mirrors/nix-darwin
1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2024-12-14 11:57:34 +00:00
Code Activity

Merge pull request #1140 from Enzime/aarch64-tests

Browse source 
release: fix tests not running on `aarch64-darwin`
This commit is contained in:
Emily 2024-11-07 06:02:34 +00:00 committed by GitHub
commit 366b99abfe
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
10 changed files with 90 additions and 234 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
.github/workflows/build.yml vendored
View file

@ -1,18 +0,0 @@
name: "Build"
on:
# curl -fsSL -XPOST \
# -H "Accept: application/vnd.github.everest-preview+json" \
# -H "Authorization: token $GITHUB_TOKEN" \
# --data '{"event_type": "build", "client_payload": {"args": "-f channel:nixpkgs-unstable hello"}}' \
# https://api.github.com/repos/LnL7/nix-darwin/dispatches
repository_dispatch:
types:
- build
jobs:
build:
runs-on: macos-12
steps:
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@v22
- run: |
nix build ${{ github.event.client_payload.args }} -vL

23
.github/workflows/debug.yml vendored
View file

@ -1,23 +0,0 @@
name: "Debug"
on:
# curl -fsSL -XPOST \
# -H "Accept: application/vnd.github.everest-preview+json" \
# -H "Authorization: token $GITHUB_TOKEN" \
# --data '{"event_type": "debug"}' \
# https://api.github.com/repos/LnL7/nix-darwin/dispatches
repository_dispatch:
types:
- debug
jobs:
debug:
runs-on: macos-12
steps:
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@v22
- run: |
nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs
nix-channel --update
- run: |
nix-shell -A installer
nix-shell -A installer.check
- uses: mxschmitt/action-tmate@v3

20
.github/workflows/test.yml vendored
View file

@ -13,33 +13,29 @@ jobs:
runs-on: macos-13
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install nix corresponding to latest stable channel
uses: cachix/install-nix-action@v30
with:
install_url: https://releases.nixos.org/nix/nix-2.18.8/install
- run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A tests
- run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A manpages
- run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A examples.simple
- run: nix flake check --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
test-unstable:
runs-on: macos-13
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install nix from current unstable channel
uses: cachix/install-nix-action@v30
with:
install_url: https://releases.nixos.org/nix/nix-2.24.9/install
- run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A tests
- run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A manpages
- run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A examples.simple
- run: nix flake check --override-input nixpkgs nixpkgs/nixpkgs-unstable
install-against-stable:
runs-on: macos-13
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install nix corresponding to latest stable channel
uses: cachix/install-nix-action@v30
with:
@ -84,7 +80,7 @@ jobs:
runs-on: macos-13
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install nix from current unstable channel
uses: cachix/install-nix-action@v30
with:
@ -129,7 +125,7 @@ jobs:
runs-on: macos-13
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install nix version corresponding to latest stable channel
uses: cachix/install-nix-action@v30
with:
@ -158,7 +154,7 @@ jobs:
runs-on: macos-13
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install nix from current unstable channel
uses: cachix/install-nix-action@v30
with:

4
.github/workflows/update-manual.yml vendored
View file

@ -11,7 +11,7 @@ jobs:
runs-on: macos-13
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
# So that we fetch all branches, since we need to checkout the `gh-pages` branch later.
fetch-depth: 0
@ -21,7 +21,7 @@ jobs:
- name: Build manual
run: |
nix-build ./release.nix -I nixpkgs=channel:nixpkgs-24.05-darwin -I darwin=. -A manualHTML
nix build .#manualHTML --override-input nixpkgs nixpkgs/nixpkgs-24.05-darwin
- name: Push update to manual
run: |

24
flake.nix
View file

@ -1,9 +1,12 @@
{
# WARNING this is very much still experimental.
description = "A collection of darwin modules";
outputs = { self, nixpkgs }: let
forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-darwin" "x86_64-darwin" ];
jobs = forAllSystems (system: import ./release.nix {
inherit nixpkgs system;
});
in {
lib = {
evalConfig = import ./eval-config.nix;
@ -48,7 +51,6 @@
darwinModules.hydra = ./modules/examples/hydra.nix;
darwinModules.lnl = ./modules/examples/lnl.nix;
darwinModules.ofborg = ./modules/examples/ofborg.nix;
darwinModules.simple = ./modules/examples/simple.nix;
templates.default = {
@ -56,21 +58,7 @@
description = "nix flake init -t nix-darwin";
};
checks = forAllSystems (system: let
simple = self.lib.darwinSystem {
modules = [
self.darwinModules.simple
{ nixpkgs.hostPlatform = system; }
];
};
in {
simple = simple.system;
inherit (simple.config.system.build.manual)
optionsJSON
manualHTML
manpages;
});
checks = forAllSystems (system: jobs.${system}.tests // jobs.${system}.examples);
packages = forAllSystems (system: let
pkgs = import nixpkgs {
@ -81,6 +69,8 @@
default = self.packages.${system}.darwin-rebuild;
inherit (pkgs) darwin-option darwin-rebuild darwin-version darwin-uninstaller;
inherit (jobs.${system}.docs) manualHTML manpages optionsJSON;
});
};
}

17
modules/examples/hydra.nix
View file

@ -1,25 +1,16 @@
{ config, lib, pkgs, ... }:
with lib;
let
environment = concatStringsSep " "
environment = lib.concatStringsSep " "
[ "NIX_REMOTE=daemon"
"NIX_SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
];
in
{
# Create /etc/bashrc that loads the nix-darwin environment.
programs.bash.enable = true;
programs.bash.completion.enable = false;
# Recreate /run/current-system symlink after boot.
services.activate-system.enable = true;
services.nix-daemon.enable = true;
nix.settings.substituters = [ http://cache1 ];
nix.settings.substituters = [ "http://cache1" ];
nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ];
nix.settings.trusted-users = [ "@admin" "@hydra" ];
@ -31,7 +22,7 @@ in
nix.gc.automatic = true;
nix.gc.options = "--max-freed $((25 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | awk '{ print $4 }')))";
environment.etc."per-user/hydra/ssh/authorized_keys".text = concatStringsSep "\n"
environment.etc."per-user/hydra/ssh/authorized_keys".text = lib.concatStringsSep "\n"
[ "command=\"${environment} ${config.nix.package}/bin/nix-store --serve --write\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCVsc0pHGsskoayziMhA2e59bHPWe0bbKgusmqhuJFBGQ1BAk9UmPzKCWE3nCiV6CLD1+SygVkBjb06DYtc+94BnzviCa9qZtL0G4+2vhp6x8OvXh8xlf/eWw3k5MWlvu+kjJFpbW8wHWTiUqzH+uEeHklAosT0lFNjiIYd/Vs3JAezhUR62a6c7ZjWOd5F7ALGEKzOiwC4i37kSgGsIWNCbe0Ku7gyr718zhMGeyxax6saHhnkSpIB+7d6oHhKeiJSFMWctNmz1/qxXUPbxNaJvqgdKlVHhN+B7x/TIbkVr5pTC59Okx9LTcpflFIv79VT+Gf1K7VypZpSvJjG0xFRt8iDs1+ssWFBfvpo94vUbZ+ZwMDcBGR5iJeO41Gj5fYn5aaDl32RXfJ9Fkwael1L6pcXtkIc66jk+KQQpgoeNj8Y3Emntpqva/2AM41wDDvr5tKp5KhEKFLM95CoiWq+g88pZLcpqLK7wooDVqNkVUEbMaj9lBN0AzU9mcsIRGvTa6CmWAdBvwqS2fRZD97Oarqct9AWgb0X6mOUq9BJNi4i4xvjgnVkylLwtLUnibR/PeXMtkb9bv6BEZXNf5ACqxSjKXJyaIHI65I5TILCr5eEgaujgvmkREn6U3T1NZAUIeVe9aVYLqehYh79OHUBzggoHqidRrXBB/6zdg9UgQ=="
"command=\"${environment} ${config.nix.package}/bin/nix-store --serve --write\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCnubA1pRqlpoAXkZ1q5nwhqi1RY2z840wFLFDj7vAMSups9E2U8PNIVtuVYApZpkBWIpzD4GGbQTF5Itnu5uBpJswc2Yat9yGWO/guuVyXIaRoBIM0Pg1WBWcWsz+k4rNludu9UQ74FHqEiqZIuIuOcgV+RIZn8xQlGt2kUqN9TWboHhZz8Zhx7EtGSJH6MJRLn3mA/pPjOF6k1jiiFG1pVDuqBTZPANkelWYCWAJ46jCyhxXltWE/jkBYGc/XbB8yT7DFE1XC6TVsSEp68R9PhVG3yqxqY06sniEyduSoGt/TDr6ycERd93bvLElXFATes85YiFszeaUgayYSKwQPe0q7YeHMhIXL0UYJYaKVVgT9saFDiHDzde7kKe+NA+J4+TbIk7Y/Ywn0jepsYV13M7TyEqgqbu9fvVGF3JI9+4g0m1gAzHTa7n6iiAedtz+Pi79uCEpRD2hWSSoLWroyPlep8j1p2tygtFsrieePEukesoToCTwqg1Ejnjh+yKdtUbc6xpyRvl3hKeO8QbCpfaaVd27e4vE4lP2JMW6nOo8b0wlVXQIFe5K2zh52q1MSwhLAq6Kg8oPmgj0lru4IivmPc+/NVwd3Qj3E9ZB8LRfTesfbcxHrC8lF5dL/QpLMeLwebrwCxL19gI0kxmDIaUQuHSyP3B2z+EmBKcN/Xw=="
];
@ -53,4 +44,6 @@ in
chown hydra:hydra ~hydra ~hydra/.ssh ~hydra/.ssh/authorized_keys
echo "ok"
'';
system.stateVersion = 5;
}

13
modules/examples/lnl.nix
View file

@ -1,10 +1,6 @@
{ config, lib, inputs, pkgs, ... }:
{
# imports = [ ~/.config/nixpkgs/darwin/local-configuration.nix ];
# system.patches = [ ./pam.patch ];
system.defaults.NSGlobalDomain.AppleKeyboardUIMode = 3;
system.defaults.NSGlobalDomain.ApplePressAndHoldEnabled = false;
system.defaults.NSGlobalDomain.InitialKeyRepeat = 10;
@ -50,13 +46,10 @@
pkgs.gnupg
pkgs.htop
pkgs.jq
pkgs.mosh
pkgs.ripgrep
pkgs.shellcheck
pkgs.vault
pkgs.qes
pkgs.darwin-zsh-completions
];
services.yabai.enable = true;
@ -96,7 +89,7 @@
'';
nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ];
nix.settings.trusted-substituters = [ https://d3i7ezr9vxxsfy.cloudfront.net ];
nix.settings.trusted-substituters = [ "https://d3i7ezr9vxxsfy.cloudfront.net" ];
nix.settings.sandbox = true;
nix.settings.extra-sandbox-paths = [ "/private/tmp" "/private/var/tmp" "/usr/bin/env" ];
@ -302,8 +295,6 @@
fi
'';
# environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix";
nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [
@ -331,4 +322,6 @@
nix.configureBuildUsers = true;
nix.nrBuildUsers = 32;
system.stateVersion = 5;
}

29
modules/examples/ofborg.nix
View file

@ -1,29 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
{
# Logs are enabled by default.
# $ tail -f /var/log/ofborg.log
services.ofborg.enable = true;
# services.ofborg.configFile = "/var/lib/ofborg/config.json";
# $ nix-channel --add https://github.com/NixOS/ofborg/archive/released.tar.gz ofborg
# $ nix-channel --update
services.ofborg.package = (import <ofborg> {}).ofborg.rs;
# Keep nix-daemon updated.
services.nix-daemon.enable = true;
nix.gc.automatic = true;
nix.gc.options = "--max-freed $((25 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | awk '{ print $4 }')))";
# Manage user for ofborg, this enables creating/deleting users
# depending on what modules are enabled.
users.knownGroups = [ "ofborg" ];
users.knownUsers = [ "ofborg" ];
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = 5;
}

10
modules/services/ofborg/default.nix
View file

@ -46,12 +46,6 @@ in
};
config = mkIf cfg.enable {
assertions = [
{ assertion = elem "ofborg" config.users.knownGroups; message = "set users.knownGroups to enable ofborg group"; }
{ assertion = elem "ofborg" config.users.knownUsers; message = "set users.knownUsers to enable ofborg user"; }
];
warnings = mkIf (isDerivation cfg.configFile) [
"services.ofborg.configFile is a derivation, credentials will be world readable"
];
@ -87,9 +81,13 @@ in
users.users.ofborg.shell = "/bin/bash";
users.users.ofborg.description = "OfBorg service user";
users.knownUsers = [ "ofborg" ];
users.groups.ofborg.gid = mkDefault 531;
users.groups.ofborg.description = "Nix group for OfBorg service";
users.knownGroups = [ "ofborg" ];
# FIXME: create logfiles automatically if defined.
system.activationScripts.preActivation.text = ''
mkdir -p '${user.home}'

56
release.nix
View file

@ -1,21 +1,14 @@
{ nixpkgs ? <nixpkgs>
, supportedSystems ? [ "x86_64-darwin" ]
, system ? builtins.currentSystem
, supportedSystems ? [ "x86_64-darwin" "aarch64-darwin" ]
, scrubJobs ? true
}:
let
inherit (release) mapTestOn packagePlatforms pkgs all linux darwin;
system = "x86_64-darwin";
mapPlatforms = systems: pkgs.lib.mapAttrs (n: v: systems);
buildFromConfig = configuration: sel: sel
(import ./. { inherit nixpkgs configuration system; }).config;
makeSystem = configuration: pkgs.lib.genAttrs [ system ] (system:
buildFromConfig configuration (config: config.system.build.toplevel)
);
makeSystem = configuration: buildFromConfig configuration (config: config.system.build.toplevel);
makeTest = test:
let
@ -61,47 +54,15 @@ let
in
buildFromConfig configuration (config: config.system.build.run-test);
release = import (nixpkgs + "/pkgs/top-level/release-lib.nix") {
inherit supportedSystems scrubJobs;
packageSet = import nixpkgs;
};
packageSet = {
inherit (pkgs)
stdenv bash zsh nix
tmux reattach-to-user-namespace
nano emacs vim;
};
manual = buildFromConfig ({ lib, config, ... }: {
system.stateVersion = lib.mkDefault config.system.maxStateVersion;
}) (config: config.system.build.manual);
jobs = {
unstable = pkgs.releaseTools.aggregate {
name = "darwin-${pkgs.lib.nixpkgsVersion}";
constituents =
[ jobs.stdenv.x86_64-darwin
jobs.bash.x86_64-darwin
jobs.zsh.x86_64-darwin
jobs.nix.x86_64-darwin
jobs.reattach-to-user-namespace.x86_64-darwin
jobs.tmux.x86_64-darwin
jobs.nano.x86_64-darwin
jobs.vim.x86_64-darwin
jobs.emacs.x86_64-darwin
jobs.examples.hydra.x86_64-darwin
jobs.examples.lnl.x86_64-darwin
jobs.examples.simple.x86_64-darwin
];
meta.description = "Release-critical builds for the darwin channel";
in {
docs = {
inherit (manual) manualHTML manpages optionsJSON;
};
manualHTML = manual.manualHTML;
manpages = manual.manpages;
options = manual.optionsJSON;
examples.hydra = makeSystem ./modules/examples/hydra.nix;
examples.lnl = makeSystem ./modules/examples/lnl.nix;
examples.simple = makeSystem ./modules/examples/simple.nix;
@ -156,9 +117,4 @@ let
tests.users-groups = makeTest ./tests/users-groups.nix;
tests.users-packages = makeTest ./tests/users-packages.nix;
tests.fonts = makeTest ./tests/fonts.nix;
}
// (mapTestOn (packagePlatforms packageSet));
in
jobs