mirror of
https://github.com/LnL7/nix-darwin.git
synced 2025-04-09 10:42:53 +00:00
Merge pull request #1340 from emilazy/push-ykqknxqmlvmm
[24.11] treewide: add checks for `nix.enable`
This commit is contained in:
Emily
GitHub
commit
353846417f
13 changed files with 108 additions and 31 deletions
|
|
@ -157,6 +157,14 @@ let
|
|||
})
|
||||
];
|
||||
|
||||
managedDefault = name: default: {
|
||||
default = if cfg.enable then default else throw ''
|
||||
${name}: accessed when `nix.enable` is off; this is a bug in
|
||||
nix-darwin or a third‐party module
|
||||
'';
|
||||
defaultText = default;
|
||||
};
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
|
@ -214,9 +222,7 @@ in
|
|||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = warnIf (!cfg.enable)
|
||||
"nix.package: accessed when `nix.enable` is off; this is a bug"
|
||||
pkgs.nix;
|
||||
inherit (managedDefault "nix.package" pkgs.nix) default;
|
||||
defaultText = literalExpression "pkgs.nix";
|
||||
description = ''
|
||||
This option specifies the Nix package instance to use throughout the system.
|
||||
|
|
@ -245,7 +251,7 @@ in
|
|||
|
||||
distributedBuilds = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
inherit (managedDefault "nix.distributedBuilds" false) default defaultText;
|
||||
description = ''
|
||||
Whether to distribute builds to the machines listed in
|
||||
{option}`nix.buildMachines`.
|
||||
|
|
@ -255,7 +261,7 @@ in
|
|||
# Not in NixOS module
|
||||
daemonProcessType = mkOption {
|
||||
type = types.enum [ "Background" "Standard" "Adaptive" "Interactive" ];
|
||||
default = "Standard";
|
||||
inherit (managedDefault "nix.daemonProcessType" "Standard") default defaultText;
|
||||
description = ''
|
||||
Nix daemon process resource limits class. These limits propagate to
|
||||
build processes. `Standard` is the default process type
|
||||
|
|
@ -270,7 +276,7 @@ in
|
|||
# Not in NixOS module
|
||||
daemonIOLowPriority = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
inherit (managedDefault "nix.daemonIOLowPriority" false) default defaultText;
|
||||
description = ''
|
||||
Whether the Nix daemon process should considered to be low priority when
|
||||
doing file system I/O.
|
||||
|
|
@ -398,7 +404,7 @@ in
|
|||
};
|
||||
};
|
||||
});
|
||||
default = [ ];
|
||||
inherit (managedDefault "nix.buildMachines" [ ]) default defaultText;
|
||||
description = ''
|
||||
This option lists the machines to be used if distributed builds are
|
||||
enabled (see {option}`nix.distributedBuilds`).
|
||||
|
|
@ -412,7 +418,7 @@ in
|
|||
envVars = mkOption {
|
||||
type = types.attrs;
|
||||
internal = true;
|
||||
default = { };
|
||||
inherit (managedDefault "nix.envVars" { }) default defaultText;
|
||||
description = "Environment variables used by Nix.";
|
||||
};
|
||||
|
||||
|
|
@ -427,6 +433,7 @@ in
|
|||
|
||||
nrBuildUsers = mkOption {
|
||||
type = types.int;
|
||||
inherit (managedDefault "nix.nrBuildUsers" 0) default defaultText;
|
||||
description = ''
|
||||
Number of `nixbld` user accounts created to
|
||||
perform secure concurrent builds. If you receive an error
|
||||
|
|
@ -454,11 +461,13 @@ in
|
|||
# Definition differs substantially from NixOS module
|
||||
nixPath = mkOption {
|
||||
type = nixPathType;
|
||||
default = lib.optionals cfg.channel.enable [
|
||||
# Include default path <darwin-config>.
|
||||
{ darwin-config = "${config.environment.darwinConfig}"; }
|
||||
"/nix/var/nix/profiles/per-user/root/channels"
|
||||
];
|
||||
inherit (managedDefault "nix.nixPath" (
|
||||
lib.optionals cfg.channel.enable [
|
||||
# Include default path <darwin-config>.
|
||||
{ darwin-config = "${config.environment.darwinConfig}"; }
|
||||
"/nix/var/nix/profiles/per-user/root/channels"
|
||||
]
|
||||
)) default;
|
||||
|
||||
defaultText = lib.literalExpression ''
|
||||
lib.optionals cfg.channel.enable [
|
||||
|
|
@ -480,7 +489,7 @@ in
|
|||
|
||||
checkConfig = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
inherit (managedDefault "nix.checkConfig" true) default defaultText;
|
||||
description = ''
|
||||
If enabled (the default), checks for data type mismatches and that Nix
|
||||
can parse the generated nix.conf.
|
||||
|
|
@ -541,7 +550,7 @@ in
|
|||
};
|
||||
}
|
||||
));
|
||||
default = { };
|
||||
inherit (managedDefault "nix.registry" { }) default defaultText;
|
||||
description = ''
|
||||
A system-wide flake registry.
|
||||
'';
|
||||
|
|
@ -549,7 +558,7 @@ in
|
|||
|
||||
extraOptions = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
inherit (managedDefault "nix.extraOptions" "") default defaultText;
|
||||
example = ''
|
||||
keep-outputs = true
|
||||
keep-derivations = true
|
||||
|
|
@ -718,7 +727,7 @@ in
|
|||
};
|
||||
};
|
||||
};
|
||||
default = { };
|
||||
inherit (managedDefault "nix.settings" { }) default defaultText;
|
||||
description = ''
|
||||
Configuration for Nix, see
|
||||
<https://nixos.org/manual/nix/stable/#sec-conf-file>
|
||||
|
|
|
|||
|
|
@ -160,6 +160,13 @@ in
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
assertions = [
|
||||
{
|
||||
assertion = config.nix.enable;
|
||||
message = ''`nix.linux-builder.enable` requires `nix.enable`'';
|
||||
}
|
||||
];
|
||||
|
||||
system.activationScripts.preActivation.text = ''
|
||||
mkdir -p ${cfg.workingDirectory}
|
||||
'';
|
||||
|
|
|
|||
|
|
@ -37,8 +37,8 @@ in
|
|||
setNixPath = mkOption {
|
||||
type = types.bool;
|
||||
|
||||
default = cfg.source != null;
|
||||
defaultText = "config.nixpkgs.flake.source != null";
|
||||
default = config.nix.enable && cfg.source != null;
|
||||
defaultText = literalExpression ''config.nix.enable && nixpkgs.flake.source != null'';
|
||||
|
||||
description = ''
|
||||
Whether to set {env}`NIX_PATH` to include `nixpkgs=flake:nixpkgs` such that `<nixpkgs>`
|
||||
|
|
@ -57,8 +57,8 @@ in
|
|||
setFlakeRegistry = mkOption {
|
||||
type = types.bool;
|
||||
|
||||
default = cfg.source != null;
|
||||
defaultText = "config.nixpkgs.flake.source != null";
|
||||
default = config.nix.enable && cfg.source != null;
|
||||
defaultText = literalExpression ''config.nix.enable && config.nixpkgs.flake.source != null'';
|
||||
|
||||
description = ''
|
||||
Whether to pin nixpkgs in the system-wide flake registry (`/etc/nix/registry.json`) to the
|
||||
|
|
@ -85,6 +85,18 @@ in
|
|||
be set, since it is implemented in terms of indirection through the flake registry.
|
||||
'';
|
||||
}
|
||||
|
||||
# TODO: Upstream these to NixOS.
|
||||
|
||||
{
|
||||
assertion = cfg.setNixPath -> config.nix.enable;
|
||||
message = ''`nixpkgs.flake.setNixPath` requires `nix.enable`'';
|
||||
}
|
||||
|
||||
{
|
||||
assertion = cfg.setFlakeRegistry -> config.nix.enable;
|
||||
message = ''`nixpkgs.flake.setFlakeRegistry` requires `nix.enable`'';
|
||||
}
|
||||
];
|
||||
}
|
||||
(mkIf cfg.setFlakeRegistry {
|
||||
|
|
|
|||
|
|
@ -21,7 +21,9 @@
|
|||
ln -sfn $(cat ${config.system.profile}/systemConfig) /run/current-system
|
||||
|
||||
# Prevent the current configuration from being garbage-collected.
|
||||
ln -sfn /run/current-system /nix/var/nix/gcroots/current-system
|
||||
if [[ -d /nix/var/nix/gcroots ]]; then
|
||||
ln -sfn /run/current-system /nix/var/nix/gcroots/current-system
|
||||
fi
|
||||
|
||||
${config.system.activationScripts.etcChecks.text}
|
||||
${config.system.activationScripts.etc.text}
|
||||
|
|
|
|||
|
|
@ -51,6 +51,14 @@ in {
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
# TODO: Upstream this to NixOS.
|
||||
assertions = [
|
||||
{
|
||||
assertion = config.nix.enable;
|
||||
message = ''`services.cachix-agent.enable` requires `nix.enable`'';
|
||||
}
|
||||
];
|
||||
|
||||
launchd.daemons.cachix-agent = {
|
||||
script = ''
|
||||
. ${cfg.credentialsFile}
|
||||
|
|
|
|||
|
|
@ -13,6 +13,11 @@ in
|
|||
{
|
||||
config.assertions = flatten (
|
||||
flip mapAttrsToList config.services.github-runners (name: cfg: map (mkIf cfg.enable) [
|
||||
# TODO: Upstream this to NixOS.
|
||||
{
|
||||
assertion = config.nix.enable;
|
||||
message = ''`services.github-runners.${name}.enable` requires `nix.enable`'';
|
||||
}
|
||||
{
|
||||
assertion = (cfg.user == null && cfg.group == null) || (cfg.user != null);
|
||||
message = "`services.github-runners.${name}`: Either set `user` and `group` to `null` to have nix-darwin manage them or set at least `user` explicitly";
|
||||
|
|
|
|||
|
|
@ -22,6 +22,14 @@ in
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
# TODO: Upstream this to NixOS.
|
||||
assertions = [
|
||||
{
|
||||
assertion = config.nix.enable;
|
||||
message = ''`services.hercules-ci-agent.enable` requires `nix.enable`'';
|
||||
}
|
||||
];
|
||||
|
||||
launchd.daemons.hercules-ci-agent = {
|
||||
script = "exec ${cfg.package}/bin/hercules-ci-agent --config ${cfg.tomlFile}";
|
||||
|
||||
|
|
|
|||
|
|
@ -29,6 +29,14 @@ in
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
# TODO: Upstream this to NixOS.
|
||||
assertions = [
|
||||
{
|
||||
assertion = config.nix.enable;
|
||||
message = ''`services.lorri.enable` requires `nix.enable`'';
|
||||
}
|
||||
];
|
||||
|
||||
environment.systemPackages = [ pkgs.lorri ];
|
||||
launchd.user.agents.lorri = {
|
||||
command = with pkgs; "${lorri}/bin/lorri daemon";
|
||||
|
|
@ -43,4 +51,4 @@ in
|
|||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -62,15 +62,20 @@ in
|
|||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.automatic {
|
||||
config = {
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.automatic -> config.nix.enable;
|
||||
message = ''nix.gc.automatic requires nix.enable'';
|
||||
}
|
||||
];
|
||||
|
||||
launchd.daemons.nix-gc = {
|
||||
launchd.daemons.nix-gc = mkIf cfg.automatic {
|
||||
command = "${config.nix.package}/bin/nix-collect-garbage ${cfg.options}";
|
||||
environment.NIX_REMOTE = optionalString config.nix.useDaemon "daemon";
|
||||
serviceConfig.RunAtLoad = false;
|
||||
serviceConfig.StartCalendarInterval = cfg.interval;
|
||||
serviceConfig.UserName = cfg.user;
|
||||
};
|
||||
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -58,9 +58,15 @@ in
|
|||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.automatic {
|
||||
config = {
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.automatic -> config.nix.enable;
|
||||
message = ''nix.optimise.automatic requires nix.enable'';
|
||||
}
|
||||
];
|
||||
|
||||
launchd.daemons.nix-optimise = {
|
||||
launchd.daemons.nix-optimise = mkIf cfg.automatic {
|
||||
environment.NIX_REMOTE = optionalString config.nix.useDaemon "daemon";
|
||||
command = "${lib.getExe' config.nix.package "nix-store"} --optimise";
|
||||
serviceConfig = {
|
||||
|
|
@ -69,6 +75,5 @@ in
|
|||
UserName = cfg.user;
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -46,6 +46,13 @@ in
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
assertions = [
|
||||
{
|
||||
assertion = config.nix.enable;
|
||||
message = ''`services.ofborg.enable` requires `nix.enable`'';
|
||||
}
|
||||
];
|
||||
|
||||
warnings = mkIf (isDerivation cfg.configFile) [
|
||||
"services.ofborg.configFile is a derivation, credentials will be world readable"
|
||||
];
|
||||
|
|
|
|||
|
|
@ -109,7 +109,9 @@ in
|
|||
ln -sfn "$(readlink -f "$systemConfig")" /run/current-system
|
||||
|
||||
# Prevent the current configuration from being garbage-collected.
|
||||
ln -sfn /run/current-system /nix/var/nix/gcroots/current-system
|
||||
if [[ -d /nix/var/nix/gcroots ]]; then
|
||||
ln -sfn /run/current-system /nix/var/nix/gcroots/current-system
|
||||
fi
|
||||
|
||||
exit $_status
|
||||
'';
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
{
|
||||
nix.enable = false;
|
||||
nix.package = throw "`nix.package` used when `nix.enable` is turned off";
|
||||
|
||||
test = ''
|
||||
printf >&2 'checking for unexpected Nix binary in /sw/bin\n'
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue