" ];
-    };
-
     services.sing-box = let
       singTls = {
         enabled = true;
diff --git a/machines/massicot/default.nix b/machines/massicot/default.nix
index b96499a..66c7b50 100644
--- a/machines/massicot/default.nix
+++ b/machines/massicot/default.nix
@@ -46,21 +46,6 @@
     git
   ];
 
-  nix.settings = {
-    experimental-features = [ "nix-command" "flakes" ];
-    substituters = "https://cache.garnix.io";
-    trusted-public-keys = "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=";
-  };
-
-  nix.gc = {
-    automatic = true;
-    dates = "weekly";
-    options = "--delete-older-than 7d";
-  };
-  nix.optimise.automatic = true;
-  nix.settings.auto-optimise-store = true;
-
-
   system.stateVersion = "22.11";
   
   networking = {
diff --git a/machines/raspite/configuration.nix b/machines/raspite/configuration.nix
index 489032b..71bc747 100644
--- a/machines/raspite/configuration.nix
+++ b/machines/raspite/configuration.nix
@@ -4,6 +4,9 @@
   imports = [
     ./hass.nix
   ];
+
+  commonSettings.nix.enableMirrors = true;
+
   nixpkgs.overlays = [
     # Workaround https://github.com/NixOS/nixpkgs/issues/126755#issuecomment-869149243
     (final: super: {
@@ -18,13 +21,6 @@
     raspberrypi-eeprom
   ];
 
-  # Use mirror for binary cache
-  nix.settings.substituters = [
-    "https://mirrors.bfsu.edu.cn/nix-channels/store"
-    "https://mirrors.ustc.edu.cn/nix-channels/store"
-  ];
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
-
   system.stateVersion = "24.05";
   
   networking = {
@@ -51,10 +47,6 @@
     wheelNeedsPassword = false;
   };
 
-  nix.settings = {
-    trusted-users = [ "@wheel" ];
-  };
-
   # fileSystems."/".fsType = lib.mkForce "btrfs";
   boot.supportedFilesystems.zfs = lib.mkForce false;
 
diff --git a/modules/nixos/common-nix-conf.nix b/modules/nixos/common-nix-conf.nix
new file mode 100644
index 0000000..00929ce
--- /dev/null
+++ b/modules/nixos/common-nix-conf.nix
@@ -0,0 +1,51 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib) mkIf mkEnableOption mkOption types;
+
+  cfg = config.commonSettings.nix;
+in
+{
+  options.commonSettings.nix = {
+    enable = mkOption {
+      default = true;
+      type = types.bool;
+    };
+    enableMirrors = mkEnableOption "cache.nixos.org mirrors in Mainland China";
+  };
+
+  config = mkIf cfg.enable {
+    nix.package = pkgs.nixVersions.latest;
+
+    nix.gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 30d";
+    };
+
+    nix.optimise.automatic = true;
+
+    nix.settings = {
+      experimental-features = [ "nix-command" "flakes" ];
+      auto-optimise-store = true;
+      trusted-users = [ "root" ];
+
+      substituters = [
+        "https://nix-community.cachix.org"
+        "https://cache.garnix.io"
+      ];
+
+      extra-substituters = mkIf cfg.enableMirrors [
+        "https://mirrors.bfsu.edu.cn/nix-channels/store"
+        "https://mirrors.ustc.edu.cn/nix-channels/store"
+      ];
+
+      trusted-public-keys = [
+        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+        "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
+      ];
+    };
+  };
+}
+
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index c3d43a0..0d64656 100644
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -1,6 +1,7 @@
 { config, pkgs, ... }:
 {
   imports = [
+    ./common-nix-conf.nix
     ./restic.nix
     ./vaultwarden.nix
     ./prometheus.nix