1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2024-12-14 11:57:34 +00:00

Merge pull request #490 from malob/update-nix-module

Bring `nix` module back in sync with the NixOS module (as much as possible)
This commit is contained in:
Domen Kožar 2022-08-22 09:55:24 +02:00 committed by GitHub
commit 5af1aa51f6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 915 additions and 584 deletions

View file

@ -1,3 +1,26 @@
2022-08-14
- nix module updated to bring it back in sync with it's NixOS counterpart
It should now be much more fiesable to share code for this module between
`nix-darwin` and NixOS configs.
`nix-darwin` now requires Nix >= 2.2.
`nix.package` can no longer be a path to a profile.
`nix.version` option has been removed. Use `nix.package.version` if you want
to reference the version Nix installed/used by your config.
Many options moved/renamed from `nix.*` to `nix.settings.*`. For example
`nix.binaryCaches` is now `nix.settings.substituters`.
You can use `nix.settings` to set any option in `nix.conf`.
`users.nix.*` options moved to `nix.*`.
`nix.daemonIONice` was renamed to `nix.daemonIOLowPriority`, and
`nix.daemonNiceLevel` was removed in favor a new option
`nix.nix.daemonProcessType`.
2021-01-16
- Added `homebrew` module, to manage formulas installed by Homebrew via `brew bundle`.

View file

@ -10,7 +10,6 @@ in
options = {
networking.networkservices = mkOption { internal = true; default = null; };
nix.profile = mkOption { internal = true; default = null; };
security.enableAccessibilityAccess = mkOption { internal = true; default = null; };
security.accessibilityPrograms = mkOption { internal = true; default = null; };
@ -19,8 +18,7 @@ in
config = {
assertions =
[ { assertion = config.nix.profile == null; message = "nix.profile was renamed to nix.package"; }
{ assertion = config.security.enableAccessibilityAccess == null; message = "security.enableAccessibilityAccess was removed, it's broken since 10.12 because of SIP"; }
[ { assertion = config.security.enableAccessibilityAccess == null; message = "security.enableAccessibilityAccess was removed, it's broken since 10.12 because of SIP"; }
{ assertion = config.system.activationScripts.extraPostActivation.text == ""; message = "system.activationScripts.extraPostActivation was renamed to system.activationScripts.postActivation"; }
{ assertion = config.system.activationScripts.extraUserPostActivation.text == ""; message = "system.activationScripts.extraUserPostActivation was renamed to system.activationScripts.postUserActivation"; }
];
@ -31,8 +29,6 @@ in
networking.knownNetworkServices = mkIf (config.networking.networkservices != null) config.networking.networkservices;
nix.package = mkIf (config.nix.profile != null) config.nix.profile;
system.activationScripts.extraPostActivation.text = mkDefault "";
system.activationScripts.extraUserPostActivation.text = mkDefault "";

View file

@ -19,10 +19,10 @@ in
services.nix-daemon.enable = true;
nix.binaryCaches = [ http://cache1 ];
nix.binaryCachePublicKeys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ];
nix.settings.substituters = [ http://cache1 ];
nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ];
nix.trustedUsers = [ "@admin" "@hydra" ];
nix.settings.trusted-users = [ "@admin" "@hydra" ];
nix.extraOptions = ''
pre-build-hook =

View file

@ -93,11 +93,11 @@
log-lines = 128
'';
nix.binaryCachePublicKeys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ];
nix.trustedBinaryCaches = [ https://d3i7ezr9vxxsfy.cloudfront.net ];
nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ];
nix.settings.trusted-substituters = [ https://d3i7ezr9vxxsfy.cloudfront.net ];
nix.useSandbox = true;
nix.sandboxPaths = [ "/private/tmp" "/private/var/tmp" "/usr/bin/env" ];
nix.settings.sandbox = true;
nix.settings.extra-sandbox-paths = [ "/private/tmp" "/private/var/tmp" "/usr/bin/env" ];
programs.nix-index.enable = true;
@ -357,6 +357,6 @@
# path = /etc/per-user/lnl/gitconfig
# environment.etc."per-user/lnl/gitconfig".text = builtins.readFile "${inputs.dotfiles}/git/gitconfig";
users.nix.configureBuildUsers = true;
users.nix.nrBuildUsers = 32;
nix.configureBuildUsers = true;
nix.nrBuildUsers = 32;
}

50
modules/misc/ids.nix Normal file
View file

@ -0,0 +1,50 @@
# Based on: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/misc/ids.nix
# This module defines the global list of uids and gids. We keep a
# central list to prevent id collisions.
# IMPORTANT!
# We only add static uids and gids for services where it is not feasible
# to change uids/gids on service start, in example a service with a lot of
# files.
{ lib, ... }:
let
inherit (lib) types;
in
{
options = {
ids.uids = lib.mkOption {
internal = true;
description = ''
The user IDs used in NixOS.
'';
type = types.attrsOf types.int;
};
ids.gids = lib.mkOption {
internal = true;
description = ''
The group IDs used in NixOS.
'';
type = types.attrsOf types.int;
};
};
config = {
ids.uids = {
nixbld = 300;
};
ids.gids = {
nixbld = 30000;
};
};
}

View file

@ -1,6 +1,7 @@
[
./alias.nix
./documentation
./misc/ids.nix
./misc/lib.nix
./security/pki
./security/sandbox
@ -34,7 +35,6 @@
./networking
./nix
./nix/nix-darwin.nix
./nix/nix-info.nix
./nix/nixpkgs.nix
./environment
./fonts
@ -77,5 +77,4 @@
./programs/zsh
./homebrew.nix
./users
./users/nixbld
]

File diff suppressed because it is too large Load diff

View file

@ -1,15 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
nix-info = pkgs.nix-info or null;
in
{
config = {
environment.systemPackages = mkIf (nix-info != null) [ nix-info ];
};
}

View file

@ -48,9 +48,8 @@ in
"/bin/sh" "-c"
"/bin/wait4path ${config.nix.package}/bin/nix-daemon && exec ${config.nix.package}/bin/nix-daemon"
];
serviceConfig.ProcessType = mkDefault "Interactive";
serviceConfig.LowPriorityIO = config.nix.daemonIONice;
serviceConfig.Nice = config.nix.daemonNiceLevel;
serviceConfig.ProcessType = config.nix.daemonProcessType;
serviceConfig.LowPriorityIO = config.nix.daemonIOLowPriority;
serviceConfig.Label = "org.nixos.nix-daemon"; # must match daemon installed by Nix regardless of the launchd label Prefix
serviceConfig.SoftResourceLimits.NumberOfFiles = mkDefault 4096;
serviceConfig.StandardErrorPath = cfg.logFile;

View file

@ -1,4 +1,6 @@
{ config, lib, pkgs, ... }:
# Based off: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/misc/nix-gc.nix
# When making changes please try to keep it in sync.
{ config, lib, ... }:
with lib;
@ -7,36 +9,54 @@ let
in
{
imports = [
(mkRemovedOptionModule [ "nix" "gc" "dates" ] "Use `nix.gc.interval` instead.")
(mkRemovedOptionModule [ "nix" "gc" "randomizedDelaySec" ] "No `nix-darwin` equivilant to this NixOS option.")
(mkRemovedOptionModule [ "nix" "gc" "persistent" ] "No `nix-darwin` equivilant to this NixOS option.")
];
###### interface
options = {
nix.gc.automatic = mkOption {
type = types.bool;
default = false;
description = "Automatically run the garbage collector at a specific time.";
nix.gc = {
automatic = mkOption {
default = false;
type = types.bool;
description = "Automatically run the garbage collector at a specific time.";
};
# Not in NixOS module
user = mkOption {
type = types.nullOr types.str;
default = null;
description = "User that runs the garbage collector.";
};
interval = mkOption {
type = types.attrs;
default = { Hour = 3; Minute = 15; };
description = "The time interval at which the garbage collector will run.";
};
options = mkOption {
default = "";
example = "--max-freed $((64 * 1024**3))";
type = types.str;
description = ''
Options given to <filename>nix-collect-garbage</filename> when the
garbage collector is run automatically.
'';
};
};
nix.gc.user = mkOption {
type = types.nullOr types.str;
default = null;
description = "User that runs the garbage collector.";
};
nix.gc.interval = mkOption {
type = types.attrs;
default = { Hour = 3; Minute = 15; };
description = "The time interval at which the garbage collector will run.";
};
nix.gc.options = mkOption {
type = types.str;
default = "";
example = "--max-freed $((64 * 1024**3))";
description = ''
Options given to <filename>nix-collect-garbage</filename> when the
garbage collector is run automatically.
'';
};
};
###### implementation
config = mkIf cfg.automatic {
launchd.daemons.nix-gc = {

View file

@ -54,7 +54,7 @@ let
echo >&2
echo "or enable to automatically manage the users" >&2
echo >&2
echo " users.nix.configureBuildUsers = true;" >&2
echo " nix.configureBuildUsers = true;" >&2
echo >&2
fi
'';
@ -125,7 +125,9 @@ let
'';
nixPath = ''
darwinConfig=$(NIX_PATH=${concatStringsSep ":" config.nix.nixPath} nix-instantiate --find-file darwin-config) || true
nixPath=${concatStringsSep ":" config.nix.nixPath}:$HOME/.nix-defexpr/channels
darwinConfig=$(NIX_PATH=$nixPath nix-instantiate --find-file darwin-config) || true
if ! test -e "$darwinConfig"; then
echo "error: Changed <darwin-config> but target does not exist, aborting activation" >&2
echo "Create ''${darwinConfig:-~/.nixpkgs/darwin-configuration.nix} or set environment.darwinConfig:" >&2
@ -139,7 +141,7 @@ let
exit 2
fi
darwinPath=$(NIX_PATH=${concatStringsSep ":" config.nix.nixPath} nix-instantiate --find-file darwin) || true
darwinPath=$(NIX_PATH=$nixPath nix-instantiate --find-file darwin) || true
if ! test -e "$darwinPath"; then
echo "error: Changed <darwin> but target does not exist, aborting activation" >&2
echo "Add the darwin repo as a channel or set nix.nixPath:" >&2
@ -153,7 +155,7 @@ let
exit 2
fi
nixpkgsPath=$(NIX_PATH=${concatStringsSep ":" config.nix.nixPath} nix-instantiate --find-file nixpkgs) || true
nixpkgsPath=$(NIX_PATH=$nixPath nix-instantiate --find-file nixpkgs) || true
if ! test -e "$nixpkgsPath"; then
echo "error: Changed <nixpkgs> but target does not exist, aborting activation" >&2
echo "Add a nixpkgs channel or set nix.nixPath:" >&2

View file

@ -1,70 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.users;
named = xs: listToAttrs (map (x: { name = x.name; value = x; }) xs);
createdGroups = mapAttrsToList (n: v: v.name) cfg.groups;
createdUsers = mapAttrsToList (n: v: v.name) cfg.users;
mkUsers = f: genList (x: f (x + 1)) cfg.nix.nrBuildUsers;
buildUsers = mkUsers (i: {
name = "_nixbld${toString i}";
uid = 300 + i;
gid = 300;
description = "Nix build user ${toString i}";
});
buildGroups = [{
name = "nixbld";
gid = 30000;
description = "Nix build group for nix-daemon";
members = map (v: v.name) buildUsers;
}];
in
{
options = {
users.nix.configureBuildUsers = mkOption {
type = types.bool;
default = false;
description = ''
Configuration for nixbld group and users.
NOTE: This does not work unless knownGroups/knownUsers is set.
'';
};
users.nix.nrBuildUsers = mkOption {
type = mkOptionType {
name = "integer";
check = t: isInt t && t > 1;
};
default = 32;
description = "Number of nixbld user accounts created to perform secure concurrent builds.";
};
};
config = {
assertions = [
{ assertion = elem "nixbld" cfg.knownGroups -> elem "nixbld" createdGroups; message = "refusing to delete group nixbld in users.knownGroups, this would break nix"; }
{ assertion = elem "_nixbld1" cfg.knownUsers -> elem "_nixbld1" createdUsers; message = "refusing to delete user _nixbld1 in users.knownUsers, this would break nix"; }
{ assertion = cfg.groups ? "nixbld" -> cfg.groups.nixbld.members != []; message = "refusing to remove all members from nixbld group, this would break nix"; }
];
users.groups = mkIf cfg.nix.configureBuildUsers (named buildGroups);
users.users = mkIf cfg.nix.configureBuildUsers (named buildUsers);
users.knownGroups = mkIf cfg.nix.configureBuildUsers [ "nixbld" ];
users.knownUsers = mkIf cfg.nix.configureBuildUsers (mkMerge [
(mkUsers (i: "_nixbld${toString i}"))
(mkUsers (i: "nixbld${toString i}")) # delete old style nixbld users
]);
};
}

View file

@ -5,6 +5,6 @@ with lib;
{
imports = [ <user-darwin-config> ./installer.nix ];
users.nix.configureBuildUsers = true;
nix.configureBuildUsers = true;
users.knownGroups = [ "nixbld" ];
}

View file

@ -145,13 +145,13 @@ stdenv.mkDerivation {
env -i USER=john HOME=/Users/john bash -li -c 'echo $PATH'
env -i USER=john HOME=/Users/john bash -li -c 'echo $PATH' | grep /Users/john/.nix-profile/bin:/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin
env -i USER=john HOME=/Users/john bash -li -c 'echo $NIX_PATH'
env -i USER=john HOME=/Users/john bash -li -c 'echo $NIX_PATH' | grep darwin-config=/Users/john/.nixpkgs/darwin-configuration.nix:/nix/var/nix/profiles/per-user/root/channels:/Users/john/.nix-defexpr/channels
env -i USER=john HOME=/Users/john bash -li -c 'echo $NIX_PATH' | grep darwin-config=/Users/john/.nixpkgs/darwin-configuration.nix:/nix/var/nix/profiles/per-user/root/channels
echo >&2 "checking zsh environment"
env -i USER=john HOME=/Users/john zsh -l -c 'echo $PATH'
env -i USER=john HOME=/Users/john zsh -l -c 'echo $PATH' | grep /Users/john/.nix-profile/bin:/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin
env -i USER=john HOME=/Users/john zsh -l -c 'echo $NIX_PATH' | grep darwin-config=/Users/john/.nixpkgs/darwin-configuration.nix:/nix/var/nix/profiles/per-user/root/channels:/Users/john/.nix-defexpr/channels
env -i USER=john HOME=/Users/john zsh -l -c 'echo $NIX_PATH'
env -i USER=john HOME=/Users/john zsh -l -c 'echo $NIX_PATH' | grep darwin-config=/Users/john/.nixpkgs/darwin-configuration.nix:/nix/var/nix/profiles/per-user/root/channels
echo >&2 ok
exit

View file

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
let
nix = pkgs.runCommand "nix-0.0.0" {} "mkdir -p $out";
nix = pkgs.runCommand "nix-2.2" {} "mkdir -p $out";
in
{

View file

@ -2,7 +2,7 @@
let
cacert = pkgs.runCommand "cacert-0.0.0" {} "mkdir -p $out";
nix = pkgs.runCommand "nix-0.0.0" { version = "1.11.6"; } "mkdir -p $out";
nix = pkgs.runCommand "nix-2.2" {} "mkdir -p $out";
in
{

View file

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
let
nix = pkgs.runCommand "nix-0.0.0" {} "mkdir -p $out";
nix = pkgs.runCommand "nix-2.2" {} "mkdir -p $out";
in
{

View file

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
let
nix = pkgs.runCommand "nix-0.0.0" {} "mkdir -p $out";
nix = pkgs.runCommand "nix-2.2" {} "mkdir -p $out";
in
{