refactor(sys): Modularize and move to `modules/system` or `pkgs`

1 files changed, 53 insertions, 0 deletions

diff --git a/modules/system/services/nix/default.nix b/modules/system/services/nix/default.nix
new file mode 100644
index 00000000..65fc7273
--- /dev/null
+++ b/modules/system/services/nix/default.nix
@@ -0,0 +1,53 @@
+{
+  pkgs,
+
+  # flakes
+  nixpkgs_as_input,
+  templates,
+  self,
+  ...
+}: {
+  nix = {
+    package = pkgs.nixVersions.latest;
+
+    # Disable nix channels  (this is a remnant of old days)
+    channel.enable = false;
+
+    registry = {
+      nixpkgs.flake = nixpkgs_as_input;
+      n.flake = self; # Otherwise the nixpkgs config is not available
+
+      t.flake = templates;
+
+      my_flake.flake = self;
+      m.flake = self;
+    };
+
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 7d";
+    };
+
+    settings = {
+      auto-optimise-store = true;
+      experimental-features = [
+        "nix-command"
+        "flakes"
+        #"ca-derivations"
+      ];
+
+      use-xdg-base-directories = true;
+
+      #substituters = ["https://cache.ngi0.nixos.org/"];
+      #trusted-public-keys = ["cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA="];
+
+      fallback = true; # Build from source, if binary can't be substituted
+
+      keep-failed = true; # keep failed tmp build dirs
+      pure-eval = true; # restrict file system and network access to hash
+
+      sandbox-fallback = false; # Don't disable the sandbox, if the kernel doesn't support it
+    };
+  };
+}