Nix Settings Leaf
cells/core/nix-settings.nix sets the Nix daemon and NixOS-level package behavior for the base branch.
Up: core leaves
Down: base branch
What this leaf does
It enables flakes, sandboxing, trusted wheel users, substitute caches, garbage collection, registry pinning, the latest Nix package, unfree packages, and system.stateVersion from my.stateVersion.
nix.settings = {
sandbox = true;
experimental-features = [ "nix-command" "flakes" ];
trusted-users = [ "root" "@wheel" ];
};
system.stateVersion = config.my.stateVersion;Why it belongs to base
Every host that builds from this flake needs predictable Nix behavior. Putting it in base makes that behavior inherited by workstations without copying settings into each host.
Hardened mode
The leaf reads my.profile.security.level and adds stricter store free-space controls when the profile is hardened.
nix.settings = baseSettings // lib.optionalAttrs isHardened {
min-free = 2147483648;
max-free = 10737418240;
};