don't set trusted-users AND allowed-users

allowed-users will override trusted-users

flake.lock

@@ -115,11 +115,11 @@
     },
     "master": {
       "locked": {
-        "lastModified": 1676507325,
+        "lastModified": 1676518424,
-        "narHash": "sha256-DXQkbOlKV+mYOvxpprWqEKYe3a3K4yHyI6flLyv9mJ8=",
+        "narHash": "sha256-OsJSBwl9Hayh/bmxDtUyxm2U6btaBHuLvviE9KpMmwQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "705cb7dbcb5b9aaf2202ee3493865aec470f4b79",
+        "rev": "a592a97fcedae7a06b8506623b25fd38a032ad13",
         "type": "github"
       },
       "original": {
@@ -250,11 +250,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1676345796,
+        "lastModified": 1676518460,
-        "narHash": "sha256-MmnPogmVVzNRyh2oMfqQAeLTeEFH6pAzDW4AziJ8WXA=",
+        "narHash": "sha256-RS0QNSofkjv+4zpxzgvxJ9yd9syhB9Vv4qMQ7m+DSbc=",
         "owner": "Gerg-L",
         "repo": "nvim-flake",
-        "rev": "0a98d7046f0bf7785f38af4eeeefbd1ef39e9476",
+        "rev": "e8c8de7c88722a73e3fa73e35e6af50cf7ccb3ff",
         "type": "github"
       },
       "original": {

flake.nix

@@ -1,5 +1,5 @@
 {
-  inputs = {
+  inputs = rec {
     #channels
     master.url = "github:NixOS/nixpkgs";
     unstable.url = "github:NixOS/nixpkgs/nixos-unstable";

imports/shells.nix

@@ -34,12 +34,12 @@
       #paste link trick
       pastebin = "curl -F 'clbin=<-' https://clbin.com";
       #nix stuff
-      update = "nix flake update /etc/nixos/#";
+      nix-update = "nix flake update /etc/nixos/# ";
-      switch = "nixos-rebuild switch";
+      nix-switch = "nixos-rebuild switch --use-remote-sudo";
-      boot = "nixos-rebuild boot";
+      nix-boot = "nixos-rebuild boot --use-remote-sudo";
-      clean = "nix-collect-garbage -d";
+      nix-clean = "nix-collect-garbage -d";
-      gc-force = "rm /nix/var/nix/gcroots/auto/*";
+      nix-gc-force = "rm /nix/var/nix/gcroots/auto/*";
-      gc-check = "find -H /nix/var/nix/gcroots/auto -type l | xargs -I {} sh -c 'readlink {}; realpath {}; echo' | page";
+      nix-gc-check = "sudo nix-store --gc --print-roots | egrep -v \"^(/nix/var|/run/\w+-system|\{memory|/proc)\"";
       #vim stuff
       vi = "nvim";
       vim = "nvim";

imports/sxhkd.nix

@@ -2,13 +2,9 @@
   pkgs,
   settings,
   ...
-}: let
+}:{
-  mpkgs = import master {
-    inherit (pkgs) system;
-  };
-in {
   environment.systemPackages = [
-    mpkgs.maim #screenshooter
+    master.legacyPackages.${pkgs.system}.maim #screenshooter
     pkgs.brightnessctl #brightness control for laptop
     pkgs.playerctl #music control
     pkgs.xclip

imports/vfio.nix

@@ -26,7 +26,7 @@ _: {
     };
   };
   environment = {
-    systemPackages = with pkgs; [virt-manager];
+    systemPackages = [pkgs.virt-manager];
     shellAliases = {
       vm-start = "virsh start Windows";
       vm-stop = "virsh shutdown Windows";

nix.nix

@@ -1,4 +1,8 @@
-{nix, ...}: {
+{
+  nix,
+  unstable,
+  ...
+}: {
   inputs,
   lib,
   pkgs,
@@ -6,7 +10,7 @@
   ...
 }: {
   nix = {
-    package = lib.mkDefault nix.packages.${pkgs.system}.nix;
+    package = nix.packages.${pkgs.system}.nix;
     #automatically get registry from input flakes
     registry =
       (
@@ -25,7 +29,7 @@
       )
       // {system = {flake = self;};};
     #automatically add registry entries to nixPath
-    nixPath = (lib.mapAttrsToList (name: value: name + "=" + value) inputs) ++ [("system=" + ./.)];
+    nixPath = (lib.mapAttrsToList (name: value: name + "=" + value) inputs) ++ ["system=${self}" "nixpkgs=${unstable}"];
     settings = {
       experimental-features = ["nix-command" "flakes" "repl-flake"];
       auto-optimise-store = true;
@@ -33,6 +37,12 @@
       flake-registry = builtins.toFile "empty-flake-registry.json" ''{"flakes":[],"version":2}'';
       keep-outputs = true;
       keep-derivations = true;
+       trusted-users = [
+        "root"
+        "@wheel"
+      ];
+      allowed-users = [
+      ];
     };
   };
   environment.etc."booted-system".source = self;