mirrors/nix-darwin
mirrors/nix-darwin
1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2025-03-13 20:30:02 +00:00
Code Activity

Merge branch 'LnL7:master' into keyboard-shortcuts-update

Browse source
This commit is contained in:
Jun Matsushita 2024-10-05 12:05:52 +02:00 committed by GitHub
commit 2a7003e006
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
70 changed files with 1158 additions and 326 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.github/FUNDING.yml vendored Normal file
View file

@ -0,0 +1 @@
github: [emilazy, Enzime]

39
.github/workflows/test.yml vendored
View file

@ -4,7 +4,7 @@ on:
push:
env:
CURRENT_STABLE_CHANNEL: nixpkgs-23.11-darwin
CURRENT_STABLE_CHANNEL: nixpkgs-24.05-darwin
jobs:
test-stable:
@ -12,10 +12,13 @@ jobs:
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
# We use the Determinate Systems installer for 2.18 because the
# Sequoia UID/GID changes have not yet been backported to the
# official installer for that version.
- name: Install nix corresponding to latest stable channel
uses: cachix/install-nix-action@v23
uses: DeterminateSystems/nix-installer-action@main
with:
install_url: https://releases.nixos.org/nix/nix-2.13.6/install
nix-package-url: https://releases.nixos.org/nix/nix-2.18.5/nix-2.18.5-x86_64-darwin.tar.xz
- run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A tests
- run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A manpages
- run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A examples.simple
@ -26,7 +29,9 @@ jobs:
steps:
- uses: actions/checkout@v3
- name: Install nix from current unstable channel
uses: cachix/install-nix-action@v23
uses: cachix/install-nix-action@v27
with:
install_url: https://releases.nixos.org/nix/nix-2.24.6/install
- run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A tests
- run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A manpages
- run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A examples.simple
@ -36,18 +41,20 @@ jobs:
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
# We use the Determinate Systems installer for 2.18 because the
# Sequoia UID/GID changes have not yet been backported to the
# official installer for that version.
- name: Install nix corresponding to latest stable channel
uses: cachix/install-nix-action@v23
uses: DeterminateSystems/nix-installer-action@main
with:
install_url: https://releases.nixos.org/nix/nix-2.13.6/install
nix_path: nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }}
nix-package-url: https://releases.nixos.org/nix/nix-2.18.5/nix-2.18.5-x86_64-darwin.tar.xz
- name: Install ${{ env.CURRENT_STABLE_CHANNEL }} channel
run: |
nix-channel --add https://nixos.org/channels/${{ env.CURRENT_STABLE_CHANNEL }} nixpkgs
nix-channel --update
- name: Install nix-darwin and test
run: |
export NIX_PATH=$HOME/.nix-defexpr/channels
export NIX_PATH=nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }}
# We run nix-darwin twice to test that it can create darwin-configuration correctly for us
# but we expect it to fail setting up /etc/nix/nix.conf
@ -82,8 +89,9 @@ jobs:
steps:
- uses: actions/checkout@v3
- name: Install nix from current unstable channel
uses: cachix/install-nix-action@v23
uses: cachix/install-nix-action@v27
with:
install_url: https://releases.nixos.org/nix/nix-2.24.6/install
nix_path: nixpkgs=channel:nixpkgs-unstable
- name: Install nixpkgs-unstable channel
run: |
@ -125,10 +133,13 @@ jobs:
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
- name: Install nix version corresponding to latest stable channel
uses: cachix/install-nix-action@v23
# We use the Determinate Systems installer for 2.18 because the
# Sequoia UID/GID changes have not yet been backported to the
# official installer for that version.
- name: Install nix corresponding to latest stable channel
uses: DeterminateSystems/nix-installer-action@main
with:
install_url: https://releases.nixos.org/nix/nix-2.13.6/install
nix-package-url: https://releases.nixos.org/nix/nix-2.18.5/nix-2.18.5-x86_64-darwin.tar.xz
- name: Install nix-darwin
run: |
mkdir -p ~/.config/nix-darwin
@ -209,7 +220,9 @@ jobs:
steps:
- uses: actions/checkout@v3
- name: Install nix from current unstable channel
uses: cachix/install-nix-action@v23
uses: cachix/install-nix-action@v27
with:
install_url: https://releases.nixos.org/nix/nix-2.24.6/install
- name: Install nix-darwin
run: |
mkdir -p ~/.config/nix-darwin

4
.github/workflows/update-manual.yml vendored
View file

@ -17,11 +17,11 @@ jobs:
fetch-depth: 0
- name: Install Nix
uses: cachix/install-nix-action@v22
uses: cachix/install-nix-action@v27
- name: Build manual
run: |
nix-build ./release.nix -I nixpkgs=channel:nixpkgs-23.11-darwin -I darwin=. -A manualHTML
nix-build ./release.nix -I nixpkgs=channel:nixpkgs-24.05-darwin -I darwin=. -A manualHTML
- name: Push update to manual
run: |

29
CHANGELOG
View file

@ -1,3 +1,32 @@
2024-09-10
- The default Nix build user group ID is now set to 350 when
`system.stateVersion` ≥ 5, to reflect the default for new Nix
installations. This only affects installations that enable
`nix.configureBuildUsers`, and any divergence will be detected on
system activation. To use `nix.configureBuildUsers` with a higher
`system.stateVersion` on installations using the old group ID, set:
ids.gids.nixbld = 30000;
We do not recommend trying to change the group ID with macOS user
management tools without a complete uninstallation and reinstallation
of Nix.
2024-06-15
- SECURITY NOTICE: The previous implementation of the
`users.users.<name>.openssh.authorizedKeys.*` options would not delete
authorized keys files when the setting for a given user was removed.
This means that if you previously stopped managing a user's authorized
SSH keys with nix-darwin, or intended to revoke their access by
removing the option, the previous set of keys could still be used to
log in as that user.
You can check the /etc/ssh/authorized_keys.d directory to see which
keys were permitted; afterwards, please remove the directory and
re-run activation. The options continue to be supported and will now
correctly permit only the keys in your current system configuration.
2022-08-24
- Major changes to `homebrew` module
`homebrew.cleanup` was renamed to `homebrew.onActivation.cleanup`.

65
README.md
View file

@ -41,12 +41,16 @@ darwin-rebuild changelog
## Uninstalling
There's also an uninstaller if you don't like the project and want to
remove the configured files and services.
To run the latest version of the uninstaller, you can run the following command:
```bash
nix-build https://github.com/LnL7/nix-darwin/archive/master.tar.gz -A uninstaller
./result/bin/darwin-uninstaller
```
nix --extra-experimental-features "nix-command flakes" run nix-darwin#darwin-uninstaller
```
If that command doesn't work for you, you can try the locally installed uninstaller:
```
darwin-uninstaller
```
## Example configuration
@ -157,57 +161,6 @@ nix-darwin.lib.darwinSystem {
# inputs.self, inputs.nix-darwin, and inputs.nixpkgs can be accessed here
```
## Manual Install
```bash
# Configure the channel
nix-channel --add https://github.com/LnL7/nix-darwin/archive/master.tar.gz darwin
nix-channel --update
export NIX_PATH=darwin-config=$HOME/.nixpkgs/darwin-configuration.nix:$HOME/.nix-defexpr/channels:$NIX_PATH
# Or use a local git repository
git clone git@github.com:LnL7/nix-darwin.git ~/.nix-defexpr/darwin
export NIX_PATH=darwin=$HOME/.nix-defexpr/darwin:darwin-config=$HOME/.nixpkgs/darwin-configuration.nix:$NIX_PATH
cp ~/.nix-defexpr/darwin/modules/examples/simple.nix ~/.nixpkgs/darwin-configuration.nix
# you can also use this to rebootstrap nix-darwin in case
# darwin-rebuild is too old to activate the system.
$(nix-build '<darwin>' -A system --no-out-link)/sw/bin/darwin-rebuild build
$(nix-build '<darwin>' -A system --no-out-link)/sw/bin/darwin-rebuild switch
. /etc/static/bashrc
```
... or for `fish`:
```fish
(nix-build '<darwin>' -A system --no-out-link)/sw/bin/darwin-rebuild build
(nix-build '<darwin>' -A system --no-out-link)/sw/bin/darwin-rebuild switch
```
This will create and manage a system profile in `/run/current-system`, just like NixOS.
By default, nix-darwin will look in your `NIX_PATH` for this repository at `~/.nix-defexpr/darwin` and your configuration at `~/.nixpkgs/darwin-configuration.nix`.
If you want to change these you can set your own with `nix.nixPath = [ ];`.
```
$ darwin-rebuild switch
building the system configuration...
these derivations will be built:
/nix/store/vfad6xgjzr56jcs051cg6vzch4dby92y-etc-zprofile.drv
/nix/store/cbmkscxsz0k02ynaph5xaxm1aql0p3vq-etc.drv
/nix/store/r5fpn177jhc16f8iyzk12gcw4pivzpbw-nixdarwin-system-16.09.drv
building path(s) /nix/store/wlq89shja597ip7mrmjv7yzk2lwyh8n0-etc-zprofile
building path(s) /nix/store/m8kcm1pa5j570h3indp71a439wsh9lzq-etc
building path(s) /nix/store/l735ffcdvcvy60i8pqf6v00vx7lnm6mz-nixdarwin-system-16.09
setting up /etc...
setting up launchd services...
writing defaults...
$
```
## Documentation
Reference documentation of all the options is available [here](https://daiderd.com/nix-darwin/manual/index.html).

10
doc/known-files/24797ac05542ff8b52910efc77870faa5f9e3275097227ea4e50c430a5f72916 Normal file
View file

@ -0,0 +1,10 @@
# Generated by https://install.lix.systems/.
# See `/nix/nix-installer --version` for the version details.
build-users-group = nixbld
experimental-features = nix-command flakes
bash-prompt-prefix = (nix:$name)\040
max-jobs = auto
substituters = https://cache.nixos.org https://cache.lix.systems
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=
extra-nix-path = nixpkgs=flake:nixpkgs

12
doc/known-files/966d22ef5bb9b56d481e8e0d5f7ca2deaf4d24c0f0fc969b2eeaa7ae0aa42907 Normal file
View file

@ -0,0 +1,12 @@
# Generated by https://github.com/DeterminateSystems/nix-installer.
# See `/nix/nix-installer --version` for the version details.
build-users-group = nixbld
experimental-features = nix-command flakes
always-allow-substitutes = true
extra-trusted-substituters = https://cache.flakehub.com
extra-trusted-public-keys = cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM= cache.flakehub.com-4:Asi8qIv291s0aYLyH6IOnr5Kf6+OF14WVjkE6t3xMio= cache.flakehub.com-5:zB96CRlL7tiPtzA9/WKyPkp3A2vqxqgdgyTVNGShPDU= cache.flakehub.com-6:W4EGFwAGgBj3he7c5fNh9NkOXw0PUVaxygCVKeuvaqU= cache.flakehub.com-7:mvxJ2DZVHn/kRxlIaxYNMuDG1OvMckZu32um1TadOR8= cache.flakehub.com-8:moO+OVS0mnTjBTcOUh2kYLQEd59ExzyoW1QgQ8XAARQ= cache.flakehub.com-9:wChaSeTI6TeCuV/Sg2513ZIM9i0qJaYsF+lZCXg0J6o= cache.flakehub.com-10:2GqeNlIp6AKp4EF2MVbE1kBOp9iBSyo0UPR9KoR0o1Y=
bash-prompt-prefix = (nix:$name)\040
max-jobs = auto
extra-nix-path = nixpkgs=flake:nixpkgs
upgrade-nix-store-path-url = https://install.determinate.systems/nix-upgrade/stable/universal

9
doc/known-files/b027b5cad320b5b8123d9d0db9f815c3f3921596c26dc3c471457098e4d3cc40 Normal file
View file

@ -0,0 +1,9 @@
# Generated by https://install.lix.systems/.
# See `/nix/nix-installer --version` for the version details.
build-users-group = nixbld
experimental-features = nix-command
bash-prompt-prefix = (nix:$name)\040
max-jobs = auto
substituters = https://cache.nixos.org https://cache.lix.systems
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=

10
doc/known-files/e4974acb79c56148cb8e92137fa4f2de9b7356e897b332fc4e6769e8c0b83e18 Normal file
View file

@ -0,0 +1,10 @@
# Generated by https://github.com/DeterminateSystems/nix-installer.
# See `/nix/nix-installer --version` for the version details.
build-users-group = nixbld
experimental-features = nix-command flakes
always-allow-substitutes = true
bash-prompt-prefix = (nix:$name)\040
max-jobs = auto
extra-nix-path = nixpkgs=flake:nixpkgs
upgrade-nix-store-path-url = https://install.determinate.systems/nix-upgrade/stable/universal

1
flake.nix
View file

@ -27,6 +27,7 @@
}
++ [ ({ lib, ... }: {
nixpkgs.source = lib.mkDefault nixpkgs;
nixpkgs.flake.source = lib.mkDefault nixpkgs.outPath;
system.checks.verifyNixPath = lib.mkDefault false;

27
modules/environment/default.nix
View file

@ -9,13 +9,17 @@ let
mapAttrsToList (n: v: ''export ${n}="${v}"'') cfg.variables;
aliasCommands =
mapAttrsFlatten (n: v: ''alias ${n}=${escapeShellArg v}'')
mapAttrsToList (n: v: ''alias ${n}=${escapeShellArg v}'')
(filterAttrs (k: v: v != null) cfg.shellAliases);
makeDrvBinPath = concatMapStringsSep ":" (p: if isDerivation p then "${p}/bin" else p);
in
{
imports = [
(mkRenamedOptionModule ["environment" "postBuild"] ["environment" "extraSetup"])
];
options = {
environment.systemPackages = mkOption {
type = types.listOf types.package;
@ -43,12 +47,6 @@ in
description = "A list of profiles used to setup the global environment.";
};
environment.postBuild = mkOption {
type = types.lines;
default = "";
description = "Commands to execute when building the global environment.";
};
environment.extraOutputsToInstall = mkOption {
type = types.listOf types.str;
default = [];
@ -147,6 +145,17 @@ in
'';
type = types.lines;
};
environment.extraSetup = mkOption {
type = types.lines;
default = "";
description = ''
Shell fragments to be run after the system environment has been created.
This should only be used for things that need to modify the internals
of the environment, e.g. generating MIME caches.
The environment being built can be accessed at $out.
'';
};
};
config = {
@ -188,7 +197,8 @@ in
system.path = pkgs.buildEnv {
name = "system-path";
paths = cfg.systemPackages;
inherit (cfg) postBuild pathsToLink extraOutputsToInstall;
postBuild = cfg.extraSetup;
inherit (cfg) pathsToLink extraOutputsToInstall;
};
system.build.setEnvironment = pkgs.writeText "set-environment" ''
@ -205,6 +215,5 @@ in
system.build.setAliases = pkgs.writeText "set-aliases" ''
${concatStringsSep "\n" aliasCommands}
'';
};
}

2
modules/examples/flake/flake.nix
View file

@ -32,7 +32,7 @@
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = 4;
system.stateVersion = 5;
# The platform the configuration will be used on.
nixpkgs.hostPlatform = "x86_64-darwin";

1
modules/examples/lnl.nix
View file

@ -10,6 +10,7 @@
system.defaults.NSGlobalDomain.InitialKeyRepeat = 10;
system.defaults.NSGlobalDomain.KeyRepeat = 1;
system.defaults.NSGlobalDomain.NSAutomaticCapitalizationEnabled = false;
system.defaults.NSGlobalDomain.NSAutomaticInlinePredictionEnabled = false;
system.defaults.NSGlobalDomain.NSAutomaticDashSubstitutionEnabled = false;
system.defaults.NSGlobalDomain.NSAutomaticPeriodSubstitutionEnabled = false;
system.defaults.NSGlobalDomain.NSAutomaticQuoteSubstitutionEnabled = false;

2
modules/examples/ofborg.nix
View file

@ -25,5 +25,5 @@ with lib;
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = 4;
system.stateVersion = 5;
}

2
modules/examples/simple.nix
View file

@ -21,5 +21,5 @@
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = 4;
system.stateVersion = 5;
}

7
modules/launchd/default.nix
View file

@ -20,7 +20,6 @@ let
{ config, name, ... }:
let
cmd = config.command;
env = config.environment // optionalAttrs (config.path != "") { PATH = config.path; };
in
@ -88,7 +87,11 @@ let
'');
serviceConfig.Label = mkDefault "${cfg.labelPrefix}.${name}";
serviceConfig.ProgramArguments = mkIf (cmd != "") [ "/bin/sh" "-c" "exec ${cmd}" ];
serviceConfig.ProgramArguments = mkIf (config.command != "") [
"/bin/sh"
"-c"
"/bin/wait4path /nix/store &amp;&amp; exec ${config.command}"
];
serviceConfig.EnvironmentVariables = mkIf (env != {}) env;
};
};

8
modules/lib/write-text.nix
View file

@ -45,14 +45,6 @@ in
'';
};
copy = mkOption {
type = types.bool;
default = false;
description = ''
Whether this file should be copied instead of symlinking.
'';
};
knownSha256Hashes = mkOption {
internal = true;
type = types.listOf types.str;

7
modules/misc/ids.nix
View file

@ -8,7 +8,7 @@
# to change uids/gids on service start, in example a service with a lot of
# files.
{ lib, ... }:
{ lib, config, ... }:
let
inherit (lib) types;
@ -34,15 +34,14 @@ in
};
config = {
ids.uids = {
nixbld = 300;
nixbld = lib.mkDefault 350;
};
ids.gids = {
nixbld = 30000;
nixbld = lib.mkDefault (if config.system.stateVersion < 5 then 30000 else 350);
};
};

4
modules/module-list.nix
View file

@ -32,6 +32,7 @@
./system/defaults/trackpad.nix
./system/defaults/universalaccess.nix
./system/defaults/ActivityMonitor.nix
./system/defaults/WindowManager.nix
./system/etc.nix
./system/keyboard.nix
./system/launchd.nix
@ -47,6 +48,7 @@
./nix/linux-builder.nix
./nix/nix-darwin.nix
./nix/nixpkgs.nix
./nix/nixpkgs-flake.nix
./environment
./fonts
./launchd
@ -69,6 +71,7 @@
./services/mail/offlineimap.nix
./services/mopidy.nix
./services/monitoring/telegraf.nix
./services/monitoring/netdata.nix
./services/netbird.nix
./services/nix-daemon.nix
./services/nix-gc
@ -88,6 +91,7 @@
./services/wg-quick.nix
./services/yabai
./services/nextdns
./services/jankyborders
./programs/bash
./programs/direnv.nix
./programs/fish.nix

65
modules/nix/default.nix
View file

@ -380,14 +380,38 @@ in
'';
};
channel = {
enable = mkOption {
description = ''
Whether the `nix-channel` command and state files are made available on the machine.
The following files are initialized when enabled:
- `/nix/var/nix/profiles/per-user/root/channels`
- `$HOME/.nix-defexpr/channels` (on login)
Disabling this option will not remove the state files from the system.
'';
type = types.bool;
default = true;
};
};
# Definition differs substantially from NixOS module
nixPath = mkOption {
type = nixPathType;
default = [
default = lib.optionals cfg.channel.enable [
# Include default path <darwin-config>.
{ darwin-config = "${config.environment.darwinConfig}"; }
"/nix/var/nix/profiles/per-user/root/channels"
];
defaultText = lib.literalExpression ''
lib.optionals cfg.channel.enable [
# Include default path <darwin-config>.
{ darwin-config = "${config.environment.darwinConfig}"; }
{ darwin-config = "''${config.environment.darwinConfig}"; }
"/nix/var/nix/profiles/per-user/root/channels"
];
]
'';
description = ''
The default Nix expression search path, used by the Nix
evaluator to look up paths enclosed in angle brackets
@ -677,7 +701,11 @@ in
"f3e03d851c240c1aa7daccd144ee929f0f5971982424c868c434eb6030e961d4" # DeterminateSystems Nix installer 0.10.0
"c6080216f2a170611e339c3f46e4e1d61aaf0d8b417ad93ade8d647da1382c11" # DeterminateSystems Nix installer 0.14.0
"97f4135d262ca22d65c9554aad795c10a4491fa61b67d9c2430f4d82bbfec9a2" # DeterminateSystems Nix installer 0.15.1
"5d23e6d7015756c6f300f8cd558ec4d9234ca61deefd4f2478e91a49760b0747" # DeterminateSystems Nix installer 0.16.0+
"5d23e6d7015756c6f300f8cd558ec4d9234ca61deefd4f2478e91a49760b0747" # DeterminateSystems Nix installer 0.16.0
"e4974acb79c56148cb8e92137fa4f2de9b7356e897b332fc4e6769e8c0b83e18" # DeterminateSystems Nix installer 0.20.0
"966d22ef5bb9b56d481e8e0d5f7ca2deaf4d24c0f0fc969b2eeaa7ae0aa42907" # DeterminateSystems Nix installer 0.22.0
"24797ac05542ff8b52910efc77870faa5f9e3275097227ea4e50c430a5f72916" # lix-installer 0.17.1 with flakes
"b027b5cad320b5b8123d9d0db9f815c3f3921596c26dc3c471457098e4d3cc40" # lix-installer 0.17.1 without flakes
];
environment.etc."nix/registry.json".text = builtins.toJSON {
@ -742,27 +770,21 @@ in
];
# Not in NixOS module
nix.nixPath = mkMerge [
(mkIf (config.system.stateVersion < 2) (mkDefault
[ "darwin=$HOME/.nix-defexpr/darwin"
"darwin-config=$HOME/.nixpkgs/darwin-configuration.nix"
"/nix/var/nix/profiles/per-user/root/channels"
]))
(mkIf (config.system.stateVersion > 3) (mkOrder 1200
[ { darwin-config = "${config.environment.darwinConfig}"; }
"/nix/var/nix/profiles/per-user/root/channels"
]))
];
nix.nixPath = mkIf (config.system.stateVersion < 2) (mkDefault [
"darwin=$HOME/.nix-defexpr/darwin"
"darwin-config=$HOME/.nixpkgs/darwin-configuration.nix"
"/nix/var/nix/profiles/per-user/root/channels"
]);
# Set up the environment variables for running Nix.
environment.variables = cfg.envVars // { NIX_PATH = cfg.nixPath; };
environment.extraInit =
''
environment.extraInit = mkMerge [
(mkIf cfg.channel.enable ''
if [ -e "$HOME/.nix-defexpr/channels" ]; then
export NIX_PATH="$HOME/.nix-defexpr/channels''${NIX_PATH:+:$NIX_PATH}"
fi
'' +
'')
# Not in NixOS module
''
# Set up secure multi-user builds: non-root users build through the
@ -770,7 +792,12 @@ in
if [ ! -w /nix/var/nix/db ]; then
export NIX_REMOTE=daemon
fi
'';
''
];
environment.extraSetup = mkIf (!cfg.channel.enable) ''
rm --force $out/bin/nix-channel
'';
nix.nrBuildUsers = mkDefault (max 32 (if cfg.settings.max-jobs == "auto" then 0 else cfg.settings.max-jobs));

52
modules/nix/linux-builder.nix
View file

@ -3,30 +3,7 @@
with lib;
let
inherit (pkgs) stdenv;
cfg = config.nix.linux-builder;
builderWithOverrides = cfg.package.override (previousArguments: {
# the linux-builder packages require a list `modules` argument, so it's
# always non-null.
modules = previousArguments.modules ++ [ cfg.config ];
});
# create-builder uses TMPDIR to share files with the builder, notably certs.
# macOS will clean up files in /tmp automatically that haven't been accessed in 3+ days.
# If we let it use /tmp, leaving the computer asleep for 3 days makes the certs vanish.
# So we'll use /run/org.nixos.linux-builder instead and clean it up ourselves.
script = pkgs.writeShellScript "linux-builder-start" ''
export TMPDIR=/run/org.nixos.linux-builder USE_TMPDIR=1
rm -rf $TMPDIR
mkdir -p $TMPDIR
trap "rm -rf $TMPDIR" EXIT
${lib.optionalString cfg.ephemeral ''
rm -f ${cfg.workingDirectory}/${builderWithOverrides.nixosConfig.networking.hostName}.qcow2
''}
${builderWithOverrides}/bin/create-builder
'';
in
{
@ -41,6 +18,11 @@ in
type = types.package;
default = pkgs.darwin.linux-builder;
defaultText = "pkgs.darwin.linux-builder";
apply = pkg: pkg.override (old: {
# the linux-builder package requires `modules` as an argument, so it's
# always non-null.
modules = old.modules ++ [ cfg.config ];
});
description = ''
This option specifies the Linux builder to use.
'';
@ -135,7 +117,7 @@ in
systems = mkOption {
type = types.listOf types.str;
default = [ builderWithOverrides.nixosConfig.nixpkgs.hostPlatform.system ];
default = [ cfg.package.nixosConfig.nixpkgs.hostPlatform.system ];
defaultText = ''
The `nixpkgs.hostPlatform.system` of the build machine's final NixOS configuration.
'';
@ -179,11 +161,23 @@ in
environment = {
inherit (config.environment.variables) NIX_SSL_CERT_FILE;
};
# create-builder uses TMPDIR to share files with the builder, notably certs.
# macOS will clean up files in /tmp automatically that haven't been accessed in 3+ days.
# If we let it use /tmp, leaving the computer asleep for 3 days makes the certs vanish.
# So we'll use /run/org.nixos.linux-builder instead and clean it up ourselves.
script = ''
export TMPDIR=/run/org.nixos.linux-builder USE_TMPDIR=1
rm -rf $TMPDIR
mkdir -p $TMPDIR
trap "rm -rf $TMPDIR" EXIT
${lib.optionalString cfg.ephemeral ''
rm -f ${cfg.workingDirectory}/${cfg.package.nixosConfig.networking.hostName}.qcow2
''}
${cfg.package}/bin/create-builder
'';
serviceConfig = {
ProgramArguments = [
"/bin/sh" "-c"
"/bin/wait4path /nix/store &amp;&amp; exec ${script}"
];
KeepAlive = true;
RunAtLoad = true;
WorkingDirectory = cfg.workingDirectory;
@ -192,9 +186,11 @@ in
environment.etc."ssh/ssh_config.d/100-linux-builder.conf".text = ''
Host linux-builder
User builder
Hostname localhost
HostKeyAlias linux-builder
Port 31022
IdentityFile /etc/nix/builder_ed25519
'';
nix.distributedBuilds = true;

19
modules/nix/nix-darwin.nix
View file

@ -13,8 +13,19 @@ let
in
{
options = {
system.includeUninstaller = lib.mkOption {
options.system = {
disableInstallerTools = lib.mkOption {
type = lib.types.bool;
internal = true;
default = false;
description = ''
Disable darwin-rebuild and darwin-option. This is useful to shrink
systems which are not expected to rebuild or reconfigure themselves.
Use at your own risk!
'';
};
includeUninstaller = lib.mkOption {
type = lib.types.bool;
internal = true;
default = true;
@ -23,10 +34,10 @@ in
config = {
environment.systemPackages =
[ # Include nix-tools by default
[ darwin-version ]
++ lib.optionals (!config.system.disableInstallerTools) [
darwin-option
darwin-rebuild
darwin-version
] ++ lib.optional config.system.includeUninstaller darwin-uninstaller;
system.build = {

105
modules/nix/nixpkgs-flake.nix Normal file
View file

@ -0,0 +1,105 @@
{ config, options, lib, ... }:
with lib;
let
cfg = config.nixpkgs.flake;
in
{
options.nixpkgs.flake = {
source = mkOption {
# In newer Nix versions, particularly with lazy trees, outPath of
# flakes becomes a Nix-language path object. We deliberately allow this
# to gracefully come through the interface in discussion with @roberth.
#
# See: https://github.com/NixOS/nixpkgs/pull/278522#discussion_r1460292639
type = types.nullOr (types.either types.str types.path);
default = null;
defaultText = "if (using nix-darwin.lib.darwinSystem) then nixpkgs.source else null";
example = ''builtins.fetchTarball { name = "source"; sha256 = "${lib.fakeHash}"; url = "https://github.com/nixos/nixpkgs/archive/somecommit.tar.gz"; }'';
description = ''
The path to the nixpkgs sources used to build the system. This is automatically set up to be
the store path of the nixpkgs flake used to build the system if using
`nixpkgs.lib.darwinSystem`, and is otherwise null by default.
This can also be optionally set if the nix-darwin system is not built with a flake but still uses
pinned sources: set this to the store path for the nixpkgs sources used to build the system,
as may be obtained by `builtins.fetchTarball`, for example.
Note: the name of the store path must be "source" due to
<https://github.com/NixOS/nix/issues/7075>.
'';
};
setNixPath = mkOption {
type = types.bool;
default = cfg.source != null;
defaultText = "config.nixpkgs.flake.source != null";
description = ''
Whether to set {env}`NIX_PATH` to include `nixpkgs=flake:nixpkgs` such that `<nixpkgs>`
lookups receive the version of nixpkgs that the system was built with, in concert with
{option}`nixpkgs.flake.setFlakeRegistry`.
This is on by default for nix-darwin configurations built with flakes.
This makes {command}`nix-build '<nixpkgs>' -A hello` work out of the box on flake systems.
Note that this option makes the nix-darwin closure depend on the nixpkgs sources, which may add
undesired closure size if the system will not have any nix commands run on it.
'';
};
setFlakeRegistry = mkOption {
type = types.bool;
default = cfg.source != null;
defaultText = "config.nixpkgs.flake.source != null";
description = ''
Whether to pin nixpkgs in the system-wide flake registry (`/etc/nix/registry.json`) to the
store path of the sources of nixpkgs used to build the nix-darwin system.
This is on by default for nix-darwin configurations built with flakes.
This option makes {command}`nix run nixpkgs#hello` reuse dependencies from the system, avoid
refetching nixpkgs, and have a consistent result every time.
Note that this option makes the nix-darwin closure depend on the nixpkgs sources, which may add
undesired closure size if the system will not have any nix commands run on it.
'';
};
};
config = mkIf (cfg.source != null) (mkMerge [
{
assertions = [
{
assertion = cfg.setNixPath -> cfg.setFlakeRegistry;
message = ''
Setting `nixpkgs.flake.setNixPath` requires that `nixpkgs.flake.setFlakeRegistry` also
be set, since it is implemented in terms of indirection through the flake registry.
'';
}
];
}
(mkIf cfg.setFlakeRegistry {
nix.registry.nixpkgs.to = mkDefault {
type = "path";
path = cfg.source;
};
})
(mkIf cfg.setNixPath {
# N.B. This does not include darwin-config in NIX_PATH unlike modules/nix/default.nix
# because we would need some kind of evil shim taking the *calling* flake's self path,
# perhaps, to ever make that work (in order to know where the Nix expr for the system came
# from and how to call it).
nix.nixPath = mkDefault ([ "nixpkgs=flake:nixpkgs" ]
++ optional config.nix.channel.enable "/nix/var/nix/profiles/per-user/root/channels");
})
]);
}

3
modules/programs/bash/default.nix
View file

@ -55,9 +55,6 @@ in
if [ -n "$__ETC_BASHRC_SOURCED" -o -n "$NOSYSBASHRC" ]; then return; fi
__ETC_BASHRC_SOURCED=1
# Don't execute this file when running in a pure nix-shell.
if [ "$IN_NIX_SHELL" = "pure" ]; then return; fi
if [ -z "$__NIX_DARWIN_SET_ENVIRONMENT_DONE" ]; then
. ${config.system.build.setEnvironment}
fi

4
modules/programs/direnv.nix
View file

@ -17,7 +17,7 @@ in {
integration.
'';
package = lib.mkPackageOptionMD pkgs "direnv" {};
package = lib.mkPackageOption pkgs "direnv" {};
direnvrcExtra = lib.mkOption {
type = lib.types.lines;
@ -52,7 +52,7 @@ in {
default = true;
};
package = lib.mkPackageOptionMD pkgs "nix-direnv" {};
package = lib.mkPackageOption pkgs "nix-direnv" {};
};
};

2
modules/programs/fish.nix
View file

@ -9,7 +9,7 @@ let
cfg = config.programs.fish;
fishAliases = concatStringsSep "\n" (
mapAttrsFlatten (k: v: "alias ${k} ${escapeShellArg v}")
mapAttrsToList (k: v: "alias ${k} ${escapeShellArg v}")
(filterAttrs (k: v: v != null) cfg.shellAliases)
);

2
modules/programs/gnupg.nix
View file

@ -43,7 +43,7 @@ in
'' + (optionalString cfg.agent.enableSSHSupport ''
# SSH agent protocol doesn't support changing TTYs, so bind the agent
# to every new TTY.
${pkgs.gnupg}/bin/gpg-connect-agent --quiet updatestartuptty /bye > /dev/null
${pkgs.gnupg}/bin/gpg-connect-agent --quiet updatestartuptty /bye > /dev/null 2>&1
export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)
'');

2
modules/programs/info/default.nix
View file

@ -22,7 +22,7 @@ in
environment.pathsToLink = [ "/info" "/share/info" ];
environment.extraOutputsToInstall = [ "info" ];
environment.postBuild = ''
environment.extraSetup = ''
if test -w $out/share/info; then
shopt -s nullglob
for i in $out/share/info/*.info $out/share/info/*.info.gz; do

47
modules/programs/ssh/default.nix
View file

@ -3,7 +3,7 @@
with lib;
let
cfg = config.programs.ssh;
cfg = config.programs.ssh;
knownHosts = map (h: getAttr h cfg.knownHosts) (attrNames cfg.knownHosts);
@ -11,6 +11,14 @@ let
{ name, ... }:
{
options = {
certAuthority = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
This public key is an SSH certificate authority, rather than an
individual host's key.
'';
};
hostNames = mkOption {
type = types.listOf types.str;
default = [];
@ -81,8 +89,7 @@ let
};
authKeysFiles = let
mkAuthKeyFile = u: nameValuePair "ssh/authorized_keys.d/${u.name}" {
copy = true;
mkAuthKeyFile = u: nameValuePair "ssh/nix_authorized_keys.d/${u.name}" {
text = ''
${concatStringsSep "\n" u.openssh.authorizedKeys.keys}
${concatMapStrings (f: readFile f + "\n") u.openssh.authorizedKeys.keyFiles}
@ -97,28 +104,16 @@ let
in
{
imports = [
(mkRemovedOptionModule [ "services" "openssh" "authorizedKeysFiles" ] "No `nix-darwin` equivalent to this NixOS option.")
];
options = {
users.users = mkOption {
type = with types; attrsOf (submodule userOptions);
};
services.openssh.authorizedKeysFiles = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Specify the rules for which files to read on the host.
This is an advanced option. If you're looking to configure user
keys, you can generally use [](#opt-users.users._name_.openssh.authorizedKeys.keys)
or [](#opt-users.users._name_.openssh.authorizedKeys.keyFiles).
These are paths relative to the host root file system or home
directories and they are subject to certain token expansion rules.
See AuthorizedKeysFile in man sshd_config for details.
'';
};
programs.ssh.knownHosts = mkOption {
default = {};
type = types.attrsOf (types.submodule host);
@ -148,25 +143,29 @@ in
message = "knownHost ${name} must contain either a publicKey or publicKeyFile";
});
services.openssh.authorizedKeysFiles = [ "%h/.ssh/authorized_keys" "/etc/ssh/authorized_keys.d/%u" ];
environment.etc = authKeysFiles //
{ "ssh/ssh_known_hosts" = mkIf (builtins.length knownHosts > 0) {
text = (flip (concatMapStringsSep "\n") knownHosts
(h: assert h.hostNames != [];
concatStringsSep "," h.hostNames + " "
lib.optionalString h.certAuthority "@cert-authority " + concatStringsSep "," h.hostNames + " "
+ (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
)) + "\n";
};
"ssh/sshd_config.d/101-authorized-keys.conf" = {
text = "AuthorizedKeysFile ${toString config.services.openssh.authorizedKeysFiles}\n";
text = ''
# sshd doesn't like reading from symbolic links, so we cat
# the file ourselves.
AuthorizedKeysCommand /bin/cat /etc/ssh/nix_authorized_keys.d/%u
# Just a simple cat, fine to use _sshd.
AuthorizedKeysCommandUser _sshd
'';
# Allows us to automatically migrate from using a file to a symlink
knownSha256Hashes = [ oldAuthorizedKeysHash ];
};
};
# Clean up .before-nix-darwin file left over from using knownSha256Hashes
system.activationScripts.etc.text = ''
# Clean up .before-nix-darwin file left over from using knownSha256Hashes
auth_keys_orig=/etc/ssh/sshd_config.d/101-authorized-keys.conf.before-nix-darwin
if [ -e "$auth_keys_orig" ] && [ "$(shasum -a 256 $auth_keys_orig | cut -d ' ' -f 1)" = "${oldAuthorizedKeysHash}" ]; then

22
modules/programs/zsh/default.nix
View file

@ -124,17 +124,18 @@ in
# This file is read for all shells.
# Only execute this file once per shell.
# But don't clobber the environment of interactive non-login children!
if [ -n "$__ETC_ZSHENV_SOURCED" ]; then return; fi
export __ETC_ZSHENV_SOURCED=1
if [ -n "''${__ETC_ZSHENV_SOURCED-}" ]; then return; fi
__ETC_ZSHENV_SOURCED=1
# Don't execute this file when running in a pure nix-shell.
if test -n "$IN_NIX_SHELL"; then return; fi
if [ -z "$__NIX_DARWIN_SET_ENVIRONMENT_DONE" ]; then
if [ -z "''${__NIX_DARWIN_SET_ENVIRONMENT_DONE-}" ]; then
. ${config.system.build.setEnvironment}
fi
# Tell zsh how to find installed completions
for p in ''${(z)NIX_PROFILES}; do
fpath=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions $fpath)
done
${cfg.shellInit}
# Read system-wide modifications.
@ -148,7 +149,7 @@ in
# This file is read for login shells.
# Only execute this file once per shell.
if [ -n "$__ETC_ZPROFILE_SOURCED" ]; then return; fi
if [ -n "''${__ETC_ZPROFILE_SOURCED-}" ]; then return; fi
__ETC_ZPROFILE_SOURCED=1
${concatStringsSep "\n" zshVariables}
@ -182,11 +183,6 @@ in
${config.environment.interactiveShellInit}
${cfg.interactiveShellInit}
# Tell zsh how to find installed completions
for p in ''${(z)NIX_PROFILES}; do
fpath+=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions)
done
${cfg.promptInit}
${optionalString cfg.enableGlobalCompInit "autoload -U compinit && compinit"}

8
modules/services/github-runner/options.nix
View file

@ -22,12 +22,12 @@ with lib;
* `/var/lib/github-runners/<name>`:
State directory to store the runner registration credentials
* `/var/lib/github-runners/_work/<name>`:
Working directory for workflow files. The runner only uses this
directory if `workDir` is `null` (see the `workDir` option for details).
* `/var/log/github-runners/<name>`:
The launchd service writes the stdout and stderr streams to this
directory.
* `/var/run/github-runners/<name>`:
Working directory for workflow files. The runner only uses this
directory if `workDir` is `null` (see the `workDir` option for details).
'';
example = {
runner1 = {
@ -199,7 +199,7 @@ with lib;
default = { };
};
package = mkPackageOptionMD pkgs "github-runner" { };
package = mkPackageOption pkgs "github-runner" { };
ephemeral = mkOption {
type = types.bool;

10
modules/services/github-runner/service.nix
View file

@ -4,7 +4,7 @@ let
mkSvcName = name: "github-runner-${name}";
mkStateDir = cfg: "/var/lib/github-runners/${cfg.name}";
mkLogDir = cfg: "/var/log/github-runners/${cfg.name}";
mkWorkDir = cfg: if (cfg.workDir != null) then cfg.workDir else "/var/run/github-runners/${cfg.name}";
mkWorkDir = cfg: if (cfg.workDir != null) then cfg.workDir else "/var/lib/github-runners/_work/${cfg.name}";
in
{
config.assertions = flatten (
@ -17,6 +17,10 @@ in
assertion = !cfg.noDefaultLabels || (cfg.extraLabels != [ ]);
message = "`services.github-runners.${name}`: The `extraLabels` option is mandatory if `noDefaultLabels` is set";
}
{
assertion = cfg.workDir == null || !(hasPrefix "/run/" cfg.workDir || hasPrefix "/var/run/" cfg.workDir || hasPrefix "/private/var/run/");
message = "`services.github-runners.${name}`: `workDir` being inside /run is not supported";
}
])
);
@ -86,7 +90,7 @@ in
let
configure = pkgs.writeShellApplication {
name = "configure-github-runner-${name}";
text = ''
text = /*bash*/''
export RUNNER_ROOT
args=(
@ -94,7 +98,7 @@ in
--disableupdate
--work ${escapeShellArg workDir}
--url ${escapeShellArg cfg.url}
--labels ${escapeShellArg (concatStringsSep "," cfg.extraLabels)}
--labels "${escapeShellArg (concatStringsSep "," cfg.extraLabels)}"
${optionalString (cfg.name != null ) "--name ${escapeShellArg cfg.name}"}
${optionalString cfg.replace "--replace"}
${optionalString (cfg.runnerGroup != null) "--runnergroup ${escapeShellArg cfg.runnerGroup}"}

167
modules/services/jankyborders/default.nix Normal file
View file

@ -0,0 +1,167 @@
{
config,
lib,
pkgs,
...
}: let
inherit (lib) maintainers mkEnableOption mkIf mkPackageOption mkOption types;
cfg = config.services.jankyborders;
joinStrings = strings: builtins.concatStringsSep "," strings;
optionalArg = arg: value:
if value != null && value != ""
then
if lib.isList value
then lib.map (val: "${arg}=${val}") value
else ["${arg}=${value}"]
else [];
in {
meta.maintainers = [
maintainers.amsynist or "amsynist"
];
options.services.jankyborders = {
enable = mkEnableOption "Enable the jankyborders service.";
package = mkPackageOption pkgs "jankyborders" {};
width = mkOption {
type = types.float;
default = 5.0;
description = ''
Determines the width of the border. For example, width=5.0 creates a border 5.0 points wide.
'';
};
hidpi = mkOption {
type = types.bool;
default = false;
description = ''
If set to on, the border will be drawn with retina resolution.
'';
};
active_color = mkOption {
type = types.str;
default = "0xFFFFFFFF";
example = "0xFFFFFFFF";
description = ''
Sets the border color for the focused window (format: 0xAARRGGBB). For instance, active_color="0xff00ff00" creates a green border.
For Gradient Border : active_color="gradient(top_right=0x9992B3F5,bottom_left=0x9992B3F5)"
'';
};
inactive_color = mkOption {
type = types.str;
default = "0xFFFFFFFF";
example = "0xFFFFFFFF";
description = ''
Sets the border color for all windows not in focus (format: 0xAARRGGBB).
For Gradient Border : inactive_color="gradient(top_right=0x9992B3F5,bottom_left=0x9992B3F5)"
'';
};
background_color = mkOption {
type = types.str;
default = "";
example = "0xFFFFFFFF";
description = ''
Sets the background fill color for all windows (only 0xAARRGGBB arguments supported).
'';
};
style = mkOption {
type = types.str;
default = "round";
example = "square/round";
description = ''
Specifies the style of the border (either round or square).
'';
};
order = mkOption {
type = types.enum [ "above" "below" ];
default = "below";
example = "above";
description = ''
Specifies whether borders should be drawn above or below windows.
'';
};
blur_radius = mkOption {
type = types.float;
default = 0.0;
example = 5.0;
description = ''
Sets the blur radius applied to the borders or backgrounds with transparency.
'';
};
ax_focus = mkOption {
type = types.bool;
default = false;
description = ''
If set to true, the (slower) accessibility API is used to resolve the focused window.
'';
};
blacklist = mkOption {
type = types.listOf types.str;
default = [];
example = ["Safari" "kitty"];
description = ''
The applications specified here are excluded from being bordered.
For example, blacklist = [ "Safari" "kitty" ] excludes Safari and kitty from being bordered.
'';
};
whitelist = mkOption {
type = types.listOf types.str;
default = [];
example = ["Arc" "USB Overdrive"];
description = ''
Once this list is populated, only applications listed here are considered for receiving a border.
If the whitelist is empty (default) it is inactive.
'';
};
};
config = mkIf cfg.enable {
assertions = [
{
assertion = !(cfg.blacklist != [] && cfg.whitelist != []);
message = "Cannot define both a blacklist and a whitelist for jankyborders.";
}
];
environment.systemPackages = [cfg.package];
launchd.user.agents.jankyborders = {
serviceConfig.ProgramArguments =
[
"${cfg.package}/bin/borders"
]
++ (optionalArg "width" (toString cfg.width))
++ (optionalArg "hidpi" (
if cfg.hidpi
then "on"
else "off"
))
++ (optionalArg "active_color" cfg.active_color)
++ (optionalArg "inactive_color" cfg.inactive_color)
++ (optionalArg "background_color" cfg.background_color)
++ (optionalArg "style" cfg.style)
++ (optionalArg "blur_radius" (toString cfg.blur_radius))
++ (optionalArg "ax_focus" (
if cfg.ax_focus
then "on"
else "off"
))
++ (optionalArg "blacklist" (joinStrings cfg.blacklist))
++ (optionalArg "whitelist" (joinStrings cfg.whitelist))
++ (optionalArg "order" cfg.order);
serviceConfig.KeepAlive = true;
serviceConfig.RunAtLoad = true;
};
};
}

20
modules/services/karabiner-elements/default.nix
View file

@ -38,14 +38,11 @@ in
# the system extension is activated, so we can call activate from the manager
# which will block until the system extension is activated.
launchd.daemons.start_karabiner_daemons = {
serviceConfig.ProgramArguments = [
"/bin/sh" "-c"
"/bin/wait4path /nix/store &amp;&amp; ${pkgs.writeScript "start_karabiner_daemons" ''
script = ''
${parentAppDir}/.Karabiner-VirtualHIDDevice-Manager.app/Contents/MacOS/Karabiner-VirtualHIDDevice-Manager activate
launchctl kickstart system/org.pqrs.karabiner.karabiner_grabber
launchctl kickstart system/org.pqrs.karabiner.karabiner_observer
''}"
];
'';
serviceConfig.Label = "org.nixos.start_karabiner_daemons";
serviceConfig.RunAtLoad = true;
};
@ -73,11 +70,7 @@ in
};
launchd.daemons.Karabiner-DriverKit-VirtualHIDDeviceClient = {
serviceConfig.ProgramArguments = [
"/bin/sh" "-c"
# For unknown reasons this daemon will fail if VirtualHIDDeviceClient is not exec'd.
"/bin/wait4path /nix/store &amp;&amp; exec \"${pkgs.karabiner-elements.driver}/Library/Application Support/org.pqrs/Karabiner-DriverKit-VirtualHIDDevice/Applications/Karabiner-DriverKit-VirtualHIDDeviceClient.app/Contents/MacOS/Karabiner-DriverKit-VirtualHIDDeviceClient\""
];
command = "\"${pkgs.karabiner-elements.driver}/Library/Application Support/org.pqrs/Karabiner-DriverKit-VirtualHIDDevice/Applications/Karabiner-DriverKit-VirtualHIDDeviceClient.app/Contents/MacOS/Karabiner-DriverKit-VirtualHIDDeviceClient\"";
serviceConfig.ProcessType = "Interactive";
serviceConfig.Label = "org.pqrs.Karabiner-DriverKit-VirtualHIDDeviceClient";
serviceConfig.KeepAlive = true;
@ -95,14 +88,11 @@ in
# We need this to run every reboot as /run gets nuked so we can't put this
# inside the preActivation script as it only gets run on darwin-rebuild switch.
launchd.daemons.setsuid_karabiner_session_monitor = {
serviceConfig.ProgramArguments = [
"/bin/sh" "-c"
"/bin/wait4path /nix/store &amp;&amp; ${pkgs.writeScript "setsuid_karabiner_session_monitor" ''
script = ''
rm -rf /run/wrappers
mkdir -p /run/wrappers/bin
install -m4555 "${pkgs.karabiner-elements}/Library/Application Support/org.pqrs/Karabiner-Elements/bin/karabiner_session_monitor" /run/wrappers/bin
''}"
];
'';
serviceConfig.RunAtLoad = true;
serviceConfig.KeepAlive.SuccessfulExit = false;
};

55
modules/services/monitoring/netdata.nix Normal file
View file

@ -0,0 +1,55 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.netdata;
in {
meta.maintainers = [ lib.maintainers.rsrohitsingh682 or "rsrohitsingh682" ];
options = {
services.netdata = {
enable = mkEnableOption "Netdata daemon";
package = lib.mkPackageOption pkgs "netdata" {};
config = mkOption {
type = types.lines;
default = "";
description = "Custom configuration for Netdata";
};
workDir = mkOption {
type = types.path;
default = "/var/lib/netdata";
description = "Working directory for Netdata";
};
logDir = mkOption {
type = types.path;
default = "/var/log/netdata";
description = "Log directory for Netdata";
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
launchd.daemons.netdata = {
serviceConfig = {
Label = "netdata";
KeepAlive = true;
WorkingDirectory = cfg.workDir;
StandardErrorPath = "${cfg.logDir}/netdata.log";
StandardOutPath = "${cfg.logDir}/netdata.log";
};
command = lib.getExe cfg.package;
};
environment.etc."netdata/netdata.conf".text = cfg.config;
system.activationScripts.preActivation.text = ''
mkdir -p ${cfg.workDir}
'';
};
}

2
modules/services/nextdns/default.nix
View file

@ -31,7 +31,7 @@ in {
launchd.daemons.nextdns = {
path = [ nextdns ];
serviceConfig.ProgramArguments =
[ "${pkgs.nextdns}/bin/nextdns" "run" (escapeShellArgs cfg.arguments) ];
[ "${pkgs.nextdns}/bin/nextdns" "run" ] ++ cfg.arguments;
serviceConfig.KeepAlive = true;
serviceConfig.RunAtLoad = true;
};

5
modules/services/nix-daemon.nix
View file

@ -44,10 +44,7 @@ in
nix.useDaemon = true;
launchd.daemons.nix-daemon = {
serviceConfig.ProgramArguments = [
"/bin/sh" "-c"
"/bin/wait4path ${config.nix.package}/bin/nix-daemon &amp;&amp; exec ${config.nix.package}/bin/nix-daemon"
];
command = lib.getExe' config.nix.package "nix-daemon";
serviceConfig.ProcessType = config.nix.daemonProcessType;
serviceConfig.LowPriorityIO = config.nix.daemonIOLowPriority;
serviceConfig.Label = "org.nixos.nix-daemon"; # must match daemon installed by Nix regardless of the launchd label Prefix

5
modules/services/nix-optimise/default.nix
View file

@ -62,11 +62,8 @@ in
launchd.daemons.nix-optimise = {
environment.NIX_REMOTE = optionalString config.nix.useDaemon "daemon";
command = "${lib.getExe' config.nix.package "nix-store"} --optimise";
serviceConfig = {
ProgramArguments = [
"/bin/sh" "-c"
"/bin/wait4path ${config.nix.package} &amp;&amp; exec ${config.nix.package}/bin/nix-store --optimise"
];
RunAtLoad = false;
StartCalendarInterval = cfg.interval;
UserName = cfg.user;

4
modules/services/sketchybar/default.nix
View file

@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) literalExpression maintainers mkEnableOption mkIf mkPackageOptionMD mkOption optionals types;
inherit (lib) literalExpression maintainers mkEnableOption mkIf mkPackageOption mkOption optionals types;
cfg = config.services.sketchybar;
@ -17,7 +17,7 @@ in
options.services.sketchybar = {
enable = mkEnableOption "sketchybar";
package = mkPackageOptionMD pkgs "sketchybar" { };
package = mkPackageOption pkgs "sketchybar" { };
extraPackages = mkOption {
type = types.listOf types.package;

5
modules/services/tailscale.nix
View file

@ -54,12 +54,9 @@ in
launchd.daemons.tailscaled = {
# derived from
# https://github.com/tailscale/tailscale/blob/main/cmd/tailscaled/install_darwin.go#L30
command = lib.getExe' cfg.package "tailscaled";
serviceConfig = {
Label = "com.tailscale.tailscaled";
ProgramArguments = [
"/bin/sh" "-c"
"/bin/wait4path ${cfg.package} &amp;&amp; ${cfg.package}/bin/tailscaled"
];
RunAtLoad = true;
};
};

2
modules/system/activation-scripts.nix
View file

@ -101,6 +101,8 @@ in
${cfg.activationScripts.preUserActivation.text}
# This should be running at the system level, but as user activation runs first
# we run it here with sudo
${cfg.activationScripts.createRun.text}
${cfg.activationScripts.checks.text}
${cfg.activationScripts.etcChecks.text}

112
modules/system/checks.nix
View file

@ -46,13 +46,60 @@ let
oldBuildUsers = ''
if dscl . -list /Users | grep -q '^nixbld'; then
echo "warning: Detected old style nixbld users" >&2
echo "error: Detected old style nixbld users, aborting activation" >&2
echo "These can cause migration problems when upgrading to certain macOS versions" >&2
echo "You can enable the following option to migrate to new style nixbld users" >&2
echo >&2
echo " nix.configureBuildUsers = true;" >&2
echo >&2
echo "or disable this check with" >&2
echo >&2
echo " system.checks.verifyBuildUsers = false;" >&2
echo >&2
exit 2
fi
'';
preSequoiaBuildUsers = ''
${lib.optionalString config.nix.configureBuildUsers ''
# Dont complain when were about to migrate oldstyle build users…
if ! dscl . -list /Users | grep -q '^nixbld'; then
''}
firstBuildUserID=$(dscl . -read /Users/_nixbld1 UniqueID | awk '{print $2}')
if [[ $firstBuildUserID != ${toString (config.ids.uids.nixbld + 1)} ]]; then
printf >&2 '\e[1;31merror: Build users have unexpected UIDs, aborting activation\e[0m\n'
printf >&2 'The default Nix build user ID range has been adjusted for\n'
printf >&2 'compatibility with macOS Sequoia 15. Your _nixbld1 user currently has\n'
printf >&2 'UID %d rather than the new default of 351.\n' "$firstBuildUserID"
printf >&2 '\n'
printf >&2 'You can automatically migrate the users with the following command:\n'
printf >&2 '\n'
if [[ -e /nix/receipt.json ]]; then
if
${pkgs.jq}/bin/jq --exit-status \
'try(.planner.settings | has("enable_flakes"))' \
/nix/receipt.json \
>/dev/null
then
installerUrl="https://install.lix.systems/lix"
else
installerUrl="https://install.determinate.systems/nix"
fi
printf >&2 " curl --proto '=https' --tlsv1.2 -sSf -L %s | sh -s -- repair sequoia --move-existing-users\n" \
"$installerUrl"
else
printf >&2 " curl --proto '=https' --tlsv1.2 -sSf -L https://github.com/NixOS/nix/raw/master/scripts/sequoia-nixbld-user-migration.sh | bash -\n"
fi
printf >&2 '\n'
printf >&2 'If you have no intention of upgrading to macOS Sequoia 15, or already\n'
printf >&2 'have a custom UID range that you know is compatible with Sequoia, you\n'
printf >&2 'can disable this check by setting:\n'
printf >&2 '\n'
printf >&2 ' ids.uids.nixbld = %d;\n' "$((firstBuildUserID - 1))"
printf >&2 '\n'
exit 2
fi
${lib.optionalString config.nix.configureBuildUsers "fi"}
'';
buildUsers = ''
@ -70,6 +117,32 @@ let
fi
'';
buildGroupID = ''
buildGroupID=$(dscl . -read /Groups/nixbld PrimaryGroupID | awk '{print $2}')
expectedBuildGroupID=${toString config.ids.gids.nixbld}
if [[ $buildGroupID != $expectedBuildGroupID ]]; then
printf >&2 '\e[1;31merror: Build user group has mismatching GID, aborting activation\e[0m\n'
printf >&2 'The default Nix build user group ID was changed from 30000 to 350.\n'
printf >&2 'You are currently managing Nix build users with nix-darwin, but your\n'
printf >&2 'nixbld group has GID %d, whereas we expected %d.\n' \
"$buildGroupID" "$expectedBuildGroupID"
printf >&2 '\n'
printf >&2 'Possible causes include setting up a new Nix installation with an\n'
printf >&2 'existing nix-darwin configuration, setting up a new nix-darwin\n'
printf >&2 'installation with an existing Nix installation, or manually increasing\n'
printf >&2 'your `system.stateVersion` setting.\n'
printf >&2 '\n'
printf >&2 'You can set the configured group ID to match the actual value:\n'
printf >&2 '\n'
printf >&2 ' ids.gids.nixbld = %d;\n' "$buildGroupID"
printf >&2 '\n'
printf >&2 'We do not recommend trying to change the group ID with macOS user\n'
printf >&2 'management tools without a complete uninstallation and reinstallation\n'
printf >&2 'of Nix.\n'
exit 2
fi
'';
singleUser = ''
if grep -q 'build-users-group =' /etc/nix/nix.conf; then
echo "error: The daemon is not enabled but this is a multi-user install, aborting activation" >&2
@ -197,11 +270,33 @@ let
echo "error: A single-user install can't run optimiser as root, aborting activation" >&2
echo "Configure the optimiser to run as the current user:" >&2
echo >&2
echo " nix.optimiser.user = \"$USER\";" >&2
echo " nix.optimise.user = \"$USER\";" >&2
echo >&2
exit 2
fi
'';
# TODO: Remove this a couple years down the line when we can assume
# that anyone who cares about security has upgraded.
oldSshAuthorizedKeysDirectory = ''
if [[ -d /etc/ssh/authorized_keys.d ]]; then
printf >&2 '\e[1;31merror: /etc/ssh/authorized_keys.d exists, aborting activation\e[0m\n'
printf >&2 'SECURITY NOTICE: The previous implementation of the\n'
printf >&2 '`users.users.<name>.openssh.authorizedKeys.*` options would not delete\n'
printf >&2 'authorized keys files when the setting for a given user was removed.\n'
printf >&2 '\n'
printf >&2 "This means that if you previously stopped managing a user's authorized\n"
printf >&2 'SSH keys with nix-darwin, or intended to revoke their access by\n'
printf >&2 'removing the option, the previous set of keys could still be used to\n'
printf >&2 'log in as that user.\n'
printf >&2 '\n'
printf >&2 'You can check the /etc/ssh/authorized_keys.d directory to see which\n'
printf >&2 'keys were permitted; afterwards, please remove the directory and\n'
printf >&2 're-run activation. The options continue to be supported and will now\n'
printf >&2 'correctly permit only the keys in your current system configuration.\n'
exit 2
fi
'';
in
{
@ -214,13 +309,15 @@ in
system.checks.verifyNixChannels = mkOption {
type = types.bool;
default = true;
default = config.nix.channel.enable;
description = "Whether to run the nix-channels validation checks.";
};
system.checks.verifyBuildUsers = mkOption {
type = types.bool;
default = true;
default =
(config.nix.useDaemon && !(config.nix.settings.auto-allocate-uids or false))
|| config.nix.configureBuildUsers;
description = "Whether to run the Nix build users validation checks.";
};
@ -236,8 +333,10 @@ in
system.checks.text = mkMerge [
darwinChanges
runLink
oldBuildUsers
(mkIf (config.nix.useDaemon && cfg.verifyBuildUsers) buildUsers)
(mkIf (cfg.verifyBuildUsers && !config.nix.configureBuildUsers) oldBuildUsers)
(mkIf cfg.verifyBuildUsers buildUsers)
(mkIf cfg.verifyBuildUsers preSequoiaBuildUsers)
(mkIf config.nix.configureBuildUsers buildGroupID)
(mkIf (!config.nix.useDaemon) singleUser)
nixStore
(mkIf (config.nix.gc.automatic && config.nix.gc.user == null) nixGarbageCollector)
@ -245,6 +344,7 @@ in
(mkIf cfg.verifyNixChannels nixChannels)
nixInstaller
(mkIf cfg.verifyNixPath nixPath)
oldSshAuthorizedKeysDirectory
];
system.activationScripts.checks.text = ''

11
modules/system/defaults-write.nix
View file

@ -32,6 +32,7 @@ let
trackpadBluetooth = defaultsToList "com.apple.driver.AppleBluetoothMultitouch.trackpad" cfg.trackpad;
universalaccess = defaultsToList "com.apple.universalaccess" cfg.universalaccess;
ActivityMonitor = defaultsToList "com.apple.ActivityMonitor" cfg.ActivityMonitor;
WindowManager = defaultsToList "com.apple.WindowManager" cfg.WindowManager;
CustomUserPreferences = flatten (mapAttrsToList (name: value: defaultsToList name value) cfg.CustomUserPreferences);
CustomSystemPreferences = flatten (mapAttrsToList (name: value: defaultsToList name value) cfg.CustomSystemPreferences);
@ -85,6 +86,7 @@ in
universalaccess
ActivityMonitor
CustomUserPreferences
WindowManager
]
''
# Set defaults
@ -107,6 +109,15 @@ in
${concatStringsSep "\n" universalaccess}
${concatStringsSep "\n" ActivityMonitor}
${concatStringsSep "\n" CustomUserPreferences}
${concatStringsSep "\n" WindowManager}
${optionalString (length dock > 0) ''
# Only restart Dock if current user is logged in
if pgrep -xu $UID Dock; then
echo >&2 "restarting Dock..."
killall Dock || true
fi
''}
'';
};

17
modules/system/defaults/NSGlobalDomain.nix
View file

@ -7,7 +7,6 @@ let
inherit (config.lib.defaults.types) floatWithDeprecationError;
in {
options = {
system.defaults.NSGlobalDomain.AppleShowAllFiles = mkOption {
type = types.nullOr types.bool;
default = null;
@ -96,6 +95,14 @@ in {
'';
};
system.defaults.NSGlobalDomain.AppleSpacesSwitchOnActivate = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Whether or not to switch to a workspace that has a window of the application open, that is switched to. The default is true.
'';
};
system.defaults.NSGlobalDomain.NSAutomaticCapitalizationEnabled = mkOption {
type = types.nullOr types.bool;
default = null;
@ -104,6 +111,14 @@ in {
'';
};
system.defaults.NSGlobalDomain.NSAutomaticInlinePredictionEnabled = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Whether to enable inline predictive text. The default is true.
'';
};
system.defaults.NSGlobalDomain.NSAutomaticDashSubstitutionEnabled = mkOption {
type = types.nullOr types.bool;
default = null;

76
modules/system/defaults/WindowManager.nix Normal file
View file

@ -0,0 +1,76 @@
{ config, lib, ... }:
with lib;
{
options = {
system.defaults.WindowManager.GloballyEnabled = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Enable Stage Manager
Stage Manager arranges your recent windows into a single strip for reduced clutter and quick access. Default is false.
'';
};
system.defaults.WindowManager.EnableStandardClickToShowDesktop = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Click wallpaper to reveal desktop
Clicking your wallpaper will move all windows out of the way to allow access to your desktop items and widgets. Default is true.
false means "Only in Stage Manager"
true means "Always"
'';
};
system.defaults.WindowManager.AutoHide = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Auto hide stage strip showing recent apps. Default is false.
'';
};
system.defaults.WindowManager.AppWindowGroupingBehavior = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Grouping strategy when showing windows from an application.
false means "One at a time"
true means "All at once"
'';
};
system.defaults.WindowManager.StandardHideDesktopIcons = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Hide items on desktop.
'';
};
system.defaults.WindowManager.HideDesktop = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Hide items in Stage Manager.
'';
};
system.defaults.WindowManager.StandardHideWidgets = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Hide widgets on desktop.
'';
};
system.defaults.WindowManager.StageManagerHideWidgets = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Hide widgets in Stage Manager.
'';
};
};
}

10
modules/system/defaults/dock.nix
View file

@ -20,7 +20,7 @@ in {
type = types.nullOr types.bool;
default = null;
description = ''
Whether to automatically hide and show the dock. The default is false.
Whether to automatically hide and show the dock. The default is false.
'';
};
@ -173,6 +173,14 @@ in {
'';
};
system.defaults.dock.slow-motion-allowed = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Allow for slow-motion minimize effect while holding Shift key. The default is false.
'';
};
system.defaults.dock.static-only = mkOption {
type = types.nullOr types.bool;
default = null;

8
modules/system/defaults/finder.nix
View file

@ -80,6 +80,14 @@ with lib;
'';
};
system.defaults.finder._FXSortFoldersFirst = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Keep folders on top when sorting by name. The default is false.
'';
};
system.defaults.finder.FXEnableExtensionChangeWarning = mkOption {
type = types.nullOr types.bool;
default = null;

19
modules/system/etc.nix
View file

@ -10,7 +10,6 @@ let
};
etc = filter (f: f.enable) (attrValues config.environment.etc);
etcCopy = filter (f: f.copy) (attrValues config.environment.etc);
in
@ -34,9 +33,10 @@ in
''
mkdir -p $out/etc
cd $out/etc
${concatMapStringsSep "\n" (attr: "mkdir -p $(dirname '${attr.target}')") etc}
${concatMapStringsSep "\n" (attr: "ln -s '${attr.source}' '${attr.target}'") etc}
${concatMapStringsSep "\n" (attr: "touch '${attr.target}'.copy") etcCopy}
${concatMapStringsSep "\n" (attr: ''
mkdir -p "$(dirname ${escapeShellArg attr.target})"
ln -s ${escapeShellArgs [ attr.source attr.target ]}
'') etc}
'';
system.activationScripts.etcChecks.text = ''
@ -55,10 +55,6 @@ in
etcStaticFile=/etc/static/$subPath
etcFile=/etc/$subPath
if [[ -e $configFile.copy ]]; then
continue
fi
# We need to check files that exist and aren't already links to
# $etcStaticFile for known hashes.
if [[
@ -109,11 +105,6 @@ in
mkdir -p "$etcDir"
fi
if [[ -e $etcStaticFile.copy ]]; then
cp "$etcStaticFile" "$etcFile"
continue
fi
if [[ -e $etcFile ]]; then
if [[ $(readlink -- "$etcFile") == "$etcStaticFile" ]]; then
continue
@ -130,7 +121,7 @@ in
# Delete stale links into /etc/static.
if [[
$(readlink "$etcFile") == "$etcStaticFile"
$(readlink -- "$etcFile") == "$etcStaticFile"
&& ! -e $etcStaticFile
]]; then
rm "$etcFile"

14
modules/system/keyboard.nix
View file

@ -38,6 +38,12 @@ in
description = "Whether to swap the left Command key and left Alt key.";
};
system.keyboard.swapLeftCtrlAndFn = mkOption {
type = types.bool;
default = false;
description = "Whether to swap the left Control key and Fn (Globe) key.";
};
system.keyboard.userKeyMapping = mkOption {
internal = true;
type = types.listOf (types.attrsOf types.int);
@ -66,6 +72,14 @@ in
HIDKeyboardModifierMappingSrc = 30064771298;
HIDKeyboardModifierMappingDst = 30064771299;
})
(mkIf cfg.swapLeftCtrlAndFn {
HIDKeyboardModifierMappingSrc = 30064771296;
HIDKeyboardModifierMappingDst = 1095216660483;
})
(mkIf cfg.swapLeftCtrlAndFn {
HIDKeyboardModifierMappingSrc = 1095216660483;
HIDKeyboardModifierMappingDst = 30064771296;
})
];
system.activationScripts.keyboard.text = optionalString cfg.enableKeyMapping ''

34
modules/system/version.nix
View file

@ -5,8 +5,6 @@ with lib;
let
cfg = config.system;
defaultStateVersion = options.system.stateVersion.default;
# Based on `lib.trivial.revisionWithDefault` from nixpkgs.
gitRevision = path:
if pathIsGitRepo "${path}/.git"
@ -34,8 +32,9 @@ in
{
options = {
system.stateVersion = mkOption {
type = types.int;
default = 4;
type = types.ints.between 1 config.system.maxStateVersion;
# TODO: Remove this default and the assertion below.
default = config.system.maxStateVersion;
description = ''
Every once in a while, a new NixOS release may change
configuration defaults in a way incompatible with stateful
@ -49,6 +48,12 @@ in
'';
};
system.maxStateVersion = mkOption {
internal = true;
type = types.int;
default = 5;
};
system.darwinLabel = mkOption {
type = types.str;
description = "Label to be used in the names of generated outputs.";
@ -121,9 +126,22 @@ in
# documentation is not reprocessed on every commit
system.darwinLabel = mkDefault "${cfg.nixpkgsVersion}+${cfg.darwinVersion}";
assertions = [ {
assertion = cfg.stateVersion <= defaultStateVersion;
message = "system.stateVersion = ${toString cfg.stateVersion}; is not a valid value";
} ];
assertions = [
{
assertion = options.system.stateVersion.highestPrio != (lib.mkOptionDefault { }).priority;
message = ''
The `system.stateVersion` option is not defined in your
nix-darwin configuration. The value is used to conditionalize
backwardsincompatible changes in default settings. You should
usually set this once when installing nix-darwin on a new system
and then never change it (at least without reading all the relevant
entries in the changelog using `darwin-rebuild changelog`).
You can use the current value for new installations as follows:
system.stateVersion = ${toString config.system.maxStateVersion};
'';
}
];
};
}

5
modules/users/group.nix
View file

@ -13,10 +13,7 @@ with lib;
};
gid = mkOption {
type = mkOptionType {
name = "gid";
check = t: isInt t && t > 501;
};
type = types.int;
description = "The group's GID.";
};

24
pkgs/nix-tools/darwin-rebuild.sh
View file

@ -11,8 +11,8 @@ showSyntax() {
echo " [-Q] [{--max-jobs | -j} number] [--cores number] [--dry-run]" >&2
echo " [--keep-going] [-k] [--keep-failed] [-K] [--fallback] [--show-trace]" >&2
echo " [-I path] [--option name value] [--arg name value] [--argstr name value]" >&2
echo " [--flake flake] [--update-input input flake] [--impure] [--recreate-lock-file]" >&2
echo " [--no-update-lock-file] [--refresh]" >&2
echo " [--flake flake] [--no-flake] [--update-input input flake] [--impure]" >&2
echo " [--recreate-lock-file] [--no-update-lock-file] [--refresh]" >&2
echo " [--offline] [--substituters substituters-list] ..." >&2
exit 1
}
@ -34,6 +34,7 @@ extraProfileFlags=()
profile=@profile@
action=
flake=
noFlake=
while [ $# -gt 0 ]; do
i=$1; shift 1
@ -77,6 +78,9 @@ while [ $# -gt 0 ]; do
flake=$1
shift 1
;;
--no-flake)
noFlake=1
;;
-L|-vL|--print-build-logs|--impure|--recreate-lock-file|--no-update-lock-file|--no-write-lock-file|--no-registries|--commit-lock-file|--refresh)
extraLockFlags+=("$i")
;;
@ -137,6 +141,14 @@ if [ -z "$action" ]; then showSyntax; fi
flakeFlags=(--extra-experimental-features 'nix-command flakes')
# Use /etc/nix-darwin/flake.nix if it exists. It can be a symlink to the
# actual flake.
if [[ -z $flake && -e /etc/nix-darwin/flake.nix && -z $noFlake ]]; then
flake="$(dirname "$(readlink -f /etc/nix-darwin/flake.nix)")"
fi
# For convenience, use the hostname as the default configuration to
# build from the flake.
if [ -n "$flake" ]; then
# Offical regex from https://www.rfc-editor.org/rfc/rfc3986#appendix-B
if [[ "${flake}" =~ ^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))? ]]; then
@ -191,7 +203,7 @@ if [ "$action" = edit ]; then
fi
fi
if [ "$action" = switch ] || [ "$action" = build ] || [ "$action" = check ]; then
if [ "$action" = switch ] || [ "$action" = build ] || [ "$action" = check ] || [ "$action" = changelog ]; then
echo "building the system configuration..." >&2
if [ -z "$flake" ]; then
systemConfig="$(nix-build '<darwin>' "${extraBuildFlags[@]}" -A system)"
@ -240,11 +252,7 @@ if [ "$action" = switch ] || [ "$action" = activate ] || [ "$action" = rollback
fi
if [ "$action" = changelog ]; then
echo >&2
echo "CHANGELOG" >&2
echo >&2
head -n 32 "$systemConfig/darwin-changes"
echo >&2
${PAGER:-less} -- "$systemConfig/darwin-changes"
fi
if [ "$action" = check ]; then

14
release.nix
View file

@ -40,6 +40,8 @@ let
};
config = {
system.stateVersion = lib.mkDefault config.system.maxStateVersion;
system.build.run-test = pkgs.runCommand "darwin-test-${testName}"
{ allowSubstitutes = false; preferLocalBuild = true; }
''
@ -71,6 +73,10 @@ let
nano emacs vim;
};
manual = buildFromConfig ({ lib, config, ... }: {
system.stateVersion = lib.mkDefault config.system.maxStateVersion;
}) (config: config.system.build.manual);
jobs = {
unstable = pkgs.releaseTools.aggregate {
@ -92,9 +98,9 @@ let
meta.description = "Release-critical builds for the darwin channel";
};
manualHTML = buildFromConfig ({ ... }: { }) (config: config.system.build.manual.manualHTML);
manpages = buildFromConfig ({ ... }: { }) (config: config.system.build.manual.manpages);
options = buildFromConfig ({ ... }: { }) (config: config.system.build.manual.optionsJSON);
manualHTML = manual.manualHTML;
manpages = manual.manpages;
options = manual.optionsJSON;
examples.hydra = makeSystem ./modules/examples/hydra.nix;
examples.lnl = makeSystem ./modules/examples/lnl.nix;
@ -128,6 +134,7 @@ let
tests.services-nix-gc = makeTest ./tests/services-nix-gc.nix;
tests.services-nix-optimise = makeTest ./tests/services-nix-optimise.nix;
tests.services-nextdns = makeTest ./tests/services-nextdns.nix;
tests.services-netdata = makeTest ./tests/services-netdata.nix;
tests.services-ofborg = makeTest ./tests/services-ofborg.nix;
tests.services-offlineimap = makeTest ./tests/services-offlineimap.nix;
tests.services-privoxy = makeTest ./tests/services-privoxy.nix;
@ -138,6 +145,7 @@ let
tests.services-synapse-bt = makeTest ./tests/services-synapse-bt.nix;
tests.services-synergy = makeTest ./tests/services-synergy.nix;
tests.services-yabai = makeTest ./tests/services-yabai.nix;
tests.services-jankyborders = makeTest ./tests/services-jankyborders.nix;
tests.system-defaults-write = makeTest ./tests/system-defaults-write.nix;
tests.system-environment = makeTest ./tests/system-environment.nix;
tests.system-keyboard-mapping = makeTest ./tests/system-keyboard-mapping.nix;

16
tests/autossh.nix
View file

@ -1,17 +1,19 @@
{ config, pkgs, ... }:
{
services.autossh.sessions = [ {
name = "foo";
user = "jfelice";
extraArguments = "-i /some/key -T -N bar.eraserhead.net";
} ];
services.autossh.sessions = [
{
name = "foo";
user = "jfelice";
extraArguments = "-i /some/key -T -N bar.eraserhead.net";
}
];
test = ''
plist=${config.out}/Library/LaunchDaemons/org.nixos.autossh-foo.plist
test -f $plist
grep '<string>exec /nix/store/.*/bin/autossh ' $plist
grep '<string>exec.*-i /some/key ' $plist
grep '<string>/bin/wait4path /nix/store &amp;&amp; exec /nix/store/.*/bin/autossh ' $plist
grep '<string>/bin/wait4path /nix/store &amp;&amp; exec.*-i /some/key ' $plist
tr -d '\n\t ' <$plist |grep '<key>KeepAlive</key><true */>'
'';
}

106
tests/fixtures/system-defaults-write/activate-user.txt vendored
View file

@ -48,6 +48,11 @@ defaults write -g 'AppleShowScrollBars' $'<?xml version="1.0" encoding="UTF-8"?>
<plist version="1.0">
<string>Always</string>
</plist>'
defaults write -g 'AppleSpacesSwitchOnActivate' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write -g 'AppleWindowTabbingMode' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
@ -73,6 +78,11 @@ defaults write -g 'NSAutomaticDashSubstitutionEnabled' $'<?xml version="1.0" enc
<plist version="1.0">
<false/>
</plist>'
defaults write -g 'NSAutomaticInlinePredictionEnabled' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write -g 'NSAutomaticPeriodSubstitutionEnabled' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
@ -289,7 +299,61 @@ defaults write com.apple.dock 'persistent-others' $'<?xml version="1.0" encoding
</dict>
</array>
</plist>'
defaults write com.apple.finder 'AppleShowAllExtensions' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.finder 'AppleShowAllFiles' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.finder 'CreateDesktop' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write com.apple.finder 'FXDefaultSearchScope' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<string>SCcf</string>
</plist>'
defaults write com.apple.finder 'FXEnableExtensionChangeWarning' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write com.apple.finder 'FXPreferredViewStyle' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<string>Flwv</string>
</plist>'
defaults write com.apple.finder 'QuitMenuItem' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.finder 'ShowPathbar' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.finder 'ShowStatusBar' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.finder '_FXShowPosixPathInTitle' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.finder '_FXSortFoldersFirst' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.screencapture 'location' $'<?xml version="1.0" encoding="UTF-8"?>
@ -370,3 +434,43 @@ defaults write com.apple.Safari 'com.apple.Safari.ContentPageGroupIdentifier.Web
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.WindowManager 'AppWindowGroupingBehavior' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.WindowManager 'AutoHide' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write com.apple.WindowManager 'EnableStandardClickToShowDesktop' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write com.apple.WindowManager 'GloballyEnabled' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write com.apple.WindowManager 'HideDesktop' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write com.apple.WindowManager 'StageManagerHideWidgets' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.WindowManager 'StandardHideDesktopIcons' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write com.apple.WindowManager 'StandardHideWidgets' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'

6
tests/networking-hostname.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ lib, config, pkgs, ... }:
{
networking.hostName = "EVE";
@ -7,8 +7,8 @@
test = ''
echo checking hostname in /activate >&2
grep "scutil --set ComputerName 'EVEs MacBook Pro'" ${config.out}/activate
grep "scutil --set LocalHostName 'EVE'" ${config.out}/activate
grep "scutil --set HostName 'EVE'" ${config.out}/activate
grep "scutil --set LocalHostName ${lib.escapeShellArg "EVE"}" ${config.out}/activate
grep "scutil --set HostName ${lib.escapeShellArg "EVE"}" ${config.out}/activate
echo checking defaults write in ${config.out}/activate-user >&2
'';
}

8
tests/programs-ssh.nix
View file

@ -12,9 +12,9 @@
echo >&2 "checking for github.com in /etc/ssh/ssh_known_hosts"
grep 'github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==' ${config.out}/etc/ssh/ssh_known_hosts
echo >&2 "checking for authorized keys for foo in /etc/ssh/authorized_keys.d/foo"
grep 'ssh-ed25519 AAAA...' ${config.out}/etc/ssh/authorized_keys.d/foo
echo >&2 "checking for authorized keys' path in /etc/ssh/sshd_config.d/101-authorized-keys.conf"
grep 'AuthorizedKeysFile %h/.ssh/authorized_keys /etc/ssh/authorized_keys.d/%u' ${config.out}/etc/ssh/sshd_config.d/101-authorized-keys.conf
echo >&2 "checking for authorized keys for foo in /etc/ssh/nix_authorized_keys.d/foo"
grep 'ssh-ed25519 AAAA...' ${config.out}/etc/ssh/nix_authorized_keys.d/foo
echo >&2 "checking for authorized keys command in /etc/ssh/sshd_config.d/101-authorized-keys.conf"
grep 'AuthorizedKeysCommand /bin/cat /etc/ssh/nix_authorized_keys.d/%u' ${config.out}/etc/ssh/sshd_config.d/101-authorized-keys.conf
'';
}

2
tests/programs-zsh.nix
View file

@ -22,8 +22,6 @@
echo >&2 "checking setEnvironment in /etc/zshenv"
fgrep '. ${config.system.build.setEnvironment}' ${config.out}/etc/zshenv
echo >&2 "checking nix-shell return /etc/zshenv"
grep 'if test -n "$IN_NIX_SHELL"; then return; fi' ${config.out}/etc/zshenv
echo >&2 "checking zshenv.d in /etc/zshenv"
grep 'source /etc/zshenv.d/\*.conf' ${config.out}/etc/zshenv

2
tests/services-activate-system-changed-label-prefix.nix
View file

@ -9,7 +9,7 @@
grep "org.nix-darwin.activate-system" ${config.out}/Library/LaunchDaemons/org.nix-darwin.activate-system.plist
echo checking activation of /run/current-system >&2
script=$(cat ${config.out}/Library/LaunchDaemons/org.nix-darwin.activate-system.plist | awk -F'[< ]' '$3 ~ "^/nix/store/.*" {print $3}')
script=$(cat ${config.out}/Library/LaunchDaemons/org.nix-darwin.activate-system.plist | awk -F'[< ]' '$6 ~ "^/nix/store/.*" {print $6}')
grep "ln -sfn .* /run/current-system" "$script"
'';
}

2
tests/services-activate-system.nix
View file

@ -8,7 +8,7 @@
grep "org.nixos.activate-system" ${config.out}/Library/LaunchDaemons/org.nixos.activate-system.plist
echo checking activation of /run/current-system >&2
script=$(cat ${config.out}/Library/LaunchDaemons/org.nixos.activate-system.plist | awk -F'[< ]' '$3 ~ "^/nix/store/.*" {print $3}')
script=$(cat ${config.out}/Library/LaunchDaemons/org.nixos.activate-system.plist | awk -F'[< ]' '$6 ~ "^/nix/store/.*" {print $6}')
grep "ln -sfn .* /run/current-system" "$script"
'';
}

4
tests/services-buildkite-agent.nix
View file

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
let
buildkite-agent = pkgs.runCommand "buildkite-agent-0.0.0" {} "mkdir $out";
buildkite-agent = pkgs.runCommand "buildkite-agent-0.0.0" { } "mkdir $out";
tokenPath = pkgs.writeText "buildkite_token" "TEST_TOKEN";
in
@ -20,7 +20,7 @@ in
grep "org.nixos.buildkite-agent-test" ${config.out}/Library/LaunchDaemons/org.nixos.buildkite-agent-test.plist
echo "checking creation of buildkite-agent service config" >&2
script=$(cat ${config.out}/Library/LaunchDaemons/org.nixos.buildkite-agent-test.plist | awk -F'[< ]' '$3 ~ "^/nix/store/.*" {print $3}')
script=$(cat ${config.out}/Library/LaunchDaemons/org.nixos.buildkite-agent-test.plist | awk -F'[< ]' '$6 ~ "^/nix/store/.*" {print $6}')
grep "yolo=1" "$script"
grep "${tokenPath}" "$script"

28
tests/services-jankyborders.nix Normal file
View file

@ -0,0 +1,28 @@
{ config, lib, pkgs, ... }:
with lib;
let
jankyborders = pkgs.runCommand "borders-0.0.0" {} "mkdir $out";
in
{
services.jankyborders.enable = true;
services.jankyborders.package = jankyborders;
services.jankyborders.width = 5.0;
services.jankyborders.hidpi = true;
services.jankyborders.active_color = "0xFFFFFFFF";
services.jankyborders.order = "below";
test = ''
echo >&2 "checking jankyborders service in ~/Library/LaunchAgents"
grep "org.nixos.jankyborders" ${config.out}/user/Library/LaunchAgents/org.nixos.jankyborders.plist
grep "${jankyborders}/bin/borders" ${config.out}/user/Library/LaunchAgents/org.nixos.jankyborders.plist
echo >&2 "checking jankyborders config arguments"
grep "width=5.000000" ${config.out}/user/Library/LaunchAgents/org.nixos.jankyborders.plist
grep "hidpi=on" ${config.out}/user/Library/LaunchAgents/org.nixos.jankyborders.plist
grep "active_color=0xFFFFFFFF" ${config.out}/user/Library/LaunchAgents/org.nixos.jankyborders.plist
grep "order=below" ${config.out}/user/Library/LaunchAgents/org.nixos.jankyborders.plist
'';
}

25
tests/services-lorri.nix
View file

@ -1,14 +1,29 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
plistPath = "${config.out}/user/Library/LaunchAgents/org.nixos.lorri.plist";
expectedPath = "${lib.makeBinPath [config.nix.package pkgs.git pkgs.gnutar pkgs.gzip]}";
expectedNixPath = "${"nixpkgs="+ toString pkgs.path}";
expectedPath = "${lib.makeBinPath [
config.nix.package
pkgs.git
pkgs.gnutar
pkgs.gzip
]}";
expectedNixPath = "${"nixpkgs=" + toString pkgs.path}";
in
{
services.lorri.enable = true;
test = ''
PATH=${lib.makeBinPath [ pkgs.xcbuild pkgs.jq ]}:$PATH
PATH=${
lib.makeBinPath [
pkgs.xcbuild
pkgs.jq
]
}:$PATH
plutil -lint ${plistPath}
plutil -convert json -o service.json ${plistPath}
@ -21,7 +36,7 @@ in
<service.json jq -e ".ProgramArguments|length == 3"
<service.json jq -e ".ProgramArguments[0] == \"/bin/sh\""
<service.json jq -e ".ProgramArguments[1] == \"-c\""
<service.json jq -e ".ProgramArguments[2] == \"exec ${pkgs.lorri}/bin/lorri daemon\""
<service.json jq -e ".ProgramArguments[2] == \"/bin/wait4path /nix/store && exec ${pkgs.lorri}/bin/lorri daemon\""
<service.json jq -e ".RunAtLoad == true"
'';
}

19
tests/services-netdata.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, lib, pkgs, ... }:
with lib;
let
netdata = pkgs.runCommand "netdata-0.0.0" {} "mkdir $out";
in
{
services.netdata = {
enable = true;
package = netdata;
};
test = ''
echo >&2 "checking netdata service in launchd daemons"
grep "netdata" ${config.out}/Library/LaunchDaemons/netdata.plist
grep "${netdata}/bin/netdata" ${config.out}/Library/LaunchDaemons/netdata.plist
'';
}

3
tests/services-nextdns.nix
View file

@ -12,6 +12,7 @@ in {
echo >&2 "checking nextdns service in ~/Library/LaunchDaemons"
grep "org.nixos.nextdns" ${config.out}/Library/LaunchDaemons/org.nixos.nextdns.plist
grep "/bin/nextdns" ${config.out}/Library/LaunchDaemons/org.nixos.nextdns.plist
grep "'-config' '10.0.3.0/24=abcdef'" ${config.out}/Library/LaunchDaemons/org.nixos.nextdns.plist
grep -- "-config" ${config.out}/Library/LaunchDaemons/org.nixos.nextdns.plist
grep "10.0.3.0/24=abcdef" ${config.out}/Library/LaunchDaemons/org.nixos.nextdns.plist
'';
}

4
tests/services-nix-gc.nix
View file

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
let
nix = pkgs.runCommand "nix-2.2" {} "mkdir -p $out";
nix = pkgs.runCommand "nix-2.2" { } "mkdir -p $out";
in
{
@ -13,7 +13,7 @@ in
test = ''
echo checking nix-gc service in /Library/LaunchDaemons >&2
grep "<string>org.nixos.nix-gc</string>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-gc.plist
grep "<string>exec ${nix}/bin/nix-collect-garbage --delete-older-than 30d</string>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-gc.plist
grep "<string>/bin/wait4path /nix/store &amp;&amp; exec ${nix}/bin/nix-collect-garbage --delete-older-than 30d</string>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-gc.plist
grep "<key>UserName</key>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-gc.plist
grep "<string>nixuser</string>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-gc.plist

4
tests/services-nix-optimise.nix
View file

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
let
nix = pkgs.runCommand "nix-2.2" {} "mkdir -p $out";
nix = pkgs.runCommand "nix-2.2" { } "mkdir -p $out";
in
{
@ -13,7 +13,7 @@ in
echo checking nix-optimise service in /Library/LaunchDaemons >&2
grep "<string>org.nixos.nix-optimise</string>" \
${config.out}/Library/LaunchDaemons/org.nixos.nix-optimise.plist
grep "<string>/bin/wait4path ${nix} &amp;&amp; exec ${nix}/bin/nix-store --optimise</string>" \
grep "<string>/bin/wait4path /nix/store &amp;&amp; exec ${nix}/bin/nix-store --optimise</string>" \
${config.out}/Library/LaunchDaemons/org.nixos.nix-optimise.plist
grep "<key>UserName</key>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-optimise.plist
grep "<string>nixuser</string>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-optimise.plist

56
tests/system-defaults-write.nix
View file

@ -11,7 +11,9 @@
system.defaults.NSGlobalDomain.AppleShowAllExtensions = true;
system.defaults.NSGlobalDomain.AppleShowScrollBars = "Always";
system.defaults.NSGlobalDomain.AppleScrollerPagingBehavior = true;
system.defaults.NSGlobalDomain.AppleSpacesSwitchOnActivate = false;
system.defaults.NSGlobalDomain.NSAutomaticCapitalizationEnabled = false;
system.defaults.NSGlobalDomain.NSAutomaticInlinePredictionEnabled = false;
system.defaults.NSGlobalDomain.NSAutomaticDashSubstitutionEnabled = false;
system.defaults.NSGlobalDomain.NSAutomaticPeriodSubstitutionEnabled = false;
system.defaults.NSGlobalDomain.NSAutomaticQuoteSubstitutionEnabled = false;
@ -48,6 +50,17 @@
system.defaults.dock.orientation = "left";
system.defaults.dock.persistent-apps = ["MyApp.app" "Cool.app"];
system.defaults.dock.persistent-others = ["~/Documents" "~/Downloads/file.txt"];
system.defaults.finder.AppleShowAllFiles = true;
system.defaults.finder.ShowStatusBar = true;
system.defaults.finder.ShowPathbar = true;
system.defaults.finder.FXDefaultSearchScope = "SCcf";
system.defaults.finder.FXPreferredViewStyle = "Flwv";
system.defaults.finder.AppleShowAllExtensions = true;
system.defaults.finder.CreateDesktop = false;
system.defaults.finder.QuitMenuItem = true;
system.defaults.finder._FXShowPosixPathInTitle = true;
system.defaults.finder._FXSortFoldersFirst = true;
system.defaults.finder.FXEnableExtensionChangeWarning = false;
system.defaults.screencapture.location = "/tmp";
system.defaults.screensaver.askForPassword = true;
system.defaults.screensaver.askForPasswordDelay = 5;
@ -63,25 +76,34 @@
system.defaults.ActivityMonitor.SortColumn = "CPUUsage";
system.defaults.ActivityMonitor.SortDirection = 0;
system.defaults.ActivityMonitor.OpenMainWindow = true;
system.defaults.WindowManager.GloballyEnabled = false;
system.defaults.WindowManager.EnableStandardClickToShowDesktop = false;
system.defaults.WindowManager.AutoHide = false;
system.defaults.WindowManager.AppWindowGroupingBehavior = true;
system.defaults.WindowManager.StandardHideDesktopIcons = false;
system.defaults.WindowManager.HideDesktop = false;
system.defaults.WindowManager.StandardHideWidgets = true;
system.defaults.WindowManager.StageManagerHideWidgets = true;
system.defaults.CustomUserPreferences = {
"NSGlobalDomain" = { "TISRomanSwitchState" = 1; };
"com.apple.Safari" = {
"com.apple.Safari.ContentPageGroupIdentifier.WebKit2DeveloperExtrasEnabled" =
true;
};
"NSGlobalDomain" = { "TISRomanSwitchState" = 1; };
"com.apple.Safari" = {
"com.apple.Safari.ContentPageGroupIdentifier.WebKit2DeveloperExtrasEnabled" =
true;
};
test = lib.strings.concatMapStringsSep "\n" (x: ''
echo >&2 "checking defaults write in /${x}"
${pkgs.python3}/bin/python3 <<EOL
import sys
from pathlib import Path
fixture = '${./fixtures/system-defaults-write}/${x}.txt'
out = '${config.out}/${x}'
if Path(fixture).read_text() not in Path(out).read_text():
print("Did not find content from %s in %s" % (fixture, out), file=sys.stderr)
sys.exit(1)
EOL
'') [
};
test = lib.strings.concatMapStringsSep "\n"
(x: ''
echo >&2 "checking defaults write in /${x}"
${pkgs.python3}/bin/python3 <<EOL
import sys
from pathlib import Path
fixture = '${./fixtures/system-defaults-write}/${x}.txt'
out = '${config.out}/${x}'
if Path(fixture).read_text() not in Path(out).read_text():
print("Did not find content from %s in %s" % (fixture, out), file=sys.stderr)
sys.exit(1)
EOL
'') [
"activate"
"activate-user"
];

3
tests/system-keyboard-mapping.nix
View file

@ -6,6 +6,7 @@
system.keyboard.remapCapsLockToEscape = true;
system.keyboard.nonUS.remapTilde = true;
system.keyboard.swapLeftCommandAndLeftAlt = true;
system.keyboard.swapLeftCtrlAndFn = true;
test = ''
echo checking keyboard mappings in /activate >&2
@ -17,5 +18,7 @@
grep "\"HIDKeyboardModifierMappingDst\":30064771296" ${config.out}/activate
grep "\"HIDKeyboardModifierMappingDst\":30064771298" ${config.out}/activate
grep "\"HIDKeyboardModifierMappingDst\":30064771299" ${config.out}/activate
grep "\"HIDKeyboardModifierMappingDst\":30064771296" ${config.out}/activate
grep "\"HIDKeyboardModifierMappingDst\":1095216660483" ${config.out}/activate
'';
}

6
tests/users-groups.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ lib, config, pkgs, ... }:
{
users.knownGroups = [ "foo" "created.group" "deleted.group" ];
@ -46,9 +46,9 @@
grep "dscl . -create '/Users/foo' IsHidden 0" ${config.out}/activate
grep "dscl . -create '/Users/foo' RealName 'Foo user'" ${config.out}/activate
grep "dscl . -create '/Users/foo' NFSHomeDirectory '/Users/foo'" ${config.out}/activate
grep "dscl . -create '/Users/foo' UserShell '/run/current-system/sw/bin/bash'" ${config.out}/activate
grep "dscl . -create '/Users/foo' UserShell ${lib.escapeShellArg "/run/current-system/sw/bin/bash"}" ${config.out}/activate
grep "dscl . -create '/Users/created.user' UniqueID 42001" ${config.out}/activate
grep "dscl . -create '/Users/created.user' UserShell '/sbin/nologin'" ${config.out}/activate
grep "dscl . -create '/Users/created.user' UserShell ${lib.escapeShellArg "/sbin/nologin"}" ${config.out}/activate
grep "createhomedir -cu 'foo'" ${config.out}/activate
grep -qv "dscl . -delete '/Groups/created.user'" ${config.out}/activate