How to set up Cachix in flake-based NixOS config?

ivanbrennan · August 15, 2023, 8:28pm

I’m converting my nixos system configuration to flakes, and unsure of the correct way to set up Cachix.

My (non-flake) configuration.nix contains:

{ config, pkgs, ... }:
{
  imports = [
    ./cachix.nix
    # etc.
  ];
  # and plenty more...
}

where /etc/nixos/cachix.nix was generated imperatively by running:

cachix use nix-community

which generated /etc/nixos/cachix.nix:

# WARN: this file will get overwritten by $ cachix use <name>
{ pkgs, lib, ... }:

let
  folder = ./cachix;
  toImport = name: value: folder + ("/" + name);
  filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key;
  imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder));
in {
  inherit imports;
  nix.settings.substituters = ["https://cache.nixos.org/"];
}

and /etc/nixos/cachix/nix-community.nix

{
  nix = {
    settings = {
      substituters = [
        "https://nix-community.cachix.org"
      ];
      trusted-public-keys = [
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
    };
  };
}

I’m guessing I could leave it as is, but is there a more idiomatic way to do it in a flake-based system?

Would it make sense to do something like this in flake.nix?

{
  outputs = { self, nixpkgs }: {
    nixosConfigurations.myhost = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [
        ./configuration
        {
          nix.settings = {
            substituters = [
              "https://cache.nixos.org/"
              "https://nix-community.cachix.org"
            ];
            trusted-public-keys = [
              "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
            ];
          };
        }
      ];
    };
  };
}

domenkozar · August 16, 2023, 7:21am

Hey! Try this:

{
  nixConfig = {
    extra-substituters = [
      "https://nix-community.cachix.org"
    ];
    extra-trusted-public-keys = [
      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
    ];
  };

  inputs = ...
  outputs = ...
}

BriefNCounter · August 16, 2023, 7:46am

I actually rewound here - was a problem for me…will retry later

ivanbrennan · August 16, 2023, 12:24pm

Thanks! Out of curiosity, does setting this via the flake’s nixConfig have a different effect than setting it within the host configuration’s nix.settings? I think I recall reading that settings in a flake’s nixConfig would prompt the user for confirmation, but I might be misremembering.

domenkozar · August 16, 2023, 12:59pm

Yeah, you need to pass --accept-nix-config or accept them interactively.

ivanbrennan · August 16, 2023, 1:50pm

Ah, looks like the flag is --accept-flake-config.