nix-darwin/modules/system/checks.nix

{ config, lib, pkgs, ... }:

with lib;

let
  cfg = config.system.checks;

  darwinChanges = ''
    darwinChanges=/dev/null
    if test -e /run/current-system/darwin-changes; then
      darwinChanges=/run/current-system/darwin-changes
    fi

    darwinChanges=$(diff --changed-group-format='%>' --unchanged-group-format= /run/current-system/darwin-changes $systemConfig/darwin-changes 2> /dev/null) || true
    if test -n "$darwinChanges"; then
      echo >&2
      echo "[1;1mCHANGELOG[0m" >&2
      echo >&2
      echo "$darwinChanges" >&2
      echo >&2
    fi
  '';

  runLink = ''
    if ! test -e /run; then
        echo "[1;31merror: Directory /run does not exist, aborting activation[0m" >&2
        echo "Create a symlink to /var/run with:" >&2
        echo >&2
        echo "    sudo ln -s private/var/run /run" >&2
        echo >&2
        exit 2
    fi
  '';

  buildUsers = ''
    buildUser=$(dscl . -read /Groups/nixbld GroupMembership 2>&1 | awk '/^GroupMembership: / {print $2}') || true
    if [ -z $buildUser ]; then
        echo "[1;31merror: Using the nix-daemon requires build users, aborting activation[0m" >&2
        echo "Create the build users or disable the daemon:" >&2
        echo "$ ./bootstrap -u" >&2
        echo >&2
        echo "or set" >&2
        echo >&2
        echo "    services.nix-daemon.enable = false;" >&2
        echo >&2
        exit 2
    fi
  '';

  nixChannels = ''
    channelsLink=$(readlink "$HOME/.nix-defexpr/channels") || true
    case "$channelsLink" in
      *"$USER"*)
        ;;
      "")
        ;;
      *)
        echo "[1;31merror: The ~/.nix-defexpr/channels symlink does not point your users channels, aborting activation[0m" >&2
        echo "Running nix-channel will regenerate it" >&2
        echo >&2
        echo "    rm ~/.nix-defexpr/channels" >&2
        echo "    nix-channel --update" >&2
        echo >&2
        exit 2
        ;;
    esac
  '';

  nixInstaller = ''
    if grep -q 'etc/profile.d/nix-daemon.sh' /etc/profile; then
        echo "[1;31merror: Found nix-daemon.sh reference in /etc/profile, aborting activation[0m" >&2
        echo "This will override options like nix.nixPath because it runs later," >&2
        echo "remove this snippet from /etc/profile:" >&2
        echo >&2
        echo "    # Nix" >&2
        echo "    if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then" >&2
        echo "      . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'" >&2
        echo "    fi" >&2
        echo "    # End Nix" >&2
        echo >&2
        exit 2
    fi
  '';

  nixPath = ''
    darwinConfig=$(NIX_PATH=${concatStringsSep ":" config.nix.nixPath} nix-instantiate --find-file darwin-config) || true
    if ! test -e "$darwinConfig"; then
        echo "[1;31merror: Changed <darwin-config> but target does not exist, aborting activation[0m" >&2
        echo "Create ''${darwinConfig:-~/.nixpkgs/darwin-configuration.nix} or set environment.darwinConfig:" >&2
        echo >&2
        echo "    environment.darwinConfig = \"$(nix-instantiate --find-file darwin-config 2> /dev/null || echo '***')\";" >&2
        echo >&2
        echo "And rebuild using (only required once)" >&2
        echo "$ darwin-rebuild switch -I \"darwin-config=$(nix-instantiate --find-file darwin-config 2> /dev/null || echo '***')\"" >&2
        echo >&2
        echo >&2
        exit 2
    fi

    darwinPath=$(NIX_PATH=${concatStringsSep ":" config.nix.nixPath} nix-instantiate --find-file darwin) || true
    if ! test -e "$darwinPath"; then
        echo "[1;31merror: Changed <darwin> but target does not exist, aborting activation[0m" >&2
        echo "Add the darwin repo as a channel or set nix.nixPath:" >&2
        echo "$ nix-channel --add https://github.com/LnL7/nix-darwin/archive/master.tar.gz darwin" >&2
        echo "$ nix-channel --update" >&2
        echo >&2
        echo "or set" >&2
        echo >&2
        echo "    nix.nixPath = [ \"darwin=$(nix-instantiate --find-file darwin 2> /dev/null || echo '***')\" ];" >&2
        echo >&2
        exit 2
    fi

    nixpkgsPath=$(NIX_PATH=${concatStringsSep ":" config.nix.nixPath} nix-instantiate --find-file nixpkgs) || true
    if ! test -e "$nixpkgsPath"; then
        echo "[1;31merror: Changed <nixpkgs> but target does not exist, aborting activation[0m" >&2
        echo "Add a nixpkgs channel or set nix.nixPath:" >&2
        echo "$ nix-channel --add http://nixos.org/channels/nixpkgs-unstable nixpkgs" >&2
        echo "$ nix-channel --update" >&2
        echo >&2
        echo "or set" >&2
        echo >&2
        echo "    nix.nixPath = [ \"nixpkgs=$(nix-instantiate --find-file nixpkgs 2> /dev/null || echo '***')\" ];" >&2
        echo >&2
        exit 2
    fi
  '';

  nixStore = ''
    if test -w /nix/var/nix/db -a ! -O /nix/store; then
        echo >&2 "[1;31merror: the store is not owned by this user, but /nix/var/nix/db is writable[0m"
        echo >&2 "If you are using the daemon:"
        echo >&2
        echo >&2 "    sudo chown -R /nix/var/nix/db"
        echo >&2
        exit 2
    fi
  '';

  nixGarbageCollector = ''
    if test -O /nix/store; then
        echo "[1;31merror: A single-user install can't run gc as root, aborting activation[0m" >&2
        echo "Configure the garbage collector to run as the current user:" >&2
        echo >&2
        echo "    nix.gc.user = \"$USER\";" >&2
        echo >&2
        exit 2
    fi
  '';
in

{
  options = {
    system.checks.verifyNixPath = mkOption {
      type = types.bool;
      default = true;
      description = "Whether to run the NIX_PATH validation checks.";
    };

    system.checks.text = mkOption {
      internal = true;
      type = types.lines;
      default = "";
    };
  };

  config = {

    system.checks.text = mkMerge [
      darwinChanges
      runLink
      (mkIf config.services.nix-daemon.enable buildUsers)
      nixStore
      (mkIf (config.nix.gc.automatic && config.nix.gc.user == null) nixGarbageCollector)
      nixChannels
      nixInstaller
      (mkIf cfg.verifyNixPath nixPath)
    ];

    system.activationScripts.checks.text = ''
      ${cfg.text}

      if test ''${checkActivation:-0} -eq 1; then
        echo "ok" >&2
        exit 0
      fi
    '';

  };
}
-												add activation-checks

											
										
										
											2017-07-23 16:05:46 +02:00
+								{ config, lib, pkgs, ... }:
 								with lib;
 								let
-												checks: generalize and make them more configurable

All the checks are now aggregated in system.checks.text making it easy
to allow certain checks to be disabled as well as disabling them
alltogether if desired. eg.

    # Disable all checks.
    system.checks.text = mkForce "";

Fixes #117

											
										
										
											2019-01-02 21:13:45 +01:00
+								  cfg = config.system.checks;
-												darwin: show CHANGELOG during activation

											
										
										
											2017-07-23 18:56:37 +02:00
+								  darwinChanges = ''
-												activation-checks: show initial changelog

											
										
										
											2017-08-01 22:59:19 +02:00
+								    darwinChanges=/dev/null
-												darwin: show CHANGELOG during activation

											
										
										
											2017-07-23 18:56:37 +02:00
+								    if test -e /run/current-system/darwin-changes; then
-												activation-checks: show initial changelog

											
										
										
											2017-08-01 22:59:19 +02:00
+								      darwinChanges=/run/current-system/darwin-changes
 								    fi
 								    darwinChanges=$(diff --changed-group-format='%>' --unchanged-group-format= /run/current-system/darwin-changes $systemConfig/darwin-changes 2> /dev/null) || true
 								    if test -n "$darwinChanges"; then
 								      echo >&2
 								      echo "[1;1mCHANGELOG[0m" >&2
 								      echo >&2
 								      echo "$darwinChanges" >&2
 								      echo >&2
-												darwin: show CHANGELOG during activation

											
										
										
											2017-07-23 18:56:37 +02:00
+								    fi
 								  '';
-												checks: add test for /run

											
										
										
											2018-01-13 22:50:48 +01:00
+								  runLink = ''
 								    if ! test -e /run; then
 								        echo "[1;31merror: Directory /run does not exist, aborting activation[0m" >&2
 								        echo "Create a symlink to /var/run with:" >&2
 								        echo >&2
 								        echo "    sudo ln -s private/var/run /run" >&2
 								        echo >&2
 								        exit 2
 								    fi
 								  '';
-												checks: generalize and make them more configurable

All the checks are now aggregated in system.checks.text making it easy
to allow certain checks to be disabled as well as disabling them
alltogether if desired. eg.

    # Disable all checks.
    system.checks.text = mkForce "";

Fixes #117

											
										
										
											2019-01-02 21:13:45 +01:00
+								  buildUsers = ''
-												activation-checks: remove set +e

											
										
										
											2017-07-23 19:07:04 +02:00
+								    buildUser=$(dscl . -read /Groups/nixbld GroupMembership 2>&1 | awk '/^GroupMembership: / {print $2}') || true
-												add activation-checks

											
										
										
											2017-07-23 16:05:46 +02:00
+								    if [ -z $buildUser ]; then
-												activation-checks: add NIX_PATH check for darwin

											
										
										
											2017-07-23 17:23:09 +02:00
+								        echo "[1;31merror: Using the nix-daemon requires build users, aborting activation[0m" >&2
 								        echo "Create the build users or disable the daemon:" >&2
 								        echo "$ ./bootstrap -u" >&2
 								        echo >&2
 								        echo "or set" >&2
 								        echo >&2
 								        echo "    services.nix-daemon.enable = false;" >&2
 								        echo >&2
 								        exit 2
 								    fi
 								  '';
-												activation-checks: add check for user channels

											
										
										
											2017-09-06 23:55:14 +02:00
+								  nixChannels = ''
 								    channelsLink=$(readlink "$HOME/.nix-defexpr/channels") || true
 								    case "$channelsLink" in
 								      *"$USER"*)
 								        ;;
 								      "")
 								        ;;
 								      *)
-												checks: add test for /run

											
										
										
											2018-01-13 22:50:48 +01:00
+								        echo "[1;31merror: The ~/.nix-defexpr/channels symlink does not point your users channels, aborting activation[0m" >&2
-												activation-checks: add check for user channels

											
										
										
											2017-09-06 23:55:14 +02:00
+								        echo "Running nix-channel will regenerate it" >&2
 								        echo >&2
 								        echo "    rm ~/.nix-defexpr/channels" >&2
 								        echo "    nix-channel --update" >&2
 								        echo >&2
 								        exit 2
 								        ;;
 								    esac
 								  '';
-												checks: add /etc/profile check from bootstrap script

											
										
										
											2018-01-13 19:44:26 +01:00
+								  nixInstaller = ''
 								    if grep -q 'etc/profile.d/nix-daemon.sh' /etc/profile; then
 								        echo "[1;31merror: Found nix-daemon.sh reference in /etc/profile, aborting activation[0m" >&2
 								        echo "This will override options like nix.nixPath because it runs later," >&2
 								        echo "remove this snippet from /etc/profile:" >&2
 								        echo >&2
 								        echo "    # Nix" >&2
 								        echo "    if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then" >&2
 								        echo "      . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'" >&2
 								        echo "    fi" >&2
 								        echo "    # End Nix" >&2
 								        echo >&2
 								        exit 2
 								    fi
 								  '';
-												darwin: show CHANGELOG during activation

											
										
										
											2017-07-23 18:56:37 +02:00
+								  nixPath = ''
-												darwin: replace usages of nix-instantiate --eval with --find-file

											
										
										
											2019-02-24 22:27:41 +01:00
+								    darwinConfig=$(NIX_PATH=${concatStringsSep ":" config.nix.nixPath} nix-instantiate --find-file darwin-config) || true
-												activation-checks: add NIX_PATH check for nixpkgs

											
										
										
											2017-07-23 17:49:38 +02:00
+								    if ! test -e "$darwinConfig"; then
-												activation-checks: add NIX_PATH check for darwin-config

											
										
										
											2017-07-23 17:28:58 +02:00
+								        echo "[1;31merror: Changed <darwin-config> but target does not exist, aborting activation[0m" >&2
-												darwin: replace usages of nix-instantiate --eval with --find-file

											
										
										
											2019-02-24 22:27:41 +01:00
+								        echo "Create ''${darwinConfig:-~/.nixpkgs/darwin-configuration.nix} or set environment.darwinConfig:" >&2
-												checks: update and improve darwin-config message

Now that environment.darwinConfig exists it's a better choice otherwise
multiple NIX_PATH entries need to be added.

											
										
										
											2018-08-26 14:47:40 +02:00
+								        echo >&2
-												darwin: replace usages of nix-instantiate --eval with --find-file

											
										
										
											2019-02-24 22:27:41 +01:00
+								        echo "    environment.darwinConfig = \"$(nix-instantiate --find-file darwin-config 2> /dev/null || echo '***')\";" >&2
-												checks: update and improve darwin-config message

Now that environment.darwinConfig exists it's a better choice otherwise
multiple NIX_PATH entries need to be added.

											
										
										
											2018-08-26 14:47:40 +02:00
+								        echo >&2
 								        echo "And rebuild using (only required once)" >&2
-												darwin: replace usages of nix-instantiate --eval with --find-file

											
										
										
											2019-02-24 22:27:41 +01:00
+								        echo "$ darwin-rebuild switch -I \"darwin-config=$(nix-instantiate --find-file darwin-config 2> /dev/null || echo '***')\"" >&2
-												activation-checks: add NIX_PATH check for darwin-config

											
										
										
											2017-07-23 17:28:58 +02:00
+								        echo >&2
 								        echo >&2
 								        exit 2
 								    fi
-												darwin: replace usages of nix-instantiate --eval with --find-file

											
										
										
											2019-02-24 22:27:41 +01:00
+								    darwinPath=$(NIX_PATH=${concatStringsSep ":" config.nix.nixPath} nix-instantiate --find-file darwin) || true
-												activation-checks: add NIX_PATH check for nixpkgs

											
										
										
											2017-07-23 17:49:38 +02:00
+								    if ! test -e "$darwinPath"; then
-												activation-checks: add NIX_PATH check for darwin

											
										
										
											2017-07-23 17:23:09 +02:00
+								        echo "[1;31merror: Changed <darwin> but target does not exist, aborting activation[0m" >&2
-												activation-checks: improve NIX_PATH warnings

											
										
										
											2017-08-07 20:09:59 +02:00
+								        echo "Add the darwin repo as a channel or set nix.nixPath:" >&2
-												nix: include user channels in NIX_PATH

											
										
										
											2017-09-06 23:37:34 +02:00
+								        echo "$ nix-channel --add https://github.com/LnL7/nix-darwin/archive/master.tar.gz darwin" >&2
 								        echo "$ nix-channel --update" >&2
-												activation-checks: add NIX_PATH check for darwin

											
										
										
											2017-07-23 17:23:09 +02:00
+								        echo >&2
 								        echo "or set" >&2
 								        echo >&2
-												darwin: replace usages of nix-instantiate --eval with --find-file

											
										
										
											2019-02-24 22:27:41 +01:00
+								        echo "    nix.nixPath = [ \"darwin=$(nix-instantiate --find-file darwin 2> /dev/null || echo '***')\" ];" >&2
-												activation-checks: add NIX_PATH check for darwin

											
										
										
											2017-07-23 17:23:09 +02:00
+								        echo >&2
-												add activation-checks

											
										
										
											2017-07-23 16:05:46 +02:00
+								        exit 2
 								    fi
-												activation-checks: add NIX_PATH check for nixpkgs

											
										
										
											2017-07-23 17:49:38 +02:00
-												darwin: replace usages of nix-instantiate --eval with --find-file

											
										
										
											2019-02-24 22:27:41 +01:00
+								    nixpkgsPath=$(NIX_PATH=${concatStringsSep ":" config.nix.nixPath} nix-instantiate --find-file nixpkgs) || true
-												activation-checks: add NIX_PATH check for nixpkgs

											
										
										
											2017-07-23 17:49:38 +02:00
+								    if ! test -e "$nixpkgsPath"; then
 								        echo "[1;31merror: Changed <nixpkgs> but target does not exist, aborting activation[0m" >&2
-												activation-checks: improve NIX_PATH warnings

											
										
										
											2017-08-07 20:09:59 +02:00
+								        echo "Add a nixpkgs channel or set nix.nixPath:" >&2
-												nix: include user channels in NIX_PATH

											
										
										
											2017-09-06 23:37:34 +02:00
+								        echo "$ nix-channel --add http://nixos.org/channels/nixpkgs-unstable nixpkgs" >&2
 								        echo "$ nix-channel --update" >&2
-												activation-checks: add NIX_PATH check for nixpkgs

											
										
										
											2017-07-23 17:49:38 +02:00
+								        echo >&2
 								        echo "or set" >&2
 								        echo >&2
-												darwin: replace usages of nix-instantiate --eval with --find-file

											
										
										
											2019-02-24 22:27:41 +01:00
+								        echo "    nix.nixPath = [ \"nixpkgs=$(nix-instantiate --find-file nixpkgs 2> /dev/null || echo '***')\" ];" >&2
-												activation-checks: add NIX_PATH check for nixpkgs

											
										
										
											2017-07-23 17:49:38 +02:00
+								        echo >&2
 								        exit 2
 								    fi
-												add activation-checks

											
										
										
											2017-07-23 16:05:46 +02:00
+								  '';
-												checks: fail when db permissions are wrong

											
										
										
											2018-01-18 00:12:38 +01:00
 								  nixStore = ''
 								    if test -w /nix/var/nix/db -a ! -O /nix/store; then
 								        echo >&2 "[1;31merror: the store is not owned by this user, but /nix/var/nix/db is writable[0m"
 								        echo >&2 "If you are using the daemon:"
 								        echo >&2
 								        echo >&2 "    sudo chown -R /nix/var/nix/db"
 								        echo >&2
 								        exit 2
 								    fi
 								  '';
-												nix-gc: add check for nix.gc.automatic

This hopefully avoids problems for people that try to enable the service
with a single-user install.

Fixes #118

											
										
										
											2019-01-02 20:46:39 +01:00
-												checks: generalize and make them more configurable

All the checks are now aggregated in system.checks.text making it easy
to allow certain checks to be disabled as well as disabling them
alltogether if desired. eg.

    # Disable all checks.
    system.checks.text = mkForce "";

Fixes #117

											
										
										
											2019-01-02 21:13:45 +01:00
+								  nixGarbageCollector = ''
-												nix-gc: add check for nix.gc.automatic

This hopefully avoids problems for people that try to enable the service
with a single-user install.

Fixes #118

											
										
										
											2019-01-02 20:46:39 +01:00
+								    if test -O /nix/store; then
 								        echo "[1;31merror: A single-user install can't run gc as root, aborting activation[0m" >&2
 								        echo "Configure the garbage collector to run as the current user:" >&2
 								        echo >&2
 								        echo "    nix.gc.user = \"$USER\";" >&2
 								        echo >&2
 								        exit 2
 								    fi
 								  '';
-												add activation-checks

											
										
										
											2017-07-23 16:05:46 +02:00
+								in
 								{
 								  options = {
-												checks: generalize and make them more configurable

All the checks are now aggregated in system.checks.text making it easy
to allow certain checks to be disabled as well as disabling them
alltogether if desired. eg.

    # Disable all checks.
    system.checks.text = mkForce "";

Fixes #117

											
										
										
											2019-01-02 21:13:45 +01:00
+								    system.checks.verifyNixPath = mkOption {
 								      type = types.bool;
 								      default = true;
 								      description = "Whether to run the NIX_PATH validation checks.";
 								    };
 								    system.checks.text = mkOption {
 								      internal = true;
 								      type = types.lines;
 								      default = "";
 								    };
-												add activation-checks

											
										
										
											2017-07-23 16:05:46 +02:00
+								  };
 								  config = {
-												checks: generalize and make them more configurable

All the checks are now aggregated in system.checks.text making it easy
to allow certain checks to be disabled as well as disabling them
alltogether if desired. eg.

    # Disable all checks.
    system.checks.text = mkForce "";

Fixes #117

											
										
										
											2019-01-02 21:13:45 +01:00
+								    system.checks.text = mkMerge [
 								      darwinChanges
 								      runLink
 								      (mkIf config.services.nix-daemon.enable buildUsers)
 								      nixStore
-												checks: actually fix gc condition

Introduced in 28710738a3ca7c9a16d63b89c904588d030edf01, the check should
_only_ run if the user is not configured not the other way around.

											
										
										
											2019-01-04 00:40:10 +01:00
+								      (mkIf (config.nix.gc.automatic && config.nix.gc.user == null) nixGarbageCollector)
-												checks: generalize and make them more configurable

All the checks are now aggregated in system.checks.text making it easy
to allow certain checks to be disabled as well as disabling them
alltogether if desired. eg.

    # Disable all checks.
    system.checks.text = mkForce "";

Fixes #117

											
										
										
											2019-01-02 21:13:45 +01:00
+								      nixChannels
 								      nixInstaller
 								      (mkIf cfg.verifyNixPath nixPath)
 								    ];
-												add activation-checks

											
										
										
											2017-07-23 16:05:46 +02:00
+								    system.activationScripts.checks.text = ''
-												checks: generalize and make them more configurable

All the checks are now aggregated in system.checks.text making it easy
to allow certain checks to be disabled as well as disabling them
alltogether if desired. eg.

    # Disable all checks.
    system.checks.text = mkForce "";

Fixes #117

											
										
										
											2019-01-02 21:13:45 +01:00
+								      ${cfg.text}
-												darwin: add --check flag

											
										
										
											2017-07-23 18:02:08 +02:00
 								      if test ''${checkActivation:-0} -eq 1; then
 								        echo "ok" >&2
 								        exit 0
 								      fi
-												add activation-checks

											
										
										
											2017-07-23 16:05:46 +02:00
+								    '';
 								  };
 								}