From 50c3198e039e68c093c04772619936eb23e938b9 Mon Sep 17 00:00:00 2001
From: Gerg-L <GregLeyda@proton.me>
Date: Wed, 15 Feb 2023 22:53:36 -0500
Subject: [PATCH] don't set trusted-users AND allowed-users allowed-users will
 override trusted-users

---
 flake.lock         | 12 ++++++------
 flake.nix          |  2 +-
 imports/shells.nix | 12 ++++++------
 imports/sxhkd.nix  |  8 ++------
 imports/vfio.nix   |  2 +-
 nix.nix            | 16 +++++++++++++---
 6 files changed, 29 insertions(+), 23 deletions(-)

diff --git a/flake.lock b/flake.lock
index da3ced5..4599075 100644
--- a/flake.lock
+++ b/flake.lock
@@ -115,11 +115,11 @@
     },
     "master": {
       "locked": {
-        "lastModified": 1676507325,
-        "narHash": "sha256-DXQkbOlKV+mYOvxpprWqEKYe3a3K4yHyI6flLyv9mJ8=",
+        "lastModified": 1676518424,
+        "narHash": "sha256-OsJSBwl9Hayh/bmxDtUyxm2U6btaBHuLvviE9KpMmwQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "705cb7dbcb5b9aaf2202ee3493865aec470f4b79",
+        "rev": "a592a97fcedae7a06b8506623b25fd38a032ad13",
         "type": "github"
       },
       "original": {
@@ -250,11 +250,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1676345796,
-        "narHash": "sha256-MmnPogmVVzNRyh2oMfqQAeLTeEFH6pAzDW4AziJ8WXA=",
+        "lastModified": 1676518460,
+        "narHash": "sha256-RS0QNSofkjv+4zpxzgvxJ9yd9syhB9Vv4qMQ7m+DSbc=",
         "owner": "Gerg-L",
         "repo": "nvim-flake",
-        "rev": "0a98d7046f0bf7785f38af4eeeefbd1ef39e9476",
+        "rev": "e8c8de7c88722a73e3fa73e35e6af50cf7ccb3ff",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index 9b78055..e716dd8 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,5 +1,5 @@
 {
-  inputs = {
+  inputs = rec {
     #channels
     master.url = "github:NixOS/nixpkgs";
     unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
diff --git a/imports/shells.nix b/imports/shells.nix
index f745fd5..11ffc10 100644
--- a/imports/shells.nix
+++ b/imports/shells.nix
@@ -34,12 +34,12 @@
       #paste link trick
       pastebin = "curl -F 'clbin=<-' https://clbin.com";
       #nix stuff
-      update = "nix flake update /etc/nixos/#";
-      switch = "nixos-rebuild switch";
-      boot = "nixos-rebuild boot";
-      clean = "nix-collect-garbage -d";
-      gc-force = "rm /nix/var/nix/gcroots/auto/*";
-      gc-check = "find -H /nix/var/nix/gcroots/auto -type l | xargs -I {} sh -c 'readlink {}; realpath {}; echo' | page";
+      nix-update = "nix flake update /etc/nixos/# ";
+      nix-switch = "nixos-rebuild switch --use-remote-sudo";
+      nix-boot = "nixos-rebuild boot --use-remote-sudo";
+      nix-clean = "nix-collect-garbage -d";
+      nix-gc-force = "rm /nix/var/nix/gcroots/auto/*";
+      nix-gc-check = "sudo nix-store --gc --print-roots | egrep -v \"^(/nix/var|/run/\w+-system|\{memory|/proc)\"";
       #vim stuff
       vi = "nvim";
       vim = "nvim";
diff --git a/imports/sxhkd.nix b/imports/sxhkd.nix
index 4cfbc16..9cad6ea 100644
--- a/imports/sxhkd.nix
+++ b/imports/sxhkd.nix
@@ -2,13 +2,9 @@
   pkgs,
   settings,
   ...
-}: let
-  mpkgs = import master {
-    inherit (pkgs) system;
-  };
-in {
+}:{
   environment.systemPackages = [
-    mpkgs.maim #screenshooter
+    master.legacyPackages.${pkgs.system}.maim #screenshooter
     pkgs.brightnessctl #brightness control for laptop
     pkgs.playerctl #music control
     pkgs.xclip
diff --git a/imports/vfio.nix b/imports/vfio.nix
index 7a9e98a..dd19fe3 100644
--- a/imports/vfio.nix
+++ b/imports/vfio.nix
@@ -26,7 +26,7 @@ _: {
     };
   };
   environment = {
-    systemPackages = with pkgs; [virt-manager];
+    systemPackages = [pkgs.virt-manager];
     shellAliases = {
       vm-start = "virsh start Windows";
       vm-stop = "virsh shutdown Windows";
diff --git a/nix.nix b/nix.nix
index c7bef11..f1669ac 100644
--- a/nix.nix
+++ b/nix.nix
@@ -1,4 +1,8 @@
-{nix, ...}: {
+{
+  nix,
+  unstable,
+  ...
+}: {
   inputs,
   lib,
   pkgs,
@@ -6,7 +10,7 @@
   ...
 }: {
   nix = {
-    package = lib.mkDefault nix.packages.${pkgs.system}.nix;
+    package = nix.packages.${pkgs.system}.nix;
     #automatically get registry from input flakes
     registry =
       (
@@ -25,7 +29,7 @@
       )
       // {system = {flake = self;};};
     #automatically add registry entries to nixPath
-    nixPath = (lib.mapAttrsToList (name: value: name + "=" + value) inputs) ++ [("system=" + ./.)];
+    nixPath = (lib.mapAttrsToList (name: value: name + "=" + value) inputs) ++ ["system=${self}" "nixpkgs=${unstable}"];
     settings = {
       experimental-features = ["nix-command" "flakes" "repl-flake"];
       auto-optimise-store = true;
@@ -33,6 +37,12 @@
       flake-registry = builtins.toFile "empty-flake-registry.json" ''{"flakes":[],"version":2}'';
       keep-outputs = true;
       keep-derivations = true;
+       trusted-users = [
+        "root"
+        "@wheel"
+      ];
+      allowed-users = [
+      ];
     };
   };
   environment.etc."booted-system".source = self;