mirrors/nix-darwin
1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2024-12-14 11:57:34 +00:00
Code Activity

Merge branch 'LnL7:master' into dock-persistent-others

Browse source
This commit is contained in:
szeth 2024-11-24 15:42:46 +01:00 committed by GitHub
commit 60aed98c50
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
101 changed files with 2860 additions and 1312 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.github/FUNDING.yml vendored Normal file
View file

@ -0,0 +1 @@
github: [emilazy, Enzime]

18
.github/workflows/build.yml vendored
View file

@ -1,18 +0,0 @@
name: "Build"
on:
# curl -fsSL -XPOST \
# -H "Accept: application/vnd.github.everest-preview+json" \
# -H "Authorization: token $GITHUB_TOKEN" \
# --data '{"event_type": "build", "client_payload": {"args": "-f channel:nixpkgs-unstable hello"}}' \
# https://api.github.com/repos/LnL7/nix-darwin/dispatches
repository_dispatch:
types:
- build
jobs:
build:
runs-on: macos-12
steps:
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@v22
- run: |
nix build ${{ github.event.client_payload.args }} -vL

23
.github/workflows/debug.yml vendored
View file

@ -1,23 +0,0 @@
name: "Debug"
on:
# curl -fsSL -XPOST \
# -H "Accept: application/vnd.github.everest-preview+json" \
# -H "Authorization: token $GITHUB_TOKEN" \
# --data '{"event_type": "debug"}' \
# https://api.github.com/repos/LnL7/nix-darwin/dispatches
repository_dispatch:
types:
- debug
jobs:
debug:
runs-on: macos-12
steps:
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@v22
- run: |
nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs
nix-channel --update
- run: |
nix-shell -A installer
nix-shell -A installer.check
- uses: mxschmitt/action-tmate@v3

308
.github/workflows/test.yml vendored
View file

@ -2,133 +2,144 @@ name: "Test"
on:
pull_request:
push:
branches:
- master
env:
CURRENT_STABLE_CHANNEL: nixpkgs-23.11-darwin
CURRENT_STABLE_CHANNEL: nixpkgs-24.05-darwin
jobs:
test-stable:
runs-on: macos-12
timeout-minutes: 30
runs-on: macos-13
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install nix corresponding to latest stable channel
uses: cachix/install-nix-action@v23
uses: cachix/install-nix-action@v30
with:
install_url: https://releases.nixos.org/nix/nix-2.13.6/install
- run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A tests
- run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A manpages
- run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A examples.simple
install_url: https://releases.nixos.org/nix/nix-2.18.8/install
- run: nix flake check --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
test-unstable:
runs-on: macos-12
timeout-minutes: 30
runs-on: macos-13
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install nix from current unstable channel
uses: cachix/install-nix-action@v23
- run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A tests
- run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A manpages
- run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A examples.simple
uses: cachix/install-nix-action@v30
with:
install_url: https://releases.nixos.org/nix/nix-2.24.9/install
- run: nix flake check --override-input nixpkgs nixpkgs/nixpkgs-unstable
install-against-stable:
runs-on: macos-12
timeout-minutes: 30
runs-on: macos-13
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install nix corresponding to latest stable channel
uses: cachix/install-nix-action@v23
uses: cachix/install-nix-action@v30
with:
install_url: https://releases.nixos.org/nix/nix-2.13.6/install
install_url: https://releases.nixos.org/nix/nix-2.18.8/install
nix_path: nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }}
- name: Install ${{ env.CURRENT_STABLE_CHANNEL }} channel
- name: Install channels
run: |
nix-channel --add https://github.com/LnL7/nix-darwin/archive/master.tar.gz darwin
nix-channel --add https://nixos.org/channels/${{ env.CURRENT_STABLE_CHANNEL }} nixpkgs
nix-channel --update
- name: Install nix-darwin and test
- name: Install nix-darwin
run: |
export NIX_PATH=$HOME/.nix-defexpr/channels
# We run nix-darwin twice to test that it can create darwin-configuration correctly for us
# but we expect it to fail setting up /etc/nix/nix.conf
nix-shell -A installer || true
mkdir -p ~/.config/nix-darwin
cp modules/examples/simple.nix ~/.config/nix-darwin/configuration.nix
nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1)
/usr/bin/sed -i.bak \
"s/# nix.package = pkgs.nix;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \
~/.nixpkgs/darwin-configuration.nix
"s/# programs.fish.enable = true;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \
~/.config/nix-darwin/configuration.nix
nix-shell -A installer
nix-shell -A installer.check
- name: Build and activate default derivation
nix run .#darwin-rebuild \
-- switch \
-I darwin-config=$HOME/.config/nix-darwin/configuration.nix
- name: Switch to new configuration
run: |
. /etc/static/bashrc
. /etc/bashrc
/usr/bin/sed -i.bak \
"s/pkgs.vim/pkgs.hello/" \
~/.config/nix-darwin/configuration.nix
darwin-rebuild switch -I darwin=.
hello
- name: Test uninstallation of nix-darwin
run: |
export NIX_PATH=$HOME/.nix-defexpr/channels
nix-shell -A uninstaller
nix-shell -A uninstaller.check
- name: Debugging tmate session
if: ${{ failure() }}
uses: mxschmitt/action-tmate@v3
timeout-minutes: 15
with:
limit-access-to-actor: true
# We need to specify `--extra-experimental-features` because `experimental-features` is set by
# `cachix/install-nix-action` but not by our default config above
nix run .#darwin-uninstaller \
--extra-experimental-features "nix-command flakes" \
--override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
nix run .#darwin-uninstaller.tests.uninstaller \
--extra-experimental-features "nix-command flakes" \
--override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
install-against-unstable:
runs-on: macos-12
runs-on: macos-13
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install nix from current unstable channel
uses: cachix/install-nix-action@v23
uses: cachix/install-nix-action@v30
with:
install_url: https://releases.nixos.org/nix/nix-2.24.9/install
nix_path: nixpkgs=channel:nixpkgs-unstable
- name: Install nixpkgs-unstable channel
- name: Install channels
run: |
nix-channel --add https://github.com/LnL7/nix-darwin/archive/master.tar.gz darwin
nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs
nix-channel --update
- name: Install nix-darwin and test
- name: Install nix-darwin
run: |
export NIX_PATH=$HOME/.nix-defexpr/channels
# We run nix-darwin twice to test that it can create darwin-configuration correctly for us
# but we expect it to fail setting up /etc/nix/nix.conf
nix-shell -A installer || true
mkdir -p ~/.config/nix-darwin
cp modules/examples/simple.nix ~/.config/nix-darwin/configuration.nix
nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1)
/usr/bin/sed -i.bak \
"s/# nix.package = pkgs.nix;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \
~/.nixpkgs/darwin-configuration.nix
"s/# programs.fish.enable = true;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \
~/.config/nix-darwin/configuration.nix
nix-shell -A installer
nix-shell -A installer.check
- name: Build and activate default derivation
nix run .#darwin-rebuild \
-- switch \
-I darwin-config=$HOME/.config/nix-darwin/configuration.nix
- name: Switch to new configuration
run: |
. /etc/static/bashrc
. /etc/bashrc
/usr/bin/sed -i.bak \
"s/pkgs.vim/pkgs.hello/" \
~/.config/nix-darwin/configuration.nix
darwin-rebuild switch -I darwin=.
hello
- name: Test uninstallation of nix-darwin
run: |
export NIX_PATH=$HOME/.nix-defexpr/channels
nix-shell -A uninstaller
nix-shell -A uninstaller.check
- name: Debugging tmate session
if: ${{ failure() }}
uses: mxschmitt/action-tmate@v3
timeout-minutes: 15
with:
limit-access-to-actor: true
# We need to specify `--extra-experimental-features` because `experimental-features` is set by
# `cachix/install-nix-action` but not by our default config above
nix run .#darwin-uninstaller \
--extra-experimental-features "nix-command flakes" \
--override-input nixpkgs nixpkgs/nixpkgs-unstable
nix run .#darwin-uninstaller.tests.uninstaller \
--extra-experimental-features "nix-command flakes" \
--override-input nixpkgs nixpkgs/nixpkgs-unstable
install-flake-against-stable:
runs-on: macos-12
timeout-minutes: 30
runs-on: macos-13
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install nix version corresponding to latest stable channel
uses: cachix/install-nix-action@v23
uses: cachix/install-nix-action@v30
with:
install_url: https://releases.nixos.org/nix/nix-2.13.6/install
install_url: https://releases.nixos.org/nix/nix-2.18.8/install
- name: Install nix-darwin
run: |
mkdir -p ~/.config/nix-darwin
@ -137,79 +148,43 @@ jobs:
nix flake init -t $darwin
nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1)
/usr/bin/sed -i.bak \
"s/# nix.package = pkgs.nix;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \
"s/# programs.fish.enable = true;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \
flake.nix
/usr/bin/sed -i.bak \
's/nixpkgs.hostPlatform = "aarch64-darwin";/nixpkgs.hostPlatform = "'$(nix eval --expr builtins.currentSystem --impure --raw)'";/' \
flake.nix
popd
nix run .#darwin-rebuild -- \
switch --flake ~/.config/nix-darwin#simple \
--override-input nix-darwin . \
--override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
- name: Rebuild and activate simple flake, but this time using nix-darwin's flake interface
- name: Switch to new configuration
run: |
. /etc/static/bashrc
darwin-rebuild build --flake ./modules/examples/flake#simple --override-input nix-darwin . --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
- name: Test git submodules
. /etc/bashrc
/usr/bin/sed -i.bak \
"s/pkgs.vim/pkgs.hello/" \
~/.config/nix-darwin/flake.nix
darwin-rebuild switch --flake ~/.config/nix-darwin#simple \
--override-input nix-darwin . \
--override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
hello
- name: Test uninstallation of nix-darwin
run: |
. /etc/static/bashrc
mkdir -p /tmp/{test-nix-darwin-submodules,example-submodule}
pushd /tmp/example-submodule
echo '"hello"' > hello.nix
git init
git add .
git commit -m "add a submodule we will import"
popd
cp -a ./modules/examples/. /tmp/test-nix-darwin-submodules
cp -a ./modules/examples/flake/flake.nix /tmp/test-nix-darwin-submodules
pushd /tmp/test-nix-darwin-submodules
/usr/bin/sed -i.bak \
'\#modules = \[#s#configuration#configuration ./simple.nix#' \
./flake.nix
/usr/bin/sed -i.bak \
's#pkgs.vim#pkgs."${import ./submodule-test/hello.nix}"#' \
./simple.nix
git init
git add flake.nix simple.nix
git \
-c protocol.file.allow=always \
submodule add /tmp/example-submodule submodule-test
popd
# Should fail
darwin-rebuild build \
--flake /tmp/test-nix-darwin-submodules#simple \
--override-input nix-darwin . \
--override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }} \
&& {
printf 'succeeded while expecting failure due to submodule\n' >/dev/stderr
exit 1
}
# Should also fail
darwin-rebuild build \
--flake /tmp/test-nix-darwin-submodules?submodules=0#simple \
--override-input nix-darwin . \
--override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }} \
&& {
printf 'succeeded while expecting failure due to submodule\n' >/dev/stderr
exit 1
}
# Should succeed
darwin-rebuild build \
--flake /tmp/test-nix-darwin-submodules?submodules=1#simple \
--override-input nix-darwin . \
--override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }} \
nix run .#darwin-uninstaller --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
nix run .#darwin-uninstaller.tests.uninstaller --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
install-flake-against-unstable:
runs-on: macos-12
runs-on: macos-13
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install nix from current unstable channel
uses: cachix/install-nix-action@v23
uses: cachix/install-nix-action@v30
with:
install_url: https://releases.nixos.org/nix/nix-2.24.9/install
- name: Install nix-darwin
run: |
mkdir -p ~/.config/nix-darwin
@ -218,75 +193,30 @@ jobs:
nix flake init -t $darwin
nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1)
/usr/bin/sed -i.bak \
"s/# nix.package = pkgs.nix;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \
"s/# programs.fish.enable = true;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \
flake.nix
/usr/bin/sed -i.bak \
's/nixpkgs.hostPlatform = "aarch64-darwin";/nixpkgs.hostPlatform = "'$(nix eval --expr builtins.currentSystem --impure --raw)'";/' \
flake.nix
popd
nix run .#darwin-rebuild -- \
switch --flake ~/.config/nix-darwin#simple \
--override-input nix-darwin . \
--override-input nixpkgs nixpkgs/nixpkgs-unstable
- name: Rebuild and activate simple flake, but this time using nix-darwin's flake interface
- name: Switch to new configuration
run: |
. /etc/static/bashrc
darwin-rebuild build --flake ./modules/examples/flake#simple --override-input nix-darwin . --override-input nixpkgs nixpkgs/nixpkgs-unstable
- name: Test git submodules
run: |
. /etc/static/bashrc
. /etc/bashrc
mkdir -p /tmp/{test-nix-darwin-submodules,example-submodule}
/usr/bin/sed -i.bak \
"s/pkgs.vim/pkgs.hello/" \
~/.config/nix-darwin/flake.nix
pushd /tmp/example-submodule
echo '"hello"' > hello.nix
git init
git add .
git commit -m "add a submodule we will import"
popd
cp -a ./modules/examples/. /tmp/test-nix-darwin-submodules
cp -a ./modules/examples/flake/flake.nix /tmp/test-nix-darwin-submodules
pushd /tmp/test-nix-darwin-submodules
/usr/bin/sed -i.bak \
'\#modules = \[#s#configuration#configuration ./simple.nix#' \
./flake.nix
/usr/bin/sed -i.bak \
's#pkgs.vim#pkgs."${import ./submodule-test/hello.nix}"#' \
./simple.nix
git init
git add flake.nix simple.nix
git \
-c protocol.file.allow=always \
submodule add /tmp/example-submodule submodule-test
popd
# Should fail
darwin-rebuild build \
--flake /tmp/test-nix-darwin-submodules#simple \
--override-input nix-darwin . \
--override-input nixpkgs nixpkgs/nixpkgs-unstable \
&& {
printf 'succeeded while expecting failure due to submodule\n' >/dev/stderr
exit 1
}
# Should also fail
darwin-rebuild build \
--flake /tmp/test-nix-darwin-submodules?submodules=0#simple \
--override-input nix-darwin . \
--override-input nixpkgs nixpkgs/nixpkgs-unstable \
&& {
printf 'succeeded while expecting failure due to submodule\n' >/dev/stderr
exit 1
}
# Should succeed
darwin-rebuild build \
--flake /tmp/test-nix-darwin-submodules?submodules=1#simple \
darwin-rebuild switch --flake ~/.config/nix-darwin#simple \
--override-input nix-darwin . \
--override-input nixpkgs nixpkgs/nixpkgs-unstable
# Should also succeed
darwin-rebuild build \
--flake git+file:///tmp/test-nix-darwin-submodules?submodules=1#simple \
--override-input nix-darwin . \
--override-input nixpkgs nixpkgs/nixpkgs-unstable
hello
- name: Test uninstallation of nix-darwin
run: |
nix run .#darwin-uninstaller --override-input nixpkgs nixpkgs/nixpkgs-unstable
nix run .#darwin-uninstaller.tests.uninstaller --override-input nixpkgs nixpkgs/nixpkgs-unstable

10
.github/workflows/update-manual.yml vendored
View file

@ -3,25 +3,23 @@ on:
push:
branches:
- master
paths:
- '**.nix'
jobs:
update-manual:
runs-on: macos-12
runs-on: macos-13
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
# So that we fetch all branches, since we need to checkout the `gh-pages` branch later.
fetch-depth: 0
- name: Install Nix
uses: cachix/install-nix-action@v22
uses: cachix/install-nix-action@v30
- name: Build manual
run: |
nix-build ./release.nix -I nixpkgs=channel:nixpkgs-23.11-darwin -I darwin=. -A manualHTML
nix build .#manualHTML
- name: Push update to manual
run: |

14
CHANGELOG
View file

@ -1,3 +1,17 @@
2024-09-10
- The default Nix build user group ID is now set to 350 when
`system.stateVersion` ≥ 5, to reflect the default for new Nix
installations. This only affects installations that enable
`nix.configureBuildUsers`, and any divergence will be detected on
system activation. To use `nix.configureBuildUsers` with a higher
`system.stateVersion` on installations using the old group ID, set:
ids.gids.nixbld = 30000;
We do not recommend trying to change the group ID with macOS user
management tools without a complete uninstallation and reinstallation
of Nix.
2024-06-15
- SECURITY NOTICE: The previous implementation of the
`users.users.<name>.openssh.authorizedKeys.*` options would not delete

162
README.md
View file

@ -2,76 +2,30 @@
# nix-darwin
![Test](https://github.com/LnL7/nix-darwin/workflows/Test/badge.svg)
[![Test](https://github.com/LnL7/nix-darwin/actions/workflows/test.yml/badge.svg)](https://github.com/LnL7/nix-darwin/actions/workflows/test.yml)
Nix modules for darwin, `/etc/nixos/configuration.nix` for macOS.
This project aims to bring the convenience of a declarative system approach to macOS.
nix-darwin is built up around [Nixpkgs](https://github.com/NixOS/nixpkgs), quite similar to [NixOS](https://nixos.org/).
## Installing
## Prerequisites
To install nix-darwin, a working installation of [Nix](https://github.com/NixOS/nix#installation) is required.
The only prerequisite is a Nix implementation, both Nix and Lix are supported.
If you wish to use nix-darwin with flakes, please refer to the [flakes](#flakes) section.
As the official Nix installer does not include an automated uninstaller, and manual uninstallation on macOS is a complex process, we recommend using one of the following installers instead:
```bash
nix-build https://github.com/LnL7/nix-darwin/archive/master.tar.gz -A installer
./result/bin/darwin-installer
```
- The [Nix installer from Determinate Systems](https://github.com/DeterminateSystems/nix-installer?tab=readme-ov-file#determinate-nix-installer) is only recommended for use with flake-based setups. **Make sure you use it without the `--determinate` flag**. The `--determinate` flag installs the Determinate Nix distribution which does not work out of the box with nix-darwin.
* The [Lix installer](https://lix.systems/install/#on-any-other-linuxmacos-system) supports both flake-based and channel-based setups.
> NOTE: the system activation scripts don't overwrite existing etc files, so files like `/etc/bashrc` and `/etc/zshrc` won't be
> updated by default. If you didn't use the installer or skipped some of the options you'll have to take care of this yourself.
> Either modify the existing file to source/import the one from `/etc/static` or remove it. Some examples:
- `mv /etc/bashrc /etc/bashrc.before-nix-darwin`
- `echo 'if test -e /etc/static/bashrc; then . /etc/static/bashrc; fi' | sudo tee -a /etc/bashrc`
## Updating
## Getting started
The installer will configure a channel for this repository.
Despite being an experimental feature in Nix currently, nix-darwin recommends that beginners use flakes to manage their nix-darwin configurations.
```bash
nix-channel --update darwin
darwin-rebuild changelog
```
> NOTE: If you are using Nix as a daemon service the channel for that will be owned by root.
> Use `sudo -i nix-channel --update darwin` instead.
## Uninstalling
There's also an uninstaller if you don't like the project and want to
remove the configured files and services.
```bash
nix-build https://github.com/LnL7/nix-darwin/archive/master.tar.gz -A uninstaller
./result/bin/darwin-uninstaller
```
## Example configuration
Configuration lives in `~/.nixpkgs/darwin-configuration.nix`. Check out
[modules/examples](https://github.com/LnL7/nix-darwin/tree/master/modules/examples) for some example configurations.
```nix
{ pkgs, ... }:
{
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
environment.systemPackages =
[ pkgs.vim
];
# Auto upgrade nix package and the daemon service.
services.nix-daemon.enable = true;
nix.package = pkgs.nix;
}
```
## Flakes
nix-darwin aims for both non-flake and flake configurations to be well supported despite flakes being an experimental feature in Nix.
<details>
<summary>Flakes (Recommended for beginners)</summary>
### Step 1. Creating `flake.nix`
@ -124,7 +78,7 @@ Make sure to set `nixpkgs.hostPlatform` in your `configuration.nix` to either `x
### Step 2. Installing `nix-darwin`
Instead of using `darwin-installer`, you can just run `darwin-rebuild switch` to install nix-darwin. As `darwin-rebuild` won't be installed in your `PATH` yet, you can use the following command:
Unlike NixOS, `nix-darwin` does not have an installer, you can just run `darwin-rebuild switch` to install nix-darwin. As `darwin-rebuild` won't be installed in your `PATH` yet, you can use the following command:
```bash
nix run nix-darwin -- switch --flake ~/.config/nix-darwin
@ -156,85 +110,67 @@ nix-darwin.lib.darwinSystem {
{ pkgs, lib, inputs }:
# inputs.self, inputs.nix-darwin, and inputs.nixpkgs can be accessed here
```
</details>
## Manual Install
<details>
<summary>Channels</summary>
### Step 1. Creating `configuration.nix`
Copy the [simple](./modules/examples/simple.nix) example to `~/.config/nix-darwin/configuration.nix`.
### Step 2. Adding `nix-darwin` channel
```bash
# Configure the channel
nix-channel --add https://github.com/LnL7/nix-darwin/archive/master.tar.gz darwin
nix-channel --update
export NIX_PATH=darwin-config=$HOME/.nixpkgs/darwin-configuration.nix:$HOME/.nix-defexpr/channels:$NIX_PATH
# Or use a local git repository
git clone git@github.com:LnL7/nix-darwin.git ~/.nix-defexpr/darwin
export NIX_PATH=darwin=$HOME/.nix-defexpr/darwin:darwin-config=$HOME/.nixpkgs/darwin-configuration.nix:$NIX_PATH
cp ~/.nix-defexpr/darwin/modules/examples/simple.nix ~/.nixpkgs/darwin-configuration.nix
# you can also use this to rebootstrap nix-darwin in case
# darwin-rebuild is too old to activate the system.
$(nix-build '<darwin>' -A system --no-out-link)/sw/bin/darwin-rebuild build
$(nix-build '<darwin>' -A system --no-out-link)/sw/bin/darwin-rebuild switch
. /etc/static/bashrc
```
... or for `fish`:
### Step 3. Installing `nix-darwin`
```fish
(nix-build '<darwin>' -A system --no-out-link)/sw/bin/darwin-rebuild build
(nix-build '<darwin>' -A system --no-out-link)/sw/bin/darwin-rebuild switch
To install `nix-darwin`, you can just run `darwin-rebuild switch` to install nix-darwin. As `darwin-rebuild` won't be installed in your `PATH` yet, you can use the following command:
```bash
nix-build https://github.com/LnL7/nix-darwin/archive/master.tar.gz -A darwin-rebuild
./result/bin/darwin-rebuild switch -I darwin-config=$HOME/.config/nix-darwin/configuration.nix
```
This will create and manage a system profile in `/run/current-system`, just like NixOS.
### Step 4. Using `nix-darwin`
After installing, you can run `darwin-rebuild` to apply changes to your system:
By default, nix-darwin will look in your `NIX_PATH` for this repository at `~/.nix-defexpr/darwin` and your configuration at `~/.nixpkgs/darwin-configuration.nix`.
If you want to change these you can set your own with `nix.nixPath = [ ];`.
```bash
darwin-rebuild switch
```
$ darwin-rebuild switch
building the system configuration...
these derivations will be built:
/nix/store/vfad6xgjzr56jcs051cg6vzch4dby92y-etc-zprofile.drv
/nix/store/cbmkscxsz0k02ynaph5xaxm1aql0p3vq-etc.drv
/nix/store/r5fpn177jhc16f8iyzk12gcw4pivzpbw-nixdarwin-system-16.09.drv
building path(s) /nix/store/wlq89shja597ip7mrmjv7yzk2lwyh8n0-etc-zprofile
building path(s) /nix/store/m8kcm1pa5j570h3indp71a439wsh9lzq-etc
building path(s) /nix/store/l735ffcdvcvy60i8pqf6v00vx7lnm6mz-nixdarwin-system-16.09
setting up /etc...
setting up launchd services...
writing defaults...
$
### Step 5. Updating `nix-darwin`
You can update `nix-darwin` using the following command:
```bash
nix-channel --update darwin
```
</details>
## Documentation
Reference documentation of all the options is available [here](https://daiderd.com/nix-darwin/manual/index.html).
This can also be accessed locally using `man 5 configuration.nix`.
`darwin-help` will open up a local copy of the reference documentation, it can also be found online [here](https://daiderd.com/nix-darwin/manual/index.html).
`darwin-help` will open a HTML version of the manpage in the default browser.
The documentation is also available as manpages by running `man 5 configuration.nix`.
Furthermore there's `darwin-option` to introspect the settings of a system and its available options.
> NOTE: `darwin-option` is only available to non-flake installations.
## Uninstalling
To run the latest version of the uninstaller, you can run the following command:
```
$ darwin-option services.activate-system.enable
Value:
true
Default:
false
Example:
no example
Description:
Whether to activate system at boot time.
nix --extra-experimental-features "nix-command flakes" run nix-darwin#darwin-uninstaller
```
There's also a small wiki https://github.com/LnL7/nix-darwin/wiki about
specific topics, like macOS upgrades.
If that command doesn't work for you, you can try the locally installed uninstaller:
```
darwin-uninstaller
```
## Tests

21
default.nix
View file

@ -1,8 +1,8 @@
{ nixpkgs ? <nixpkgs>
, configuration ? <darwin-config>
, lib ? pkgs.lib
, pkgs ? import nixpkgs { inherit system; }
, system ? builtins.currentSystem
, pkgs ? import nixpkgs { inherit system; }
, lib ? pkgs.lib
}:
let
@ -15,20 +15,9 @@ let
nixpkgs.system = lib.mkDefault system;
};
};
# The source code of this repo needed by the installer.
nix-darwin = lib.cleanSource (
lib.cleanSourceWith {
# We explicitly specify a name here otherwise `cleanSource` will use the
# basename of ./. which might be different for different clones of this
# repo leading to non-reproducible outputs.
name = "nix-darwin";
src = ./.;
}
);
in
eval // {
installer = pkgs.callPackage ./pkgs/darwin-installer { inherit nix-darwin; };
uninstaller = pkgs.callPackage ./pkgs/darwin-uninstaller { };
darwin-uninstaller = pkgs.callPackage ./pkgs/darwin-uninstaller { };
inherit (pkgs.callPackage ./pkgs/nix-tools { }) darwin-option darwin-rebuild darwin-version;
}

12
doc/known-files/966d22ef5bb9b56d481e8e0d5f7ca2deaf4d24c0f0fc969b2eeaa7ae0aa42907 Normal file
View file

@ -0,0 +1,12 @@
# Generated by https://github.com/DeterminateSystems/nix-installer.
# See `/nix/nix-installer --version` for the version details.
build-users-group = nixbld
experimental-features = nix-command flakes
always-allow-substitutes = true
extra-trusted-substituters = https://cache.flakehub.com
extra-trusted-public-keys = cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM= cache.flakehub.com-4:Asi8qIv291s0aYLyH6IOnr5Kf6+OF14WVjkE6t3xMio= cache.flakehub.com-5:zB96CRlL7tiPtzA9/WKyPkp3A2vqxqgdgyTVNGShPDU= cache.flakehub.com-6:W4EGFwAGgBj3he7c5fNh9NkOXw0PUVaxygCVKeuvaqU= cache.flakehub.com-7:mvxJ2DZVHn/kRxlIaxYNMuDG1OvMckZu32um1TadOR8= cache.flakehub.com-8:moO+OVS0mnTjBTcOUh2kYLQEd59ExzyoW1QgQ8XAARQ= cache.flakehub.com-9:wChaSeTI6TeCuV/Sg2513ZIM9i0qJaYsF+lZCXg0J6o= cache.flakehub.com-10:2GqeNlIp6AKp4EF2MVbE1kBOp9iBSyo0UPR9KoR0o1Y=
bash-prompt-prefix = (nix:$name)\040
max-jobs = auto
extra-nix-path = nixpkgs=flake:nixpkgs
upgrade-nix-store-path-url = https://install.determinate.systems/nix-upgrade/stable/universal

10
doc/known-files/e4974acb79c56148cb8e92137fa4f2de9b7356e897b332fc4e6769e8c0b83e18 Normal file
View file

@ -0,0 +1,10 @@
# Generated by https://github.com/DeterminateSystems/nix-installer.
# See `/nix/nix-installer --version` for the version details.
build-users-group = nixbld
experimental-features = nix-command flakes
always-allow-substitutes = true
bash-prompt-prefix = (nix:$name)\040
max-jobs = auto
extra-nix-path = nixpkgs=flake:nixpkgs
upgrade-nix-store-path-url = https://install.determinate.systems/nix-upgrade/stable/universal

14
doc/manual/default.nix
View file

@ -79,11 +79,17 @@ in rec {
'@DARWIN_OPTIONS_JSON@' \
${optionsJSON}/share/doc/darwin/options.json
# Pass --redirects option if nixos-render-docs supports it
if nixos-render-docs manual html --help | grep --silent -E '^\s+--redirects\s'; then
redirects_opt="--redirects ${./redirects.json}"
fi
# TODO: --manpage-urls?
nixos-render-docs -j $NIX_BUILD_CORES manual html \
--manpage-urls ${pkgs.writeText "manpage-urls.json" "{}"} \
--revision ${lib.escapeShellArg revision} \
--generator "nixos-render-docs ${lib.version}" \
$redirects_opt \
--stylesheet style.css \
--stylesheet highlightjs/mono-blue.css \
--script ./highlightjs/highlight.pack.js \
@ -118,18 +124,18 @@ in rec {
# TODO: get these parameterized in upstream nixos-render-docs
sed -i -e '
/^\.TH / s|NixOS|Darwin|g
/^\.TH / s|NixOS|nix-darwin|g
/^\.SH "NAME"$/ {
N
s|NixOS|Darwin|g
s|NixOS|nix-darwin|g
}
/^\.SH "DESCRIPTION"$/ {
N; N
s|/etc/nixos/configuration|configuration|g
s|NixOS|Darwin|g
s|nixos|darwin|g
s|NixOS|nix-darwin|g
s|nixos|nix-darwin|g
}
/\.SH "AUTHORS"$/ {

2
doc/manual/manual.md
View file

@ -1,4 +1,4 @@
# Darwin Configuration Options {#book-darwin-manual}
# nix-darwin Configuration Options {#book-darwin-manual}
## Version @DARWIN_VERSION@
```{=include=} options

5
doc/manual/redirects.json Normal file
View file

@ -0,0 +1,5 @@
{
"book-darwin-manual": [
"index.html#book-darwin-manual"
]
}

34
flake.nix
View file

@ -1,9 +1,15 @@
{
# WARNING this is very much still experimental.
description = "A collection of darwin modules";
outputs = { self, nixpkgs }: let
forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-darwin" "x86_64-darwin" ];
forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-darwin" "x86_64-darwin" "aarch64-linux" "x86_64-linux" ];
forDarwinSystems = nixpkgs.lib.genAttrs [ "aarch64-darwin" "x86_64-darwin" ];
jobs = forAllSystems (system: import ./release.nix {
inherit nixpkgs system;
nix-darwin = self;
});
in {
lib = {
evalConfig = import ./eval-config.nix;
@ -27,6 +33,7 @@
}
++ [ ({ lib, ... }: {
nixpkgs.source = lib.mkDefault nixpkgs;
nixpkgs.flake.source = lib.mkDefault nixpkgs.outPath;
system.checks.verifyNixPath = lib.mkDefault false;
@ -47,7 +54,6 @@
darwinModules.hydra = ./modules/examples/hydra.nix;
darwinModules.lnl = ./modules/examples/lnl.nix;
darwinModules.ofborg = ./modules/examples/ofborg.nix;
darwinModules.simple = ./modules/examples/simple.nix;
templates.default = {
@ -55,23 +61,11 @@
description = "nix flake init -t nix-darwin";
};
checks = forAllSystems (system: let
simple = self.lib.darwinSystem {
modules = [
self.darwinModules.simple
{ nixpkgs.hostPlatform = system; }
];
};
in {
simple = simple.system;
checks = forDarwinSystems (system: jobs.${system}.tests // jobs.${system}.examples);
inherit (simple.config.system.build.manual)
optionsJSON
manualHTML
manpages;
});
packages = forAllSystems (system: let
packages = forAllSystems (system: {
inherit (jobs.${system}.docs) manualHTML manpages optionsJSON;
} // (nixpkgs.lib.optionalAttrs (nixpkgs.lib.hasSuffix "darwin" system) (let
pkgs = import nixpkgs {
inherit system;
overlays = [ self.overlays.default ];
@ -80,6 +74,6 @@
default = self.packages.${system}.darwin-rebuild;
inherit (pkgs) darwin-option darwin-rebuild darwin-version darwin-uninstaller;
});
})));
};
}

39
modules/environment/default.nix
View file

@ -9,13 +9,22 @@ let
mapAttrsToList (n: v: ''export ${n}="${v}"'') cfg.variables;
aliasCommands =
mapAttrsFlatten (n: v: ''alias ${n}=${escapeShellArg v}'')
mapAttrsToList (n: v: ''alias ${n}=${escapeShellArg v}'')
(filterAttrs (k: v: v != null) cfg.shellAliases);
makeDrvBinPath = concatMapStringsSep ":" (p: if isDerivation p then "${p}/bin" else p);
in
{
imports = [
(mkRenamedOptionModule ["environment" "postBuild"] ["environment" "extraSetup"])
(mkRemovedOptionModule [ "environment" "loginShell" ] ''
This option was only used to change the default command in tmux.
This has been removed in favour of changing the default command or default shell in tmux directly.
'')
];
options = {
environment.systemPackages = mkOption {
type = types.listOf types.package;
@ -43,12 +52,6 @@ in
description = "A list of profiles used to setup the global environment.";
};
environment.postBuild = mkOption {
type = types.lines;
default = "";
description = "Commands to execute when building the global environment.";
};
environment.extraOutputsToInstall = mkOption {
type = types.listOf types.str;
default = [];
@ -76,12 +79,6 @@ in
'';
};
environment.loginShell = mkOption {
type = types.str;
default = "$SHELL -l";
description = "Configure default login shell.";
};
environment.variables = mkOption {
type = types.attrsOf (types.either types.str (types.listOf types.str));
default = {};
@ -147,6 +144,17 @@ in
'';
type = types.lines;
};
environment.extraSetup = mkOption {
type = types.lines;
default = "";
description = ''
Shell fragments to be run after the system environment has been created.
This should only be used for things that need to modify the internals
of the environment, e.g. generating MIME caches.
The environment being built can be accessed at $out.
'';
};
};
config = {
@ -188,7 +196,9 @@ in
system.path = pkgs.buildEnv {
name = "system-path";
paths = cfg.systemPackages;
inherit (cfg) postBuild pathsToLink extraOutputsToInstall;
postBuild = cfg.extraSetup;
ignoreCollisions = true;
inherit (cfg) pathsToLink extraOutputsToInstall;
};
system.build.setEnvironment = pkgs.writeText "set-environment" ''
@ -205,6 +215,5 @@ in
system.build.setAliases = pkgs.writeText "set-aliases" ''
${concatStringsSep "\n" aliasCommands}
'';
};
}

16
modules/examples/flake/flake.nix
View file

@ -1,5 +1,5 @@
{
description = "Example Darwin system flake";
description = "Example nix-darwin system flake";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
@ -16,15 +16,10 @@
[ pkgs.vim
];
# Auto upgrade nix package and the daemon service.
services.nix-daemon.enable = true;
# nix.package = pkgs.nix;
# Necessary for using flakes on this system.
nix.settings.experimental-features = "nix-command flakes";
# Create /etc/zshrc that loads the nix-darwin environment.
programs.zsh.enable = true; # default shell on catalina
# Enable alternative shell support in nix-darwin.
# programs.fish.enable = true;
# Set Git commit hash for darwin-version.
@ -32,10 +27,10 @@
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = 4;
system.stateVersion = 5;
# The platform the configuration will be used on.
nixpkgs.hostPlatform = "x86_64-darwin";
nixpkgs.hostPlatform = "aarch64-darwin";
};
in
{
@ -44,8 +39,5 @@
darwinConfigurations."simple" = nix-darwin.lib.darwinSystem {
modules = [ configuration ];
};
# Expose the package set, including overlays, for convenience.
darwinPackages = self.darwinConfigurations."simple".pkgs;
};
}

19
modules/examples/hydra.nix
View file

@ -1,25 +1,14 @@
{ config, lib, pkgs, ... }:
with lib;
let
environment = concatStringsSep " "
environment = lib.concatStringsSep " "
[ "NIX_REMOTE=daemon"
"NIX_SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
];
in
{
# Create /etc/bashrc that loads the nix-darwin environment.
programs.bash.enable = true;
programs.bash.enableCompletion = false;
# Recreate /run/current-system symlink after boot.
services.activate-system.enable = true;
services.nix-daemon.enable = true;
nix.settings.substituters = [ http://cache1 ];
nix.settings.substituters = [ "http://cache1" ];
nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ];
nix.settings.trusted-users = [ "@admin" "@hydra" ];
@ -31,7 +20,7 @@ in
nix.gc.automatic = true;
nix.gc.options = "--max-freed $((25 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | awk '{ print $4 }')))";
environment.etc."per-user/hydra/ssh/authorized_keys".text = concatStringsSep "\n"
environment.etc."per-user/hydra/ssh/authorized_keys".text = lib.concatStringsSep "\n"
[ "command=\"${environment} ${config.nix.package}/bin/nix-store --serve --write\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCVsc0pHGsskoayziMhA2e59bHPWe0bbKgusmqhuJFBGQ1BAk9UmPzKCWE3nCiV6CLD1+SygVkBjb06DYtc+94BnzviCa9qZtL0G4+2vhp6x8OvXh8xlf/eWw3k5MWlvu+kjJFpbW8wHWTiUqzH+uEeHklAosT0lFNjiIYd/Vs3JAezhUR62a6c7ZjWOd5F7ALGEKzOiwC4i37kSgGsIWNCbe0Ku7gyr718zhMGeyxax6saHhnkSpIB+7d6oHhKeiJSFMWctNmz1/qxXUPbxNaJvqgdKlVHhN+B7x/TIbkVr5pTC59Okx9LTcpflFIv79VT+Gf1K7VypZpSvJjG0xFRt8iDs1+ssWFBfvpo94vUbZ+ZwMDcBGR5iJeO41Gj5fYn5aaDl32RXfJ9Fkwael1L6pcXtkIc66jk+KQQpgoeNj8Y3Emntpqva/2AM41wDDvr5tKp5KhEKFLM95CoiWq+g88pZLcpqLK7wooDVqNkVUEbMaj9lBN0AzU9mcsIRGvTa6CmWAdBvwqS2fRZD97Oarqct9AWgb0X6mOUq9BJNi4i4xvjgnVkylLwtLUnibR/PeXMtkb9bv6BEZXNf5ACqxSjKXJyaIHI65I5TILCr5eEgaujgvmkREn6U3T1NZAUIeVe9aVYLqehYh79OHUBzggoHqidRrXBB/6zdg9UgQ=="
"command=\"${environment} ${config.nix.package}/bin/nix-store --serve --write\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCnubA1pRqlpoAXkZ1q5nwhqi1RY2z840wFLFDj7vAMSups9E2U8PNIVtuVYApZpkBWIpzD4GGbQTF5Itnu5uBpJswc2Yat9yGWO/guuVyXIaRoBIM0Pg1WBWcWsz+k4rNludu9UQ74FHqEiqZIuIuOcgV+RIZn8xQlGt2kUqN9TWboHhZz8Zhx7EtGSJH6MJRLn3mA/pPjOF6k1jiiFG1pVDuqBTZPANkelWYCWAJ46jCyhxXltWE/jkBYGc/XbB8yT7DFE1XC6TVsSEp68R9PhVG3yqxqY06sniEyduSoGt/TDr6ycERd93bvLElXFATes85YiFszeaUgayYSKwQPe0q7YeHMhIXL0UYJYaKVVgT9saFDiHDzde7kKe+NA+J4+TbIk7Y/Ywn0jepsYV13M7TyEqgqbu9fvVGF3JI9+4g0m1gAzHTa7n6iiAedtz+Pi79uCEpRD2hWSSoLWroyPlep8j1p2tygtFsrieePEukesoToCTwqg1Ejnjh+yKdtUbc6xpyRvl3hKeO8QbCpfaaVd27e4vE4lP2JMW6nOo8b0wlVXQIFe5K2zh52q1MSwhLAq6Kg8oPmgj0lru4IivmPc+/NVwd3Qj3E9ZB8LRfTesfbcxHrC8lF5dL/QpLMeLwebrwCxL19gI0kxmDIaUQuHSyP3B2z+EmBKcN/Xw=="
];
@ -53,4 +42,6 @@ in
chown hydra:hydra ~hydra ~hydra/.ssh ~hydra/.ssh/authorized_keys
echo "ok"
'';
system.stateVersion = 5;
}

18
modules/examples/lnl.nix
View file

@ -1,15 +1,12 @@
{ config, lib, inputs, pkgs, ... }:
{
# imports = [ ~/.config/nixpkgs/darwin/local-configuration.nix ];
# system.patches = [ ./pam.patch ];
system.defaults.NSGlobalDomain.AppleKeyboardUIMode = 3;
system.defaults.NSGlobalDomain.ApplePressAndHoldEnabled = false;
system.defaults.NSGlobalDomain.InitialKeyRepeat = 10;
system.defaults.NSGlobalDomain.KeyRepeat = 1;
system.defaults.NSGlobalDomain.NSAutomaticCapitalizationEnabled = false;
system.defaults.NSGlobalDomain.NSAutomaticInlinePredictionEnabled = false;
system.defaults.NSGlobalDomain.NSAutomaticDashSubstitutionEnabled = false;
system.defaults.NSGlobalDomain.NSAutomaticPeriodSubstitutionEnabled = false;
system.defaults.NSGlobalDomain.NSAutomaticQuoteSubstitutionEnabled = false;
@ -49,13 +46,10 @@
pkgs.gnupg
pkgs.htop
pkgs.jq
pkgs.mosh
pkgs.ripgrep
pkgs.shellcheck
pkgs.vault
pkgs.qes
pkgs.darwin-zsh-completions
];
services.yabai.enable = true;
@ -83,7 +77,6 @@
# serviceConfig.ProcessType = "Background";
# };
services.nix-daemon.enable = true;
# services.nix-daemon.enableSocketListener = true;
nix.extraOptions = ''
@ -95,7 +88,7 @@
'';
nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ];
nix.settings.trusted-substituters = [ https://d3i7ezr9vxxsfy.cloudfront.net ];
nix.settings.trusted-substituters = [ "https://d3i7ezr9vxxsfy.cloudfront.net" ];
nix.settings.sandbox = true;
nix.settings.extra-sandbox-paths = [ "/private/tmp" "/private/var/tmp" "/usr/bin/env" ];
@ -198,7 +191,7 @@
# Dotfiles.
# programs.vim.package = mkForce pkgs.lnl.vim;
programs.bash.enableCompletion = true;
programs.bash.completion.enable = true;
programs.zsh.enable = true;
programs.zsh.enableBashCompletion = true;
@ -276,7 +269,6 @@
zle -N up-line-or-beginning-search
'';
environment.loginShell = "${pkgs.zsh}/bin/zsh -l";
environment.variables.SHELL = "${pkgs.zsh}/bin/zsh";
environment.variables.LANG = "en_US.UTF-8";
@ -302,8 +294,6 @@
fi
'';
# environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix";
nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [
@ -331,4 +321,6 @@
nix.configureBuildUsers = true;
nix.nrBuildUsers = 32;
system.stateVersion = 5;
}

29
modules/examples/ofborg.nix
View file

@ -1,29 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
{
# Logs are enabled by default.
# $ tail -f /var/log/ofborg.log
services.ofborg.enable = true;
# services.ofborg.configFile = "/var/lib/ofborg/config.json";
# $ nix-channel --add https://github.com/NixOS/ofborg/archive/released.tar.gz ofborg
# $ nix-channel --update
services.ofborg.package = (import <ofborg> {}).ofborg.rs;
# Keep nix-daemon updated.
services.nix-daemon.enable = true;
nix.gc.automatic = true;
nix.gc.options = "--max-freed $((25 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | awk '{ print $4 }')))";
# Manage user for ofborg, this enables creating/deleting users
# depending on what modules are enabled.
users.knownGroups = [ "ofborg" ];
users.knownUsers = [ "ofborg" ];
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = 4;
}

14
modules/examples/simple.nix
View file

@ -7,19 +7,13 @@
[ pkgs.vim
];
# Use a custom configuration.nix location.
# $ darwin-rebuild switch -I darwin-config=$HOME/.config/nixpkgs/darwin/configuration.nix
# environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix";
# Use custom location for configuration.nix.
environment.darwinConfig = "$HOME/.config/nix-darwin/configuration.nix";
# Auto upgrade nix package and the daemon service.
# services.nix-daemon.enable = true;
# nix.package = pkgs.nix;
# Create /etc/zshrc that loads the nix-darwin environment.
programs.zsh.enable = true; # default shell on catalina
# Enable alternative shell support in nix-darwin.
# programs.fish.enable = true;
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = 4;
system.stateVersion = 5;
}

7
modules/launchd/default.nix
View file

@ -20,7 +20,6 @@ let
{ config, name, ... }:
let
cmd = config.command;
env = config.environment // optionalAttrs (config.path != "") { PATH = config.path; };
in
@ -88,7 +87,11 @@ let
'');
serviceConfig.Label = mkDefault "${cfg.labelPrefix}.${name}";
serviceConfig.ProgramArguments = mkIf (cmd != "") [ "/bin/sh" "-c" "exec ${cmd}" ];
serviceConfig.ProgramArguments = mkIf (config.command != "") [
"/bin/sh"
"-c"
"/bin/wait4path /nix/store &amp;&amp; exec ${config.command}"
];
serviceConfig.EnvironmentVariables = mkIf (env != {}) env;
};
};

9
modules/misc/ids.nix
View file

@ -8,7 +8,7 @@
# to change uids/gids on service start, in example a service with a lot of
# files.
{ lib, ... }:
{ lib, config, ... }:
let
inherit (lib) types;
@ -34,15 +34,16 @@ in
};
config = {
ids.uids = {
nixbld = 300;
nixbld = lib.mkDefault 350;
_prometheus-node-exporter = 534;
};
ids.gids = {
nixbld = 30000;
nixbld = lib.mkDefault (if config.system.stateVersion < 5 then 30000 else 350);
_prometheus-node-exporter = 534;
};
};

10
modules/module-list.nix
View file

@ -14,6 +14,7 @@
./system/activation-scripts.nix
./system/applications.nix
./system/defaults-write.nix
./system/defaults/controlcenter.nix
./system/defaults/LaunchServices.nix
./system/defaults/NSGlobalDomain.nix
./system/defaults/GlobalPreferences.nix
@ -21,6 +22,7 @@
./system/defaults/clock.nix
./system/defaults/dock.nix
./system/defaults/finder.nix
./system/defaults/hitoolbox.nix
./system/defaults/screencapture.nix
./system/defaults/screensaver.nix
./system/defaults/alf.nix
@ -32,6 +34,7 @@
./system/defaults/trackpad.nix
./system/defaults/universalaccess.nix
./system/defaults/ActivityMonitor.nix
./system/defaults/WindowManager.nix
./system/etc.nix
./system/keyboard.nix
./system/launchd.nix
@ -46,10 +49,14 @@
./nix/linux-builder.nix
./nix/nix-darwin.nix
./nix/nixpkgs.nix
./nix/nixpkgs-flake.nix
./environment
./fonts
./launchd
./power
./power/sleep.nix
./services/activate-system
./services/aerospace
./services/autossh.nix
./services/buildkite-agents.nix
./services/chunkwm.nix
@ -68,6 +75,8 @@
./services/mail/offlineimap.nix
./services/mopidy.nix
./services/monitoring/telegraf.nix
./services/monitoring/netdata.nix
./services/monitoring/prometheus-node-exporter.nix
./services/netbird.nix
./services/nix-daemon.nix
./services/nix-gc
@ -87,6 +96,7 @@
./services/wg-quick.nix
./services/yabai
./services/nextdns
./services/jankyborders
./programs/bash
./programs/direnv.nix
./programs/fish.nix

26
modules/networking/default.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ config, lib, ... }:
with lib;
@ -8,15 +8,16 @@ let
hostnameRegEx = ''^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$'';
emptyList = lst: if lst != [] then lst else ["empty"];
quoteStrings = concatMapStringsSep " " (str: "'${str}'");
onOff = cond: if cond then "on" else "off";
setNetworkServices = optionalString (cfg.knownNetworkServices != []) ''
networkservices=$(networksetup -listallnetworkservices)
${concatMapStringsSep "\n" (srv: ''
case "$networkservices" in
*'${srv}'*)
networksetup -setdnsservers '${srv}' ${quoteStrings (emptyList cfg.dns)}
networksetup -setsearchdomains '${srv}' ${quoteStrings (emptyList cfg.search)}
*${lib.escapeShellArg srv}*)
networksetup -setdnsservers ${lib.escapeShellArgs ([ srv ] ++ (emptyList cfg.dns))}
networksetup -setsearchdomains ${lib.escapeShellArgs ([ srv ] ++ (emptyList cfg.search))}
;;
esac
'') cfg.knownNetworkServices}
@ -94,6 +95,16 @@ in
default = [];
description = "The list of search paths used when resolving domain names.";
};
networking.wakeOnLan.enable = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Enable Wake-on-LAN for the device.
Battery powered devices may require being connected to power.
'';
};
};
config = {
@ -107,6 +118,7 @@ in
echo "configuring networking..." >&2
${optionalString (cfg.computerName != null) ''
# shellcheck disable=SC1112
scutil --set ComputerName ${escapeShellArg cfg.computerName}
''}
${optionalString (cfg.hostName != null) ''
@ -117,6 +129,10 @@ in
''}
${setNetworkServices}
${optionalString (cfg.wakeOnLan.enable != null) ''
systemsetup -setWakeOnNetworkAccess '${onOff cfg.wakeOnLan.enable}' &> /dev/null
''}
'';
};

82
modules/nix/default.nix
View file

@ -191,9 +191,6 @@ in
description = ''
Whether to distribute builds to the machines listed in
{option}`nix.buildMachines`.
NOTE: This requires services.nix-daemon.enable for a
multi-user install.
'';
};
@ -380,14 +377,38 @@ in
'';
};
channel = {
enable = mkOption {
description = ''
Whether the `nix-channel` command and state files are made available on the machine.
The following files are initialized when enabled:
- `/nix/var/nix/profiles/per-user/root/channels`
- `$HOME/.nix-defexpr/channels` (on login)
Disabling this option will not remove the state files from the system.
'';
type = types.bool;
default = true;
};
};
# Definition differs substantially from NixOS module
nixPath = mkOption {
type = nixPathType;
default = [
default = lib.optionals cfg.channel.enable [
# Include default path <darwin-config>.
{ darwin-config = "${config.environment.darwinConfig}"; }
"/nix/var/nix/profiles/per-user/root/channels"
];
defaultText = lib.literalExpression ''
lib.optionals cfg.channel.enable [
# Include default path <darwin-config>.
{ darwin-config = "${config.environment.darwinConfig}"; }
{ darwin-config = "''${config.environment.darwinConfig}"; }
"/nix/var/nix/profiles/per-user/root/channels"
];
]
'';
description = ''
The default Nix expression search path, used by the Nix
evaluator to look up paths enclosed in angle brackets
@ -503,8 +524,10 @@ in
description = ''
If set to true, Nix automatically detects files in the store that have
identical contents, and replaces them with hard links to a single copy.
This saves disk space. If set to false (the default), you can still run
nix-store --optimise to get rid of duplicate files.
This saves disk space. If set to false (the default), you can enable
{option}`nix.optimise.automatic` to run {command}`nix-store --optimise`
periodically to get rid of duplicate files. You can also run
{command}`nix-store --optimise` manually.
'';
};
@ -662,7 +685,7 @@ in
nixPackage
pkgs.nix-info
]
++ optional (config.programs.bash.enableCompletion) pkgs.nix-bash-completions;
++ optional (config.programs.bash.completion.enable) pkgs.nix-bash-completions;
environment.etc."nix/nix.conf".source = nixConf;
@ -677,7 +700,9 @@ in
"f3e03d851c240c1aa7daccd144ee929f0f5971982424c868c434eb6030e961d4" # DeterminateSystems Nix installer 0.10.0
"c6080216f2a170611e339c3f46e4e1d61aaf0d8b417ad93ade8d647da1382c11" # DeterminateSystems Nix installer 0.14.0
"97f4135d262ca22d65c9554aad795c10a4491fa61b67d9c2430f4d82bbfec9a2" # DeterminateSystems Nix installer 0.15.1
"5d23e6d7015756c6f300f8cd558ec4d9234ca61deefd4f2478e91a49760b0747" # DeterminateSystems Nix installer 0.16.0+
"5d23e6d7015756c6f300f8cd558ec4d9234ca61deefd4f2478e91a49760b0747" # DeterminateSystems Nix installer 0.16.0
"e4974acb79c56148cb8e92137fa4f2de9b7356e897b332fc4e6769e8c0b83e18" # DeterminateSystems Nix installer 0.20.0
"966d22ef5bb9b56d481e8e0d5f7ca2deaf4d24c0f0fc969b2eeaa7ae0aa42907" # DeterminateSystems Nix installer 0.22.0
"24797ac05542ff8b52910efc77870faa5f9e3275097227ea4e50c430a5f72916" # lix-installer 0.17.1 with flakes
"b027b5cad320b5b8123d9d0db9f815c3f3921596c26dc3c471457098e4d3cc40" # lix-installer 0.17.1 without flakes
];
@ -735,36 +760,36 @@ in
{ assertion = elem "nixbld" config.users.knownGroups -> elem "nixbld" createdGroups; message = "refusing to delete group nixbld in users.knownGroups, this would break nix"; }
{ assertion = elem "_nixbld1" config.users.knownGroups -> elem "_nixbld1" createdUsers; message = "refusing to delete user _nixbld1 in users.knownUsers, this would break nix"; }
{ assertion = config.users.groups ? "nixbld" -> config.users.groups.nixbld.members != []; message = "refusing to remove all members from nixbld group, this would break nix"; }
{
# Should be fixed in Lix by https://gerrit.lix.systems/c/lix/+/2100
# As `isNixAtLeast "2.92.0" "2.92.0-devpre20241107" == false`, we need to explicitly check if the user is running Lix 2.92.0
assertion = cfg.settings.auto-optimise-store -> (cfg.package.pname == "lix" && (isNixAtLeast "2.92.0-devpre20241107" || cfg.package.version == "2.92.0"));
message = "`nix.settings.auto-optimise-store` is known to corrupt the Nix Store, please use `nix.optimise.automatic` instead.";
}
];
# Not in NixOS module
warnings = [
(mkIf (!config.services.activate-system.enable && cfg.distributedBuilds) "services.activate-system is not enabled, a reboot could cause distributed builds to stop working.")
(mkIf (!cfg.distributedBuilds && cfg.buildMachines != []) "nix.distributedBuilds is not enabled, build machines won't be configured.")
];
# Not in NixOS module
nix.nixPath = mkMerge [
(mkIf (config.system.stateVersion < 2) (mkDefault
[ "darwin=$HOME/.nix-defexpr/darwin"
"darwin-config=$HOME/.nixpkgs/darwin-configuration.nix"
"/nix/var/nix/profiles/per-user/root/channels"
]))
(mkIf (config.system.stateVersion > 3) (mkOrder 1200
[ { darwin-config = "${config.environment.darwinConfig}"; }
"/nix/var/nix/profiles/per-user/root/channels"
]))
];
nix.nixPath = mkIf (config.system.stateVersion < 2) (mkDefault [
"darwin=$HOME/.nix-defexpr/darwin"
"darwin-config=$HOME/.nixpkgs/darwin-configuration.nix"
"/nix/var/nix/profiles/per-user/root/channels"
]);
# Set up the environment variables for running Nix.
environment.variables = cfg.envVars // { NIX_PATH = cfg.nixPath; };
environment.extraInit =
''
environment.extraInit = mkMerge [
(mkIf cfg.channel.enable ''
if [ -e "$HOME/.nix-defexpr/channels" ]; then
export NIX_PATH="$HOME/.nix-defexpr/channels''${NIX_PATH:+:$NIX_PATH}"
fi
'' +
'')
# Not in NixOS module
''
# Set up secure multi-user builds: non-root users build through the
@ -772,7 +797,12 @@ in
if [ ! -w /nix/var/nix/db ]; then
export NIX_REMOTE=daemon
fi
'';
''
];
environment.extraSetup = mkIf (!cfg.channel.enable) ''
rm --force $out/bin/nix-channel
'';
nix.nrBuildUsers = mkDefault (max 32 (if cfg.settings.max-jobs == "auto" then 0 else cfg.settings.max-jobs));

52
modules/nix/linux-builder.nix
View file

@ -3,30 +3,7 @@
with lib;
let
inherit (pkgs) stdenv;
cfg = config.nix.linux-builder;
builderWithOverrides = cfg.package.override (previousArguments: {
# the linux-builder packages require a list `modules` argument, so it's
# always non-null.
modules = previousArguments.modules ++ [ cfg.config ];
});
# create-builder uses TMPDIR to share files with the builder, notably certs.
# macOS will clean up files in /tmp automatically that haven't been accessed in 3+ days.
# If we let it use /tmp, leaving the computer asleep for 3 days makes the certs vanish.
# So we'll use /run/org.nixos.linux-builder instead and clean it up ourselves.
script = pkgs.writeShellScript "linux-builder-start" ''
export TMPDIR=/run/org.nixos.linux-builder USE_TMPDIR=1
rm -rf $TMPDIR
mkdir -p $TMPDIR
trap "rm -rf $TMPDIR" EXIT
${lib.optionalString cfg.ephemeral ''
rm -f ${cfg.workingDirectory}/${builderWithOverrides.nixosConfig.networking.hostName}.qcow2
''}
${builderWithOverrides}/bin/create-builder
'';
in
{
@ -41,6 +18,11 @@ in
type = types.package;
default = pkgs.darwin.linux-builder;
defaultText = "pkgs.darwin.linux-builder";
apply = pkg: pkg.override (old: {
# the linux-builder package requires `modules` as an argument, so it's
# always non-null.
modules = old.modules ++ [ cfg.config ];
});
description = ''
This option specifies the Linux builder to use.
'';
@ -135,7 +117,7 @@ in
systems = mkOption {
type = types.listOf types.str;
default = [ builderWithOverrides.nixosConfig.nixpkgs.hostPlatform.system ];
default = [ cfg.package.nixosConfig.nixpkgs.hostPlatform.system ];
defaultText = ''
The `nixpkgs.hostPlatform.system` of the build machine's final NixOS configuration.
'';
@ -179,11 +161,23 @@ in
environment = {
inherit (config.environment.variables) NIX_SSL_CERT_FILE;
};
# create-builder uses TMPDIR to share files with the builder, notably certs.
# macOS will clean up files in /tmp automatically that haven't been accessed in 3+ days.
# If we let it use /tmp, leaving the computer asleep for 3 days makes the certs vanish.
# So we'll use /run/org.nixos.linux-builder instead and clean it up ourselves.
script = ''
export TMPDIR=/run/org.nixos.linux-builder USE_TMPDIR=1
rm -rf $TMPDIR
mkdir -p $TMPDIR
trap "rm -rf $TMPDIR" EXIT
${lib.optionalString cfg.ephemeral ''
rm -f ${cfg.workingDirectory}/${cfg.package.nixosConfig.networking.hostName}.qcow2
''}
${cfg.package}/bin/create-builder
'';
serviceConfig = {
ProgramArguments = [
"/bin/sh" "-c"
"/bin/wait4path /nix/store &amp;&amp; exec ${script}"
];
KeepAlive = true;
RunAtLoad = true;
WorkingDirectory = cfg.workingDirectory;
@ -192,9 +186,11 @@ in
environment.etc."ssh/ssh_config.d/100-linux-builder.conf".text = ''
Host linux-builder
User builder
Hostname localhost
HostKeyAlias linux-builder
Port 31022
IdentityFile /etc/nix/builder_ed25519
'';
nix.distributedBuilds = true;

19
modules/nix/nix-darwin.nix
View file

@ -13,8 +13,19 @@ let
in
{
options = {
system.includeUninstaller = lib.mkOption {
options.system = {
disableInstallerTools = lib.mkOption {
type = lib.types.bool;
internal = true;
default = false;
description = ''
Disable darwin-rebuild and darwin-option. This is useful to shrink
systems which are not expected to rebuild or reconfigure themselves.
Use at your own risk!
'';
};
includeUninstaller = lib.mkOption {
type = lib.types.bool;
internal = true;
default = true;
@ -23,10 +34,10 @@ in
config = {
environment.systemPackages =
[ # Include nix-tools by default
[ darwin-version ]
++ lib.optionals (!config.system.disableInstallerTools) [
darwin-option
darwin-rebuild
darwin-version
] ++ lib.optional config.system.includeUninstaller darwin-uninstaller;
system.build = {

105
modules/nix/nixpkgs-flake.nix Normal file
View file

@ -0,0 +1,105 @@
{ config, options, lib, ... }:
with lib;
let
cfg = config.nixpkgs.flake;
in
{
options.nixpkgs.flake = {
source = mkOption {
# In newer Nix versions, particularly with lazy trees, outPath of
# flakes becomes a Nix-language path object. We deliberately allow this
# to gracefully come through the interface in discussion with @roberth.
#
# See: https://github.com/NixOS/nixpkgs/pull/278522#discussion_r1460292639
type = types.nullOr (types.either types.str types.path);
default = null;
defaultText = "if (using nix-darwin.lib.darwinSystem) then nixpkgs.source else null";
example = ''builtins.fetchTarball { name = "source"; sha256 = "${lib.fakeHash}"; url = "https://github.com/nixos/nixpkgs/archive/somecommit.tar.gz"; }'';
description = ''
The path to the nixpkgs sources used to build the system. This is automatically set up to be
the store path of the nixpkgs flake used to build the system if using
`nixpkgs.lib.darwinSystem`, and is otherwise null by default.
This can also be optionally set if the nix-darwin system is not built with a flake but still uses
pinned sources: set this to the store path for the nixpkgs sources used to build the system,
as may be obtained by `builtins.fetchTarball`, for example.
Note: the name of the store path must be "source" due to
<https://github.com/NixOS/nix/issues/7075>.
'';
};
setNixPath = mkOption {
type = types.bool;
default = cfg.source != null;
defaultText = "config.nixpkgs.flake.source != null";
description = ''
Whether to set {env}`NIX_PATH` to include `nixpkgs=flake:nixpkgs` such that `<nixpkgs>`
lookups receive the version of nixpkgs that the system was built with, in concert with
{option}`nixpkgs.flake.setFlakeRegistry`.
This is on by default for nix-darwin configurations built with flakes.
This makes {command}`nix-build '<nixpkgs>' -A hello` work out of the box on flake systems.
Note that this option makes the nix-darwin closure depend on the nixpkgs sources, which may add
undesired closure size if the system will not have any nix commands run on it.
'';
};
setFlakeRegistry = mkOption {
type = types.bool;
default = cfg.source != null;
defaultText = "config.nixpkgs.flake.source != null";
description = ''
Whether to pin nixpkgs in the system-wide flake registry (`/etc/nix/registry.json`) to the
store path of the sources of nixpkgs used to build the nix-darwin system.
This is on by default for nix-darwin configurations built with flakes.
This option makes {command}`nix run nixpkgs#hello` reuse dependencies from the system, avoid
refetching nixpkgs, and have a consistent result every time.
Note that this option makes the nix-darwin closure depend on the nixpkgs sources, which may add
undesired closure size if the system will not have any nix commands run on it.
'';
};
};
config = mkIf (cfg.source != null) (mkMerge [
{
assertions = [
{
assertion = cfg.setNixPath -> cfg.setFlakeRegistry;
message = ''
Setting `nixpkgs.flake.setNixPath` requires that `nixpkgs.flake.setFlakeRegistry` also
be set, since it is implemented in terms of indirection through the flake registry.
'';
}
];
}
(mkIf cfg.setFlakeRegistry {
nix.registry.nixpkgs.to = mkDefault {
type = "path";
path = cfg.source;
};
})
(mkIf cfg.setNixPath {
# N.B. This does not include darwin-config in NIX_PATH unlike modules/nix/default.nix
# because we would need some kind of evil shim taking the *calling* flake's self path,
# perhaps, to ever make that work (in order to know where the Nix expr for the system came
# from and how to call it).
nix.nixPath = mkDefault ([ "nixpkgs=flake:nixpkgs" ]
++ optional config.nix.channel.enable "/nix/var/nix/profiles/per-user/root/channels");
})
]);
}

47
modules/power/default.nix Normal file
View file

@ -0,0 +1,47 @@
{ config, lib, ... }:
let
cfg = config.power;
types = lib.types;
onOff = cond: if cond then "on" else "off";
in
{
options = {
power.restartAfterPowerFailure = lib.mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Whether to restart the computer after a power failure.
'';
};
power.restartAfterFreeze = lib.mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Whether to restart the computer after a system freeze.
'';
};
};
config = {
system.activationScripts.power.text = ''
echo "configuring power..." >&2
${lib.optionalString (cfg.restartAfterPowerFailure != null) ''
systemsetup -setRestartPowerFailure \
'${onOff cfg.restartAfterPowerFailure}' &> /dev/null
''}
${lib.optionalString (cfg.restartAfterFreeze != null) ''
systemsetup -setRestartFreeze \
'${onOff cfg.restartAfterFreeze}' &> /dev/null
''}
'';
};
}

80
modules/power/sleep.nix Normal file
View file

@ -0,0 +1,80 @@
{ config, lib, ... }:
let
cfg = config.power.sleep;
types = lib.types;
onOff = cond: if cond then "on" else "off";
in
{
options = {
power.sleep.computer = lib.mkOption {
type = types.nullOr (types.either types.ints.positive (types.enum ["never"]));
default = null;
example = "never";
description = ''
Amount of idle time (in minutes) until the computer sleeps.
`"never"` disables computer sleeping.
The system might not be considered idle before connected displays sleep, as
per the `power.sleep.display` option.
'';
};
power.sleep.display = lib.mkOption {
type = types.nullOr (types.either types.ints.positive (types.enum ["never"]));
default = null;
example = "never";
description = ''
Amount of idle time (in minutes) until displays sleep.
`"never"` disables display sleeping.
'';
};
power.sleep.harddisk = lib.mkOption {
type = types.nullOr (types.either types.ints.positive (types.enum ["never"]));
default = null;
example = "never";
description = ''
Amount of idle time (in minutes) until hard disks sleep.
`"never"` disables hard disk sleeping.
'';
};
power.sleep.allowSleepByPowerButton = lib.mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Whether the power button can sleep the computer.
'';
};
};
config = {
system.activationScripts.power.text = lib.mkAfter ''
${lib.optionalString (cfg.computer != null) ''
systemsetup -setComputerSleep '${toString cfg.computer}' &> /dev/null
''}
${lib.optionalString (cfg.display != null) ''
systemsetup -setDisplaySleep '${toString cfg.display}' &> /dev/null
''}
${lib.optionalString (cfg.harddisk != null) ''
systemsetup -setHardDiskSleep '${toString cfg.harddisk}' &> /dev/null
''}
${lib.optionalString (cfg.allowSleepByPowerButton != null) ''
systemsetup -setAllowPowerButtonToSleepComputer \
'${onOff cfg.allowSleepByPowerButton}' &> /dev/null
''}
'';
};
}

33
modules/programs/bash/default.nix
View file

@ -7,6 +7,10 @@ let
in
{
imports = [
(mkRenamedOptionModule [ "programs" "bash" "enableCompletion" ] [ "programs" "bash" "completion" "enable" ])
];
options = {
programs.bash.enable = mkOption {
@ -21,14 +25,18 @@ in
type = types.lines;
};
programs.bash.enableCompletion = mkOption {
type = types.bool;
default = false;
description = ''
Enable bash completion for all interactive bash shells.
programs.bash.completion = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable bash completion for all interactive bash shells.
NOTE. This doesn't work with bash 3.2, which is the default on macOS.
'';
NOTE: This doesn't work with bash 3.2, which is installed by default on macOS by Apple.
'';
};
package = mkPackageOption pkgs "bash-completion" { };
};
};
@ -38,9 +46,9 @@ in
environment.systemPackages =
[ # Include bash package
pkgs.bashInteractive
] ++ optional cfg.enableCompletion pkgs.bash-completion;
] ++ optional cfg.completion.enable cfg.completion.package;
environment.pathsToLink =
environment.pathsToLink = optionals cfg.completion.enable
[ "/etc/bash_completion.d"
"/share/bash-completion/completions"
];
@ -55,9 +63,6 @@ in
if [ -n "$__ETC_BASHRC_SOURCED" -o -n "$NOSYSBASHRC" ]; then return; fi
__ETC_BASHRC_SOURCED=1
# Don't execute this file when running in a pure nix-shell.
if [ "$IN_NIX_SHELL" = "pure" ]; then return; fi
if [ -z "$__NIX_DARWIN_SET_ENVIRONMENT_DONE" ]; then
. ${config.system.build.setEnvironment}
fi
@ -73,9 +78,9 @@ in
${config.environment.interactiveShellInit}
${cfg.interactiveShellInit}
${optionalString cfg.enableCompletion ''
${optionalString cfg.completion.enable ''
if [ "$TERM" != "dumb" ]; then
source "${pkgs.bash-completion}/etc/profile.d/bash_completion.sh"
source "${cfg.completion.package}/etc/profile.d/bash_completion.sh"
nullglobStatus=$(shopt -p nullglob)
shopt -s nullglob

2
modules/programs/fish.nix
View file

@ -9,7 +9,7 @@ let
cfg = config.programs.fish;
fishAliases = concatStringsSep "\n" (
mapAttrsFlatten (k: v: "alias ${k} ${escapeShellArg v}")
mapAttrsToList (k: v: "alias ${k} ${escapeShellArg v}")
(filterAttrs (k: v: v != null) cfg.shellAliases)
);

2
modules/programs/gnupg.nix
View file

@ -43,7 +43,7 @@ in
'' + (optionalString cfg.agent.enableSSHSupport ''
# SSH agent protocol doesn't support changing TTYs, so bind the agent
# to every new TTY.
${pkgs.gnupg}/bin/gpg-connect-agent --quiet updatestartuptty /bye > /dev/null
${pkgs.gnupg}/bin/gpg-connect-agent --quiet updatestartuptty /bye > /dev/null 2>&1
export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)
'');

2
modules/programs/info/default.nix
View file

@ -22,7 +22,7 @@ in
environment.pathsToLink = [ "/info" "/share/info" ];
environment.extraOutputsToInstall = [ "info" ];
environment.postBuild = ''
environment.extraSetup = ''
if test -w $out/share/info; then
shopt -s nullglob
for i in $out/share/info/*.info $out/share/info/*.info.gz; do

10
modules/programs/ssh/default.nix
View file

@ -11,6 +11,14 @@ let
{ name, ... }:
{
options = {
certAuthority = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
This public key is an SSH certificate authority, rather than an
individual host's key.
'';
};
hostNames = mkOption {
type = types.listOf types.str;
default = [];
@ -139,7 +147,7 @@ in
{ "ssh/ssh_known_hosts" = mkIf (builtins.length knownHosts > 0) {
text = (flip (concatMapStringsSep "\n") knownHosts
(h: assert h.hostNames != [];
concatStringsSep "," h.hostNames + " "
lib.optionalString h.certAuthority "@cert-authority " + concatStringsSep "," h.hostNames + " "
+ (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
)) + "\n";
};

12
modules/programs/tmux.nix
View file

@ -41,6 +41,7 @@ in
{
imports = [
(mkRenamedOptionModule [ "programs" "tmux" "tmuxConfig" ] [ "programs" "tmux" "extraConfig" ])
(mkRemovedOptionModule [ "programs" "tmux" "defaultCommand" ] "Use `programs.tmux.extraConfig` to configure the default command instead. If unset, tmux will default to using your system configured login shell.")
];
options = {
programs.tmux.enable = mkOption {
@ -84,11 +85,6 @@ in
description = "Cater to iTerm2 and its tmux integration, as appropriate.";
};
programs.tmux.defaultCommand = mkOption {
type = types.either types.str types.package;
description = "The default command to use for tmux panes.";
};
programs.tmux.tmuxOptions = mkOption {
internal = true;
type = types.attrsOf (types.submodule text);
@ -120,12 +116,6 @@ in
source-file -q /etc/tmux.conf.local
'';
programs.tmux.defaultCommand = mkDefault config.environment.loginShell;
programs.tmux.tmuxOptions.login-shell.text = ''
set -g default-command "${cfg.defaultCommand}"
'';
programs.tmux.tmuxOptions.sensible.text = mkIf cfg.enableSensible ''
set -g default-terminal "screen-256color"
setw -g aggressive-resize on

45
modules/programs/zsh/default.nix
View file

@ -18,7 +18,7 @@ in
options = {
programs.zsh.enable = mkOption {
type = types.bool;
default = false;
default = true;
description = "Whether to configure zsh as an interactive shell.";
};
@ -107,15 +107,24 @@ in
default = false;
description = "Enable zsh-syntax-highlighting.";
};
programs.zsh.enableFastSyntaxHighlighting = mkEnableOption "zsh-fast-syntax-highlighting";
};
config = mkIf cfg.enable {
assertions = [
{
assertion = !(cfg.enableSyntaxHighlighting && cfg.enableFastSyntaxHighlighting);
message = "zsh-syntax-highlighting and zsh-fast-syntax-highlighting are mutually exclusive, please disable one of them.";
}
];
environment.systemPackages =
[ # Include zsh package
pkgs.zsh
] ++ optional cfg.enableCompletion pkgs.nix-zsh-completions
++ optional cfg.enableSyntaxHighlighting pkgs.zsh-syntax-highlighting;
++ optional cfg.enableSyntaxHighlighting pkgs.zsh-syntax-highlighting
++ optional cfg.enableFastSyntaxHighlighting pkgs.zsh-fast-syntax-highlighting;
environment.pathsToLink = [ "/share/zsh" ];
@ -124,19 +133,22 @@ in
# This file is read for all shells.
# Only execute this file once per shell.
# But don't clobber the environment of interactive non-login children!
if [ -n "$__ETC_ZSHENV_SOURCED" ]; then return; fi
export __ETC_ZSHENV_SOURCED=1
if [ -n "''${__ETC_ZSHENV_SOURCED-}" ]; then return; fi
__ETC_ZSHENV_SOURCED=1
# Don't execute this file when running in a pure nix-shell.
if test -n "$IN_NIX_SHELL"; then return; fi
if [[ -o rcs ]]; then
if [ -z "''${__NIX_DARWIN_SET_ENVIRONMENT_DONE-}" ]; then
. ${config.system.build.setEnvironment}
fi
if [ -z "$__NIX_DARWIN_SET_ENVIRONMENT_DONE" ]; then
. ${config.system.build.setEnvironment}
# Tell zsh how to find installed completions
for p in ''${(z)NIX_PROFILES}; do
fpath=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions $fpath)
done
${cfg.shellInit}
fi
${cfg.shellInit}
# Read system-wide modifications.
if test -f /etc/zshenv.local; then
source /etc/zshenv.local
@ -148,7 +160,7 @@ in
# This file is read for login shells.
# Only execute this file once per shell.
if [ -n "$__ETC_ZPROFILE_SOURCED" ]; then return; fi
if [ -n "''${__ETC_ZPROFILE_SOURCED-}" ]; then return; fi
__ETC_ZPROFILE_SOURCED=1
${concatStringsSep "\n" zshVariables}
@ -182,11 +194,6 @@ in
${config.environment.interactiveShellInit}
${cfg.interactiveShellInit}
# Tell zsh how to find installed completions
for p in ''${(z)NIX_PROFILES}; do
fpath+=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions)
done
${cfg.promptInit}
${optionalString cfg.enableGlobalCompInit "autoload -U compinit && compinit"}
@ -196,6 +203,10 @@ in
"source ${pkgs.zsh-syntax-highlighting}/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh"
}
${optionalString cfg.enableFastSyntaxHighlighting
"source ${pkgs.zsh-fast-syntax-highlighting}/share/zsh-fast-syntax-highlighting/zsh-fast-syntax-highlighting.zsh"
}
${optionalString cfg.enableFzfCompletion "source ${fzfCompletion}"}
${optionalString cfg.enableFzfGit "source ${fzfGit}"}
${optionalString cfg.enableFzfHistory "source ${fzfHistory}"}

20
modules/services/activate-system/default.nix
View file

@ -1,22 +1,11 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.activate-system;
in
{
options = {
services.activate-system.enable = mkOption {
type = types.bool;
default = true;
description = "Whether to activate system at boot time.";
};
};
config = mkIf cfg.enable {
imports = [
(lib.mkRemovedOptionModule [ "services" "activate-system" "enable" ] "The `activate-system` service is now always enabled as it is necessary for a working `nix-darwin` setup.")
];
config = {
launchd.daemons.activate-system = {
script = ''
set -e
@ -41,6 +30,5 @@ in
serviceConfig.RunAtLoad = true;
serviceConfig.KeepAlive.SuccessfulExit = false;
};
};
}

163
modules/services/aerospace/default.nix Normal file
View file

@ -0,0 +1,163 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.aerospace;
format = pkgs.formats.toml { };
configFile = format.generate "aerospace.toml" cfg.settings;
in
{
options = {
services.aerospace = with lib.types; {
enable = lib.mkEnableOption "AeroSpace window manager";
package = lib.mkPackageOption pkgs "aerospace" { };
settings = lib.mkOption {
type = submodule {
freeformType = format.type;
options = {
start-at-login = lib.mkOption {
type = bool;
default = false;
description = "Do not start AeroSpace at login. (Managed by launchd instead)";
};
after-login-command = lib.mkOption {
type = listOf str;
default = [ ];
description = "Do not use AeroSpace to run commands after login. (Managed by launchd instead)";
};
after-startup-command = lib.mkOption {
type = listOf str;
default = [ ];
description = "Do not use AeroSpace to run commands after startup. (Managed by launchd instead)";
};
enable-normalization-flatten-containers = lib.mkOption {
type = bool;
default = true;
description = "Containers that have only one child are \"flattened\".";
};
enable-normalization-opposite-orientation-for-nested-containers = lib.mkOption {
type = bool;
default = true;
description = "Containers that nest into each other must have opposite orientations.";
};
accordion-padding = lib.mkOption {
type = int;
default = 30;
description = "Padding between windows in an accordion container.";
};
default-root-container-layout = lib.mkOption {
type = enum [
"tiles"
"accordion"
];
default = "tiles";
description = "Default layout for the root container.";
};
default-root-container-orientation = lib.mkOption {
type = enum [
"horizontal"
"vertical"
"auto"
];
default = "auto";
description = "Default orientation for the root container.";
};
on-window-detected = lib.mkOption {
type = listOf str;
default = [ ];
description = "Commands to run every time a new window is detected.";
};
on-focus-changed = lib.mkOption {
type = listOf str;
default = [ ];
description = "Commands to run every time focused window or workspace changes.";
};
on-focused-monitor-changed = lib.mkOption {
type = listOf str;
default = [ "move-mouse monitor-lazy-center" ];
description = "Commands to run every time focused monitor changes.";
};
exec-on-workspace-change = lib.mkOption {
type = listOf str;
default = [ ];
example = [
"/bin/bash"
"-c"
"sketchybar --trigger aerospace_workspace_change FOCUSED=$AEROSPACE_FOCUSED_WORKSPACE"
];
description = "Commands to run every time workspace changes.";
};
key-mapping.preset = lib.mkOption {
type = enum [
"qwerty"
"dvorak"
];
default = "qwerty";
description = "Keymapping preset.";
};
};
};
default = { };
example = lib.literalExpression ''
{
gaps = {
outer.left = 8;
outer.bottom = 8;
outer.top = 8;
outer.right = 8;
};
mode.main.binding = {
alt-h = "focus left";
alt-j = "focus down";
alt-k = "focus up";
alt-l = "focus right";
};
}
'';
description = ''
AeroSpace configuration, see
<link xlink:href="https://nikitabobko.github.io/AeroSpace/guide#configuring-aerospace"/>
for supported values.
'';
};
};
};
config = (
lib.mkIf (cfg.enable) {
assertions = [
{
assertion = !cfg.settings.start-at-login;
message = "AeroSpace started at login is managed by home-manager and launchd instead of itself via this option.";
}
{
assertion = cfg.settings.after-login-command == [ ];
message = "AeroSpace will not run these commands as it does not start itself.";
}
{
assertion = cfg.settings.after-startup-command == [ ];
message = "AeroSpace will not run these commands as it does not start itself.";
}
];
environment.systemPackages = [ cfg.package ];
launchd.user.agents.aerospace = {
command =
"${cfg.package}/Applications/AeroSpace.app/Contents/MacOS/AeroSpace"
+ (lib.optionalString (cfg.settings != { }) " --config-path ${configFile}");
serviceConfig = {
KeepAlive = true;
RunAtLoad = true;
};
};
}
);
}

2
modules/services/buildkite-agents.nix
View file

@ -237,7 +237,7 @@ in
tagStr = lib.concatStringsSep "," (lib.mapAttrsToList (name: value: "${name}=${value}") cfg.tags);
in
optionalString (cfg.privateSshKeyPath != null) ''
mkdir -m 0700 -p "${sshDir}"
mkdir -m 0700 "${sshDir}"
install -m600 "${toString cfg.privateSshKeyPath}" "${sshDir}/id_rsa"
'' + ''
cat > "${cfg.dataDir}/buildkite-agent.cfg" <<EOF

8
modules/services/emacs.nix
View file

@ -44,9 +44,11 @@ in {
launchd.user.agents.emacs = {
path = cfg.additionalPath ++ [ config.environment.systemPath ];
serviceConfig.ProgramArguments =
[ "${cfg.package}/bin/${cfg.exec}" "--fg-daemon" ];
serviceConfig.RunAtLoad = true;
serviceConfig = {
ProgramArguments = [ "${cfg.package}/bin/${cfg.exec}" "--fg-daemon" ];
RunAtLoad = true;
KeepAlive = true;
};
};
};

6
modules/services/github-runner/options.nix
View file

@ -22,12 +22,12 @@ with lib;
* `/var/lib/github-runners/<name>`:
State directory to store the runner registration credentials
* `/var/lib/github-runners/_work/<name>`:
Working directory for workflow files. The runner only uses this
directory if `workDir` is `null` (see the `workDir` option for details).
* `/var/log/github-runners/<name>`:
The launchd service writes the stdout and stderr streams to this
directory.
* `/var/run/github-runners/<name>`:
Working directory for workflow files. The runner only uses this
directory if `workDir` is `null` (see the `workDir` option for details).
'';
example = {
runner1 = {

34
modules/services/github-runner/service.nix
View file

@ -4,7 +4,7 @@ let
mkSvcName = name: "github-runner-${name}";
mkStateDir = cfg: "/var/lib/github-runners/${cfg.name}";
mkLogDir = cfg: "/var/log/github-runners/${cfg.name}";
mkWorkDir = cfg: if (cfg.workDir != null) then cfg.workDir else "/var/run/github-runners/${cfg.name}";
mkWorkDir = cfg: if (cfg.workDir != null) then cfg.workDir else "/var/lib/github-runners/_work/${cfg.name}";
in
{
config.assertions = flatten (
@ -17,6 +17,10 @@ in
assertion = !cfg.noDefaultLabels || (cfg.extraLabels != [ ]);
message = "`services.github-runners.${name}`: The `extraLabels` option is mandatory if `noDefaultLabels` is set";
}
{
assertion = cfg.workDir == null || !(hasPrefix "/run/" cfg.workDir || hasPrefix "/var/run/" cfg.workDir || hasPrefix "/private/var/run/");
message = "`services.github-runners.${name}`: `workDir` being inside /run is not supported";
}
])
);
@ -44,14 +48,20 @@ in
text = mkBefore (''
echo >&2 "setting up GitHub Runner '${cfg.name}'..."
${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkStateDir cfg)}
${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkStateDir cfg)}
(
umask -S u=rwx,g=rx,o= > /dev/null
${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkLogDir cfg)}
${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkLogDir cfg)}
'' + optionalString (cfg.workDir == null) ''
${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkWorkDir cfg)}
${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkWorkDir cfg)}
${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkStateDir cfg)}
${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkStateDir cfg)}
${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkLogDir cfg)}
${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkLogDir cfg)}
${optionalString (cfg.workDir == null) ''
${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkWorkDir cfg)}
${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkWorkDir cfg)}
''}
)
'');
};
}));
@ -84,9 +94,13 @@ in
script =
let
# https://github.com/NixOS/nixpkgs/pull/333744 introduced an inconsistency with different
# versions of nixpkgs. Use the old version of escapeShellArg to make sure that labels
# are always escaped to avoid https://www.shellcheck.net/wiki/SC2054
escapeShellArgAlways = string: "'${replaceStrings ["'"] ["'\\''"] (toString string)}'";
configure = pkgs.writeShellApplication {
name = "configure-github-runner-${name}";
text = ''
text = /*bash*/''
export RUNNER_ROOT
args=(
@ -94,7 +108,7 @@ in
--disableupdate
--work ${escapeShellArg workDir}
--url ${escapeShellArg cfg.url}
--labels ${escapeShellArg (concatStringsSep "," cfg.extraLabels)}
--labels ${escapeShellArgAlways (concatStringsSep "," cfg.extraLabels)}
${optionalString (cfg.name != null ) "--name ${escapeShellArg cfg.name}"}
${optionalString cfg.replace "--replace"}
${optionalString (cfg.runnerGroup != null) "--runnergroup ${escapeShellArg cfg.runnerGroup}"}

167
modules/services/jankyborders/default.nix Normal file
View file

@ -0,0 +1,167 @@
{
config,
lib,
pkgs,
...
}: let
inherit (lib) maintainers mkEnableOption mkIf mkPackageOption mkOption types;
cfg = config.services.jankyborders;
joinStrings = strings: builtins.concatStringsSep "," strings;
optionalArg = arg: value:
if value != null && value != ""
then
if lib.isList value
then lib.map (val: "${arg}=${val}") value
else ["${arg}=${value}"]
else [];
in {
meta.maintainers = [
maintainers.amsynist or "amsynist"
];
options.services.jankyborders = {
enable = mkEnableOption "Enable the jankyborders service.";
package = mkPackageOption pkgs "jankyborders" {};
width = mkOption {
type = types.float;
default = 5.0;
description = ''
Determines the width of the border. For example, width=5.0 creates a border 5.0 points wide.
'';
};
hidpi = mkOption {
type = types.bool;
default = false;
description = ''
If set to on, the border will be drawn with retina resolution.
'';
};
active_color = mkOption {
type = types.str;
default = "0xFFFFFFFF";
example = "0xFFFFFFFF";
description = ''
Sets the border color for the focused window (format: 0xAARRGGBB). For instance, active_color="0xff00ff00" creates a green border.
For Gradient Border : active_color="gradient(top_right=0x9992B3F5,bottom_left=0x9992B3F5)"
'';
};
inactive_color = mkOption {
type = types.str;
default = "0xFFFFFFFF";
example = "0xFFFFFFFF";
description = ''
Sets the border color for all windows not in focus (format: 0xAARRGGBB).
For Gradient Border : inactive_color="gradient(top_right=0x9992B3F5,bottom_left=0x9992B3F5)"
'';
};
background_color = mkOption {
type = types.str;
default = "";
example = "0xFFFFFFFF";
description = ''
Sets the background fill color for all windows (only 0xAARRGGBB arguments supported).
'';
};
style = mkOption {
type = types.str;
default = "round";
example = "square/round";
description = ''
Specifies the style of the border (either round or square).
'';
};
order = mkOption {
type = types.enum [ "above" "below" ];
default = "below";
example = "above";
description = ''
Specifies whether borders should be drawn above or below windows.
'';
};
blur_radius = mkOption {
type = types.float;
default = 0.0;
example = 5.0;
description = ''
Sets the blur radius applied to the borders or backgrounds with transparency.
'';
};
ax_focus = mkOption {
type = types.bool;
default = false;
description = ''
If set to true, the (slower) accessibility API is used to resolve the focused window.
'';
};
blacklist = mkOption {
type = types.listOf types.str;
default = [];
example = ["Safari" "kitty"];
description = ''
The applications specified here are excluded from being bordered.
For example, blacklist = [ "Safari" "kitty" ] excludes Safari and kitty from being bordered.
'';
};
whitelist = mkOption {
type = types.listOf types.str;
default = [];
example = ["Arc" "USB Overdrive"];
description = ''
Once this list is populated, only applications listed here are considered for receiving a border.
If the whitelist is empty (default) it is inactive.
'';
};
};
config = mkIf cfg.enable {
assertions = [
{
assertion = !(cfg.blacklist != [] && cfg.whitelist != []);
message = "Cannot define both a blacklist and a whitelist for jankyborders.";
}
];
environment.systemPackages = [cfg.package];
launchd.user.agents.jankyborders = {
serviceConfig.ProgramArguments =
[
"${cfg.package}/bin/borders"
]
++ (optionalArg "width" (toString cfg.width))
++ (optionalArg "hidpi" (
if cfg.hidpi
then "on"
else "off"
))
++ (optionalArg "active_color" cfg.active_color)
++ (optionalArg "inactive_color" cfg.inactive_color)
++ (optionalArg "background_color" cfg.background_color)
++ (optionalArg "style" cfg.style)
++ (optionalArg "blur_radius" (toString cfg.blur_radius))
++ (optionalArg "ax_focus" (
if cfg.ax_focus
then "on"
else "off"
))
++ (optionalArg "blacklist" (joinStrings cfg.blacklist))
++ (optionalArg "whitelist" (joinStrings cfg.whitelist))
++ (optionalArg "order" cfg.order);
serviceConfig.KeepAlive = true;
serviceConfig.RunAtLoad = true;
};
};
}

41
modules/services/karabiner-elements/default.nix
View file

@ -9,18 +9,19 @@ let
in
{
options = {
services.karabiner-elements.enable = mkEnableOption "Karabiner-Elements";
options.services.karabiner-elements = {
enable = mkEnableOption "Karabiner-Elements";
package = mkPackageOption pkgs "karabiner-elements" { };
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.karabiner-elements ];
environment.systemPackages = [ cfg.package ];
system.activationScripts.preActivation.text = ''
rm -rf ${parentAppDir}
mkdir -p ${parentAppDir}
# Kernel extensions must reside inside of /Applications, they cannot be symlinks
cp -r ${pkgs.karabiner-elements.driver}/Applications/.Karabiner-VirtualHIDDevice-Manager.app ${parentAppDir}
cp -r ${cfg.package.driver}/Applications/.Karabiner-VirtualHIDDevice-Manager.app ${parentAppDir}
'';
system.activationScripts.postActivation.text = ''
@ -38,21 +39,18 @@ in
# the system extension is activated, so we can call activate from the manager
# which will block until the system extension is activated.
launchd.daemons.start_karabiner_daemons = {
serviceConfig.ProgramArguments = [
"/bin/sh" "-c"
"/bin/wait4path /nix/store &amp;&amp; ${pkgs.writeScript "start_karabiner_daemons" ''
script = ''
${parentAppDir}/.Karabiner-VirtualHIDDevice-Manager.app/Contents/MacOS/Karabiner-VirtualHIDDevice-Manager activate
launchctl kickstart system/org.pqrs.karabiner.karabiner_grabber
launchctl kickstart system/org.pqrs.karabiner.karabiner_observer
''}"
];
'';
serviceConfig.Label = "org.nixos.start_karabiner_daemons";
serviceConfig.RunAtLoad = true;
};
launchd.daemons.karabiner_grabber = {
serviceConfig.ProgramArguments = [
"${pkgs.karabiner-elements}/Library/Application Support/org.pqrs/Karabiner-Elements/bin/karabiner_grabber"
"${cfg.package}/Library/Application Support/org.pqrs/Karabiner-Elements/bin/karabiner_grabber"
];
serviceConfig.ProcessType = "Interactive";
serviceConfig.Label = "org.pqrs.karabiner.karabiner_grabber";
@ -63,7 +61,7 @@ in
launchd.daemons.karabiner_observer = {
serviceConfig.ProgramArguments = [
"${pkgs.karabiner-elements}/Library/Application Support/org.pqrs/Karabiner-Elements/bin/karabiner_observer"
"${cfg.package}/Library/Application Support/org.pqrs/Karabiner-Elements/bin/karabiner_observer"
];
serviceConfig.Label = "org.pqrs.karabiner.karabiner_observer";
@ -73,11 +71,7 @@ in
};
launchd.daemons.Karabiner-DriverKit-VirtualHIDDeviceClient = {
serviceConfig.ProgramArguments = [
"/bin/sh" "-c"
# For unknown reasons this daemon will fail if VirtualHIDDeviceClient is not exec'd.
"/bin/wait4path /nix/store &amp;&amp; exec \"${pkgs.karabiner-elements.driver}/Library/Application Support/org.pqrs/Karabiner-DriverKit-VirtualHIDDevice/Applications/Karabiner-DriverKit-VirtualHIDDeviceClient.app/Contents/MacOS/Karabiner-DriverKit-VirtualHIDDeviceClient\""
];
command = "\"${cfg.package.driver}/Library/Application Support/org.pqrs/Karabiner-DriverKit-VirtualHIDDevice/Applications/Karabiner-DriverKit-VirtualHIDDeviceClient.app/Contents/MacOS/Karabiner-DriverKit-VirtualHIDDeviceClient\"";
serviceConfig.ProcessType = "Interactive";
serviceConfig.Label = "org.pqrs.Karabiner-DriverKit-VirtualHIDDeviceClient";
serviceConfig.KeepAlive = true;
@ -95,14 +89,11 @@ in
# We need this to run every reboot as /run gets nuked so we can't put this
# inside the preActivation script as it only gets run on darwin-rebuild switch.
launchd.daemons.setsuid_karabiner_session_monitor = {
serviceConfig.ProgramArguments = [
"/bin/sh" "-c"
"/bin/wait4path /nix/store &amp;&amp; ${pkgs.writeScript "setsuid_karabiner_session_monitor" ''
script = ''
rm -rf /run/wrappers
mkdir -p /run/wrappers/bin
install -m4555 "${pkgs.karabiner-elements}/Library/Application Support/org.pqrs/Karabiner-Elements/bin/karabiner_session_monitor" /run/wrappers/bin
''}"
];
install -m4555 "${cfg.package}/Library/Application Support/org.pqrs/Karabiner-Elements/bin/karabiner_session_monitor" /run/wrappers/bin
'';
serviceConfig.RunAtLoad = true;
serviceConfig.KeepAlive.SuccessfulExit = false;
};
@ -116,8 +107,8 @@ in
serviceConfig.KeepAlive = true;
};
environment.userLaunchAgents."org.pqrs.karabiner.agent.karabiner_grabber.plist".source = "${pkgs.karabiner-elements}/Library/LaunchAgents/org.pqrs.karabiner.agent.karabiner_grabber.plist";
environment.userLaunchAgents."org.pqrs.karabiner.agent.karabiner_observer.plist".source = "${pkgs.karabiner-elements}/Library/LaunchAgents/org.pqrs.karabiner.agent.karabiner_observer.plist";
environment.userLaunchAgents."org.pqrs.karabiner.karabiner_console_user_server.plist".source = "${pkgs.karabiner-elements}/Library/LaunchAgents/org.pqrs.karabiner.karabiner_console_user_server.plist";
environment.userLaunchAgents."org.pqrs.karabiner.agent.karabiner_grabber.plist".source = "${cfg.package}/Library/LaunchAgents/org.pqrs.karabiner.agent.karabiner_grabber.plist";
environment.userLaunchAgents."org.pqrs.karabiner.agent.karabiner_observer.plist".source = "${cfg.package}/Library/LaunchAgents/org.pqrs.karabiner.agent.karabiner_observer.plist";
environment.userLaunchAgents."org.pqrs.karabiner.karabiner_console_user_server.plist".source = "${cfg.package}/Library/LaunchAgents/org.pqrs.karabiner.karabiner_console_user_server.plist";
};
}

55
modules/services/monitoring/netdata.nix Normal file
View file

@ -0,0 +1,55 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.netdata;
in {
meta.maintainers = [ lib.maintainers.rsrohitsingh682 or "rsrohitsingh682" ];
options = {
services.netdata = {
enable = mkEnableOption "Netdata daemon";
package = lib.mkPackageOption pkgs "netdata" {};
config = mkOption {
type = types.lines;
default = "";
description = "Custom configuration for Netdata";
};
workDir = mkOption {
type = types.path;
default = "/var/lib/netdata";
description = "Working directory for Netdata";
};
logDir = mkOption {
type = types.path;
default = "/var/log/netdata";
description = "Log directory for Netdata";
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
launchd.daemons.netdata = {
serviceConfig = {
Label = "netdata";
KeepAlive = true;
WorkingDirectory = cfg.workDir;
StandardErrorPath = "${cfg.logDir}/netdata.log";
StandardOutPath = "${cfg.logDir}/netdata.log";
};
command = lib.getExe cfg.package;
};
environment.etc."netdata/netdata.conf".text = cfg.config;
system.activationScripts.preActivation.text = ''
mkdir -p ${cfg.workDir}
'';
};
}

121
modules/services/monitoring/prometheus-node-exporter.nix Normal file
View file

@ -0,0 +1,121 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
concatStringsSep
escapeShellArgs
getExe
mkEnableOption
mkIf
mkOption
mkPackageOption
mkRemovedOptionModule
types
;
cfg = config.services.prometheus.exporters.node;
in {
imports = [
(mkRemovedOptionModule [ "services" "prometheus" "exporters" "node" "openFirewall" ] "No nix-darwin equivalent to this NixOS option.")
(mkRemovedOptionModule [ "services" "prometheus" "exporters" "node" "firewallFilter" ] "No nix-darwin equivalent to this NixOS option.")
(mkRemovedOptionModule [ "services" "prometheus" "exporters" "node" "firewallRules" ] "No nix-darwin equivalent to this NixOS option.")
];
options = {
services.prometheus.exporters.node = {
enable = mkEnableOption "Prometheus Node exporter";
package = mkPackageOption pkgs "prometheus-node-exporter" { };
listenAddress = mkOption {
type = types.str;
default = "";
example = "0.0.0.0";
description = ''
Address where Node exporter exposes its HTTP interface. Leave empty to bind to all addresses.
'';
};
port = mkOption {
type = types.port;
default = 9100;
description = ''
Port where the Node exporter exposes its HTTP interface.
'';
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "--log.level=debug" ];
description = ''
Extra commandline options to pass to the Node exporter executable.
'';
};
enabledCollectors = mkOption {
type = types.listOf types.str;
default = [ ];
description = ''
Collectors to enable in addition to the ones that are [enabled by default](https://github.com/prometheus/node_exporter#enabled-by-default).
'';
};
disabledCollectors = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "boottime" ];
description = ''
Collectors to disable from the list of collectors that are [enabled by default](https://github.com/prometheus/node_exporter#enabled-by-default).
'';
};
};
};
config = mkIf cfg.enable {
users.users._prometheus-node-exporter = {
uid = config.ids.uids._prometheus-node-exporter;
gid = config.ids.gids._prometheus-node-exporter;
home = "/var/lib/prometheus-node-exporter";
createHome = true;
shell = "/usr/bin/false";
description = "System user for the Prometheus Node exporter";
};
users.groups._prometheus-node-exporter = {
gid = config.ids.gids._prometheus-node-exporter;
description = "System group for the Prometheus Node exporter";
};
users.knownGroups = [ "_prometheus-node-exporter" ];
users.knownUsers = [ "_prometheus-node-exporter" ];
launchd.daemons.prometheus-node-exporter = {
script = concatStringsSep " "
([
(getExe cfg.package)
"--web.listen-address"
"${cfg.listenAddress}:${toString cfg.port}"
]
++ (map (collector: "--collector.${collector}") cfg.enabledCollectors)
++ (map (collector: "--no-collector.${collector}") cfg.disabledCollectors)
) + escapeShellArgs cfg.extraFlags;
serviceConfig = let
logPath = config.users.users._prometheus-node-exporter.home
+ "/prometheus-node-exporter.log";
in {
KeepAlive = true;
RunAtLoad = true;
StandardErrorPath = logPath;
StandardOutPath = logPath;
GroupName = "_prometheus-node-exporter";
UserName = "_prometheus-node-exporter";
};
};
};
}

13
modules/services/nix-daemon.nix
View file

@ -1,16 +1,16 @@
{ config, lib, pkgs, ... }:
with lib;
{ config, lib, ... }:
let
cfg = config.services.nix-daemon;
inherit (lib) mkDefault mkIf mkMerge mkOption types;
in
{
options = {
services.nix-daemon.enable = mkOption {
type = types.bool;
default = false;
default = true;
description = "Whether to enable the nix-daemon service.";
};
@ -44,10 +44,7 @@ in
nix.useDaemon = true;
launchd.daemons.nix-daemon = {
serviceConfig.ProgramArguments = [
"/bin/sh" "-c"
"/bin/wait4path ${config.nix.package}/bin/nix-daemon &amp;&amp; exec ${config.nix.package}/bin/nix-daemon"
];
command = lib.getExe' config.nix.package "nix-daemon";
serviceConfig.ProcessType = config.nix.daemonProcessType;
serviceConfig.LowPriorityIO = config.nix.daemonIOLowPriority;
serviceConfig.Label = "org.nixos.nix-daemon"; # must match daemon installed by Nix regardless of the launchd label Prefix

5
modules/services/nix-optimise/default.nix
View file

@ -62,11 +62,8 @@ in
launchd.daemons.nix-optimise = {
environment.NIX_REMOTE = optionalString config.nix.useDaemon "daemon";
command = "${lib.getExe' config.nix.package "nix-store"} --optimise";
serviceConfig = {
ProgramArguments = [
"/bin/sh" "-c"
"/bin/wait4path ${config.nix.package} &amp;&amp; exec ${config.nix.package}/bin/nix-store --optimise"
];
RunAtLoad = false;
StartCalendarInterval = cfg.interval;
UserName = cfg.user;

10
modules/services/ofborg/default.nix
View file

@ -46,12 +46,6 @@ in
};
config = mkIf cfg.enable {
assertions = [
{ assertion = elem "ofborg" config.users.knownGroups; message = "set users.knownGroups to enable ofborg group"; }
{ assertion = elem "ofborg" config.users.knownUsers; message = "set users.knownUsers to enable ofborg user"; }
];
warnings = mkIf (isDerivation cfg.configFile) [
"services.ofborg.configFile is a derivation, credentials will be world readable"
];
@ -87,9 +81,13 @@ in
users.users.ofborg.shell = "/bin/bash";
users.users.ofborg.description = "OfBorg service user";
users.knownUsers = [ "ofborg" ];
users.groups.ofborg.gid = mkDefault 531;
users.groups.ofborg.description = "Nix group for OfBorg service";
users.knownGroups = [ "ofborg" ];
# FIXME: create logfiles automatically if defined.
system.activationScripts.preActivation.text = ''
mkdir -p '${user.home}'

9
modules/services/postgresql/default.nix
View file

@ -237,10 +237,10 @@ in
for an overview of `postgresql.conf`.
::: {.note}
String values will automatically be enclosed in single quotes. Single quotes will be
escaped with two single quotes as described by the upstream documentation linked above.
:::
'';
example = literalExpression ''
@ -355,11 +355,14 @@ in
"${cfg.dataDir}/recovery.conf"
''}
exec ${postgresql}/bin/postgres -D ${cfg.dataDir}
exec ${postgresql}/bin/postgres
'';
serviceConfig.KeepAlive = true;
serviceConfig.RunAtLoad = true;
serviceConfig.EnvironmentVariables = {
PGDATA = cfg.dataDir;
};
};
};

1
modules/services/skhd/default.nix
View file

@ -29,6 +29,7 @@ in
};
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
environment.etc."skhdrc".text = cfg.skhdConfig;

5
modules/services/tailscale.nix
View file

@ -54,12 +54,9 @@ in
launchd.daemons.tailscaled = {
# derived from
# https://github.com/tailscale/tailscale/blob/main/cmd/tailscaled/install_darwin.go#L30
command = lib.getExe' cfg.package "tailscaled";
serviceConfig = {
Label = "com.tailscale.tailscaled";
ProgramArguments = [
"/bin/sh" "-c"
"/bin/wait4path ${cfg.package} &amp;&amp; ${cfg.package}/bin/tailscaled"
];
RunAtLoad = true;
};
};

4
modules/system/activation-scripts.nix
View file

@ -67,6 +67,7 @@ in
${cfg.activationScripts.nix-daemon.text}
${cfg.activationScripts.time.text}
${cfg.activationScripts.networking.text}
${cfg.activationScripts.power.text}
${cfg.activationScripts.keyboard.text}
${cfg.activationScripts.fonts.text}
${cfg.activationScripts.nvram.text}
@ -85,6 +86,7 @@ in
exit $_status
'';
# FIXME: activationScripts.checks should be system level
system.activationScripts.userScript.text = ''
#! ${stdenv.shell}
set -e
@ -101,6 +103,8 @@ in
${cfg.activationScripts.preUserActivation.text}
# This should be running at the system level, but as user activation runs first
# we run it here with sudo
${cfg.activationScripts.createRun.text}
${cfg.activationScripts.checks.text}
${cfg.activationScripts.etcChecks.text}

53
modules/system/base.nix
View file

@ -2,22 +2,49 @@
{
system.activationScripts.createRun.text = ''
if ! test -L /run; then
IFS="." read -r -a macOSVersion <<< "$(sw_vers -productVersion)"
if [[ ''${macOSVersion[0]} -gt 10 || ( ''${macOSVersion[0]} -eq 10 && ''${macOSVersion[1]} -ge 15 ) ]]; then
if ! grep -q '^run\b' /etc/synthetic.conf 2>/dev/null; then
echo "setting up /run via /etc/synthetic.conf..."
echo -e "run\tprivate/var/run" | sudo tee -a /etc/synthetic.conf >/dev/null
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B &>/dev/null || true
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t &>/dev/null || true
if ! test -L /run; then
echo "warning: apfs.util failed to symlink /run"
fi
echo "setting up /run via /etc/synthetic.conf..."
printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf >/dev/null
fi
if ! test -L /run; then
echo "setting up /run..."
sudo ln -sfn private/var/run /run
if [[ ''${macOSVersion[0]} -gt 10 ]]; then
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t || true
else
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B || true
fi
if ! test -L /run; then
echo "warning: failed to symlink /run"
if [[ ! -L /run ]]; then
printf >&2 'error: apfs.util failed to symlink /run, aborting activation\n'
printf >&2 'To create a symlink from /run to /var/run, please run:\n'
printf >&2 '\n'
printf >&2 "$ printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf"
if [[ ''${macOSVersion[0]} -gt 10 ]]; then
printf >&2 '$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t\n'
else
printf >&2 '$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B\n'
fi
printf >&2 '\n'
printf >&2 'The current contents of /etc/synthetic.conf is:\n'
printf >&2 '\n'
sudo sed 's/^/ /' /etc/synthetic.conf >&2
printf >&2 '\n'
exit 1
fi
else
echo "setting up /run..."
sudo ln -sfn private/var/run /run
if [[ ! -L /run ]]; then
printf >&2 'error: failed to symlink /run, aborting activation\n'
printf >&2 'To create a symlink from /run to /var/run, please run:\n'
printf >&2 '\n'
printf >&2 '$ sudo ln -sfn private/var/link /run\n'
exit 1
fi
fi
'';

169
modules/system/checks.nix
View file

@ -3,6 +3,9 @@
with lib;
let
# Similar to lib.escapeShellArg but escapes "s instead of 's, to allow for parameter expansion in shells
escapeDoubleQuote = arg: ''"${replaceStrings ["\""] ["\"\\\"\""] (toString arg)}"'';
cfg = config.system.checks;
darwinChanges = ''
@ -22,42 +25,74 @@ let
'';
runLink = ''
if ! test -e /run; then
echo "error: Directory /run does not exist, aborting activation" >&2
echo "Create a symlink to /var/run with:" >&2
if test -e /etc/synthetic.conf; then
echo >&2
echo "$ printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf" >&2
echo "$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B # For Catalina" >&2
echo "$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t # For Big Sur and later" >&2
echo >&2
echo "The current contents of /etc/synthetic.conf is:" >&2
echo >&2
sed 's/^/ /' /etc/synthetic.conf >&2
echo >&2
else
echo >&2
echo "$ sudo ln -s private/var/run /run" >&2
echo >&2
fi
exit 2
if [[ ! -e /run ]]; then
printf >&2 'error: directory /run does not exist, aborting activation\n'
exit 1
fi
'';
oldBuildUsers = ''
if dscl . -list /Users | grep -q '^nixbld'; then
echo "warning: Detected old style nixbld users" >&2
echo "error: Detected old style nixbld users, aborting activation" >&2
echo "These can cause migration problems when upgrading to certain macOS versions" >&2
echo "You can enable the following option to migrate to new style nixbld users" >&2
echo >&2
echo " nix.configureBuildUsers = true;" >&2
echo >&2
echo "or disable this check with" >&2
echo >&2
echo " system.checks.verifyBuildUsers = false;" >&2
echo >&2
exit 2
fi
'';
preSequoiaBuildUsers = ''
${lib.optionalString config.nix.configureBuildUsers ''
# Dont complain when were about to migrate oldstyle build users…
if ! dscl . -list /Users | grep -q '^nixbld'; then
''}
firstBuildUserID=$(dscl . -read /Users/_nixbld1 UniqueID | awk '{print $2}')
if [[ $firstBuildUserID != ${toString (config.ids.uids.nixbld + 1)} ]]; then
printf >&2 '\e[1;31merror: Build users have unexpected UIDs, aborting activation\e[0m\n'
printf >&2 'The default Nix build user ID range has been adjusted for\n'
printf >&2 'compatibility with macOS Sequoia 15. Your _nixbld1 user currently has\n'
printf >&2 'UID %d rather than the new default of 351.\n' "$firstBuildUserID"
printf >&2 '\n'
printf >&2 'You can automatically migrate the users with the following command:\n'
printf >&2 '\n'
if [[ -e /nix/receipt.json ]]; then
if
${pkgs.jq}/bin/jq --exit-status \
'try(.planner.settings | has("enable_flakes"))' \
/nix/receipt.json \
>/dev/null
then
installerUrl="https://install.lix.systems/lix"
else
installerUrl="https://install.determinate.systems/nix"
fi
printf >&2 " curl --proto '=https' --tlsv1.2 -sSf -L %s | sh -s -- repair sequoia --move-existing-users\n" \
"$installerUrl"
else
printf >&2 " curl --proto '=https' --tlsv1.2 -sSf -L https://github.com/NixOS/nix/raw/master/scripts/sequoia-nixbld-user-migration.sh | bash -\n"
fi
printf >&2 '\n'
printf >&2 'If you have no intention of upgrading to macOS Sequoia 15, or already\n'
printf >&2 'have a custom UID range that you know is compatible with Sequoia, you\n'
printf >&2 'can disable this check by setting:\n'
printf >&2 '\n'
printf >&2 ' ids.uids.nixbld = %d;\n' "$((firstBuildUserID - 1))"
printf >&2 '\n'
exit 2
fi
${lib.optionalString config.nix.configureBuildUsers "fi"}
'';
buildUsers = ''
buildUser=$(dscl . -read /Groups/nixbld GroupMembership 2>&1 | awk '/^GroupMembership: / {print $2}') || true
if [ -z $buildUser ]; then
if [[ -z "$buildUser" ]]; then
echo "error: Using the nix-daemon requires build users, aborting activation" >&2
echo "Create the build users or disable the daemon:" >&2
echo "$ darwin-install" >&2
@ -70,21 +105,56 @@ let
fi
'';
singleUser = ''
if grep -q 'build-users-group =' /etc/nix/nix.conf; then
echo "error: The daemon is not enabled but this is a multi-user install, aborting activation" >&2
echo "Enable the nix-daemon service:" >&2
echo >&2
echo " services.nix-daemon.enable = true;" >&2
echo >&2
echo "or set" >&2
echo >&2
echo " nix.useDaemon = true;" >&2
echo >&2
buildGroupID = ''
buildGroupID=$(dscl . -read /Groups/nixbld PrimaryGroupID | awk '{print $2}')
expectedBuildGroupID=${toString config.ids.gids.nixbld}
if [[ $buildGroupID != "$expectedBuildGroupID" ]]; then
printf >&2 '\e[1;31merror: Build user group has mismatching GID, aborting activation\e[0m\n'
printf >&2 'The default Nix build user group ID was changed from 30000 to 350.\n'
printf >&2 'You are currently managing Nix build users with nix-darwin, but your\n'
printf >&2 'nixbld group has GID %d, whereas we expected %d.\n' \
"$buildGroupID" "$expectedBuildGroupID"
printf >&2 '\n'
printf >&2 'Possible causes include setting up a new Nix installation with an\n'
printf >&2 'existing nix-darwin configuration, setting up a new nix-darwin\n'
printf >&2 'installation with an existing Nix installation, or manually increasing\n'
# shellcheck disable=SC2016
printf >&2 'your `system.stateVersion` setting.\n'
printf >&2 '\n'
printf >&2 'You can set the configured group ID to match the actual value:\n'
printf >&2 '\n'
printf >&2 ' ids.gids.nixbld = %d;\n' "$buildGroupID"
printf >&2 '\n'
printf >&2 'We do not recommend trying to change the group ID with macOS user\n'
printf >&2 'management tools without a complete uninstallation and reinstallation\n'
printf >&2 'of Nix.\n'
exit 2
fi
'';
nixDaemon = if config.nix.useDaemon then ''
if ! dscl . -read /Groups/nixbld PrimaryGroupID &> /dev/null; then
printf >&2 'error: The daemon should not be enabled for single-user installs, aborting activation\n'
printf >&2 'Disable the nix-daemon service:\n'
printf >&2 '\n'
printf >&2 ' services.nix-daemon.enable = false;\n'
printf >&2 '\n'
# shellcheck disable=SC2016
printf >&2 'and remove `nix.useDaemon` from your configuration if it is present.\n'
printf >&2 '\n'
exit 2
fi
'' else ''
if dscl . -read /Groups/nixbld PrimaryGroupID &> /dev/null; then
printf >&2 'error: The daemon should be enabled for multi-user installs, aborting activation\n'
printf >&2 'Enable the nix-daemon service:\n'
printf >&2 '\n'
printf >&2 ' services.nix-daemon.enable = true;\n'
printf >&2 '\n'
exit 2
fi
'';
nixChannels = ''
channelsLink=$(readlink "$HOME/.nix-defexpr/channels") || true
case "$channelsLink" in
@ -121,7 +191,7 @@ let
'';
nixPath = ''
nixPath=${concatStringsSep ":" config.nix.nixPath}:$HOME/.nix-defexpr/channels
nixPath=${concatMapStringsSep ":" escapeDoubleQuote config.nix.nixPath}:$HOME/.nix-defexpr/channels
darwinConfig=$(NIX_PATH=$nixPath nix-instantiate --find-file darwin-config) || true
if ! test -e "$darwinConfig"; then
@ -197,7 +267,7 @@ let
echo "error: A single-user install can't run optimiser as root, aborting activation" >&2
echo "Configure the optimiser to run as the current user:" >&2
echo >&2
echo " nix.optimiser.user = \"$USER\";" >&2
echo " nix.optimise.user = \"$USER\";" >&2
echo >&2
exit 2
fi
@ -209,6 +279,7 @@ let
if [[ -d /etc/ssh/authorized_keys.d ]]; then
printf >&2 '\e[1;31merror: /etc/ssh/authorized_keys.d exists, aborting activation\e[0m\n'
printf >&2 'SECURITY NOTICE: The previous implementation of the\n'
# shellcheck disable=SC2016
printf >&2 '`users.users.<name>.openssh.authorizedKeys.*` options would not delete\n'
printf >&2 'authorized keys files when the setting for a given user was removed.\n'
printf >&2 '\n'
@ -224,6 +295,19 @@ let
exit 2
fi
'';
homebrewInstalled = ''
if [[ ! -f ${escapeShellArg config.homebrew.brewPrefix}/brew && -z "''${INSTALLING_HOMEBREW:-}" ]]; then
echo "error: Using the homebrew module requires homebrew installed, aborting activation" >&2
echo "Homebrew doesn't seem to be installed. Please install homebrew separately." >&2
echo "You can install homebrew using the following command:" >&2
echo >&2
# shellcheck disable=SC2016
echo ' /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"' >&2
echo >&2
exit 2
fi
'';
in
{
@ -236,13 +320,15 @@ in
system.checks.verifyNixChannels = mkOption {
type = types.bool;
default = true;
default = config.nix.channel.enable;
description = "Whether to run the nix-channels validation checks.";
};
system.checks.verifyBuildUsers = mkOption {
type = types.bool;
default = !(config.nix.settings.auto-allocate-uids or false);
default =
(config.nix.useDaemon && !(config.nix.settings.auto-allocate-uids or false))
|| config.nix.configureBuildUsers;
description = "Whether to run the Nix build users validation checks.";
};
@ -258,9 +344,11 @@ in
system.checks.text = mkMerge [
darwinChanges
runLink
oldBuildUsers
(mkIf (config.nix.useDaemon && cfg.verifyBuildUsers) buildUsers)
(mkIf (!config.nix.useDaemon) singleUser)
(mkIf (cfg.verifyBuildUsers && !config.nix.configureBuildUsers) oldBuildUsers)
(mkIf cfg.verifyBuildUsers buildUsers)
(mkIf cfg.verifyBuildUsers preSequoiaBuildUsers)
(mkIf config.nix.configureBuildUsers buildGroupID)
nixDaemon
nixStore
(mkIf (config.nix.gc.automatic && config.nix.gc.user == null) nixGarbageCollector)
(mkIf (config.nix.optimise.automatic && config.nix.optimise.user == null) nixStoreOptimiser)
@ -268,12 +356,13 @@ in
nixInstaller
(mkIf cfg.verifyNixPath nixPath)
oldSshAuthorizedKeysDirectory
(mkIf config.homebrew.enable homebrewInstalled)
];
system.activationScripts.checks.text = ''
${cfg.text}
if test ''${checkActivation:-0} -eq 1; then
if [[ "''${checkActivation:-0}" -eq 1 ]]; then
echo "ok" >&2
exit 0
fi

4
modules/system/default.nix
View file

@ -92,6 +92,8 @@ in
name = "darwin-system-${cfg.darwinLabel}";
preferLocalBuild = true;
nativeBuildInputs = [ pkgs.shellcheck ];
activationScript = cfg.activationScripts.script.text;
activationUserScript = cfg.activationScripts.userScript.text;
inherit (cfg) darwinLabel;
@ -133,6 +135,8 @@ in
chmod u+x $out/activate-user
unset activationUserScript
shellcheck $out/activate $out/activate-user
echo -n "$systemConfig" > $out/systemConfig
echo -n "$darwinLabel" > $out/darwin-version

20
modules/system/defaults-write.nix
View file

@ -14,7 +14,7 @@ let
alf = defaultsToList "/Library/Preferences/com.apple.alf" cfg.alf;
loginwindow = defaultsToList "/Library/Preferences/com.apple.loginwindow" cfg.loginwindow;
smb = defaultsToList "/Library/Preferences/SystemConfiguration/com.apple.smb.server" cfg.smb;
SoftwareUpdate = defaultsToList "/Library/Preferences/SystemConfiguration/com.apple.SoftwareUpdate" cfg.SoftwareUpdate;
SoftwareUpdate = defaultsToList "/Library/Preferences/com.apple.SoftwareUpdate" cfg.SoftwareUpdate;
# userDefaults
GlobalPreferences = defaultsToList ".GlobalPreferences" cfg.".GlobalPreferences";
@ -23,6 +23,7 @@ let
menuExtraClock = defaultsToList "com.apple.menuextra.clock" cfg.menuExtraClock;
dock = defaultsToList "com.apple.dock" cfg.dock;
finder = defaultsToList "com.apple.finder" cfg.finder;
hitoolbox = defaultsToList "com.apple.HIToolbox" cfg.hitoolbox;
magicmouse = defaultsToList "com.apple.AppleMultitouchMouse" cfg.magicmouse;
magicmouseBluetooth = defaultsToList "com.apple.driver.AppleMultitouchMouse.mouse" cfg.magicmouse;
screencapture = defaultsToList "com.apple.screencapture" cfg.screencapture;
@ -32,9 +33,12 @@ let
trackpadBluetooth = defaultsToList "com.apple.driver.AppleBluetoothMultitouch.trackpad" cfg.trackpad;
universalaccess = defaultsToList "com.apple.universalaccess" cfg.universalaccess;
ActivityMonitor = defaultsToList "com.apple.ActivityMonitor" cfg.ActivityMonitor;
WindowManager = defaultsToList "com.apple.WindowManager" cfg.WindowManager;
controlcenter = defaultsToList "~/Library/Preferences/ByHost/com.apple.controlcenter" cfg.controlcenter;
CustomUserPreferences = flatten (mapAttrsToList (name: value: defaultsToList name value) cfg.CustomUserPreferences);
CustomSystemPreferences = flatten (mapAttrsToList (name: value: defaultsToList name value) cfg.CustomSystemPreferences);
mkIfAttrs = list: mkIf (any (attrs: attrs != { }) list);
in
@ -75,6 +79,7 @@ in
menuExtraClock
dock
finder
hitoolbox
magicmouse
magicmouseBluetooth
screencapture
@ -85,6 +90,8 @@ in
universalaccess
ActivityMonitor
CustomUserPreferences
WindowManager
controlcenter
]
''
# Set defaults
@ -97,6 +104,7 @@ in
${concatStringsSep "\n" menuExtraClock}
${concatStringsSep "\n" dock}
${concatStringsSep "\n" finder}
${concatStringsSep "\n" hitoolbox}
${concatStringsSep "\n" magicmouse}
${concatStringsSep "\n" magicmouseBluetooth}
${concatStringsSep "\n" screencapture}
@ -107,6 +115,16 @@ in
${concatStringsSep "\n" universalaccess}
${concatStringsSep "\n" ActivityMonitor}
${concatStringsSep "\n" CustomUserPreferences}
${concatStringsSep "\n" WindowManager}
${concatStringsSep "\n" controlcenter}
${optionalString (length dock > 0) ''
# Only restart Dock if current user is logged in
if pgrep -xu $UID Dock >/dev/null; then
echo >&2 "restarting Dock..."
killall Dock || true
fi
''}
'';
};

17
modules/system/defaults/NSGlobalDomain.nix
View file

@ -7,7 +7,6 @@ let
inherit (config.lib.defaults.types) floatWithDeprecationError;
in {
options = {
system.defaults.NSGlobalDomain.AppleShowAllFiles = mkOption {
type = types.nullOr types.bool;
default = null;
@ -96,6 +95,14 @@ in {
'';
};
system.defaults.NSGlobalDomain.AppleSpacesSwitchOnActivate = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Whether or not to switch to a workspace that has a window of the application open, that is switched to. The default is true.
'';
};
system.defaults.NSGlobalDomain.NSAutomaticCapitalizationEnabled = mkOption {
type = types.nullOr types.bool;
default = null;
@ -104,6 +111,14 @@ in {
'';
};
system.defaults.NSGlobalDomain.NSAutomaticInlinePredictionEnabled = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Whether to enable inline predictive text. The default is true.
'';
};
system.defaults.NSGlobalDomain.NSAutomaticDashSubstitutionEnabled = mkOption {
type = types.nullOr types.bool;
default = null;

76
modules/system/defaults/WindowManager.nix Normal file
View file

@ -0,0 +1,76 @@
{ config, lib, ... }:
with lib;
{
options = {
system.defaults.WindowManager.GloballyEnabled = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Enable Stage Manager
Stage Manager arranges your recent windows into a single strip for reduced clutter and quick access. Default is false.
'';
};
system.defaults.WindowManager.EnableStandardClickToShowDesktop = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Click wallpaper to reveal desktop
Clicking your wallpaper will move all windows out of the way to allow access to your desktop items and widgets. Default is true.
false means "Only in Stage Manager"
true means "Always"
'';
};
system.defaults.WindowManager.AutoHide = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Auto hide stage strip showing recent apps. Default is false.
'';
};
system.defaults.WindowManager.AppWindowGroupingBehavior = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Grouping strategy when showing windows from an application.
false means "One at a time"
true means "All at once"
'';
};
system.defaults.WindowManager.StandardHideDesktopIcons = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Hide items on desktop.
'';
};
system.defaults.WindowManager.HideDesktop = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Hide items in Stage Manager.
'';
};
system.defaults.WindowManager.StandardHideWidgets = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Hide widgets on desktop.
'';
};
system.defaults.WindowManager.StageManagerHideWidgets = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Hide widgets in Stage Manager.
'';
};
};
}

8
modules/system/defaults/clock.nix
View file

@ -5,6 +5,14 @@ with lib;
{
options = {
system.defaults.menuExtraClock.FlashDateSeparators = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
When enabled, the clock indicator (which by default is the colon) will flash on and off each second. Default is null.
'';
};
system.defaults.menuExtraClock.IsAnalog = mkOption {
type = types.nullOr types.bool;
default = null;

100
modules/system/defaults/controlcenter.nix Normal file
View file

@ -0,0 +1,100 @@
{ config, lib, ... }:
{
options = {
system.defaults.controlcenter.BatteryShowPercentage = lib.mkOption {
type = lib.types.nullOr lib.types.bool;
default = null;
description = ''
Apple menu > System Preferences > Control Center > Battery
Show a battery percentage in menu bar. Default is null.
'';
};
system.defaults.controlcenter.Sound = lib.mkOption {
type = lib.types.nullOr lib.types.bool;
apply = v: if v == null then null else if v == true then 18 else 24;
default = null;
description = ''
Apple menu > System Preferences > Control Center > Sound
Show a sound control in menu bar . Default is null.
18 = Display icon in menu bar
24 = Hide icon in menu bar
'';
};
system.defaults.controlcenter.Bluetooth = lib.mkOption {
type = lib.types.nullOr lib.types.bool;
apply = v: if v == null then null else if v == true then 18 else 24;
default = null;
description = ''
Apple menu > System Preferences > Control Center > Bluetooth
Show a bluetooth control in menu bar. Default is null.
18 = Display icon in menu bar
24 = Hide icon in menu bar
'';
};
system.defaults.controlcenter.AirDrop = lib.mkOption {
type = lib.types.nullOr lib.types.bool;
apply = v: if v == null then null else if v == true then 18 else 24;
default = null;
description = ''
Apple menu > System Preferences > Control Center > AirDrop
Show a AirDrop control in menu bar. Default is null.
18 = Display icon in menu bar
24 = Hide icon in menu bar
'';
};
system.defaults.controlcenter.Display = lib.mkOption {
type = lib.types.nullOr lib.types.bool;
apply = v: if v == null then null else if v == true then 18 else 24;
default = null;
description = ''
Apple menu > System Preferences > Control Center > Display
Show a Screen Brightness control in menu bar. Default is null.
18 = Display icon in menu bar
24 = Hide icon in menu bar
'';
};
system.defaults.controlcenter.FocusModes = lib.mkOption {
type = lib.types.nullOr lib.types.bool;
apply = v: if v == null then null else if v == true then 18 else 24;
default = null;
description = ''
Apple menu > System Preferences > Control Center > Focus
Show a Focus control in menu bar. Default is null.
18 = Display icon in menu bar
24 = Hide icon in menu bar
'';
};
system.defaults.controlcenter.NowPlaying = lib.mkOption {
type = lib.types.nullOr lib.types.bool;
apply = v: if v == null then null else if v == true then 18 else 24;
default = null;
description = ''
Apple menu > System Preferences > Control Center > Now Playing
Show a Now Playing control in menu bar. Default is null.
18 = Display icon in menu bar
24 = Hide icon in menu bar
'';
};
};
}

18
modules/system/defaults/dock.nix
View file

@ -20,7 +20,7 @@ in {
type = types.nullOr types.bool;
default = null;
description = ''
Whether to automatically hide and show the dock. The default is false.
Whether to automatically hide and show the dock. The default is false.
'';
};
@ -159,6 +159,14 @@ in {
) value;
};
system.defaults.dock.scroll-to-open = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Scroll up on a Dock icon to show all Space's opened windows for an app, or open stack. The default is false.
'';
};
system.defaults.dock.show-process-indicators = mkOption {
type = types.nullOr types.bool;
default = null;
@ -183,6 +191,14 @@ in {
'';
};
system.defaults.dock.slow-motion-allowed = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Allow for slow-motion minimize effect while holding Shift key. The default is false.
'';
};
system.defaults.dock.static-only = mkOption {
type = types.nullOr types.bool;
default = null;

119
modules/system/defaults/finder.nix
View file

@ -1,7 +1,10 @@
{ config, lib, ... }:
with lib;
let
inherit (lib) mkOption types;
cfg = config.system.defaults.finder;
in
{
options = {
@ -38,6 +41,15 @@ with lib;
'';
};
system.defaults.finder.FXRemoveOldTrashItems = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Remove items in the trash after 30 days.
The default is false.
'';
};
system.defaults.finder.FXPreferredViewStyle = mkOption {
type = types.nullOr types.str;
default = null;
@ -52,7 +64,7 @@ with lib;
type = types.nullOr types.bool;
default = null;
description = ''
Whether to always show file extensions. The default is false.
Whether to always show file extensions. The default is false.
'';
};
@ -68,7 +80,39 @@ with lib;
type = types.nullOr types.bool;
default = null;
description = ''
Whether to allow quitting of the Finder. The default is false.
Whether to allow quitting of the Finder. The default is false.
'';
};
system.defaults.finder.ShowExternalHardDrivesOnDesktop = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Whether to show external disks on desktop. The default is true.
'';
};
system.defaults.finder.ShowHardDrivesOnDesktop = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Whether to show hard disks on desktop. The default is false.
'';
};
system.defaults.finder.ShowMountedServersOnDesktop = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Whether to show connected servers on desktop. The default is false.
'';
};
system.defaults.finder.ShowRemovableMediaOnDesktop = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Whether to show removable media (CDs, DVDs and iPods) on desktop. The default is true.
'';
};
@ -76,7 +120,23 @@ with lib;
type = types.nullOr types.bool;
default = null;
description = ''
Whether to show the full POSIX filepath in the window title. The default is false.
Whether to show the full POSIX filepath in the window title. The default is false.
'';
};
system.defaults.finder._FXSortFoldersFirst = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Keep folders on top when sorting by name. The default is false.
'';
};
system.defaults.finder._FXSortFoldersFirstOnDesktop = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Keep folders on top when sorting by name on the desktop. The default is false.
'';
};
@ -84,9 +144,58 @@ with lib;
type = types.nullOr types.bool;
default = null;
description = ''
Whether to show warnings when change the file extension of files. The default is true.
Whether to show warnings when change the file extension of files. The default is true.
'';
};
system.defaults.finder.NewWindowTarget = mkOption {
type = types.nullOr (types.enum [
"Computer"
"OS volume"
"Home"
"Desktop"
"Documents"
"Recents"
"iCloud Drive"
"Other"
]);
apply = key: if key == null then null else {
"Computer" = "PfCm";
"OS volume" = "PfVo";
"Home" = "PfHm";
"Desktop" = "PfDe";
"Documents" = "PfDo";
"Recents" = "PfAF";
"iCloud Drive" = "PfID";
"Other" = "PfLo";
}.${key};
default = null;
description = ''
Change the default folder shown in Finder windows. "Other" corresponds to the value of
NewWindowTargetPath. The default is unset ("Recents").
'';
};
system.defaults.finder.NewWindowTargetPath = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Sets the URI to open when NewWindowTarget is "Other". Spaces and similar characters must be
escaped. If the value is invalid, Finder will open your home directory.
Example: "file:///Users/foo/long%20cat%20pics".
The default is unset.
'';
};
};
config = {
assertions = [{
assertion = cfg.NewWindowTargetPath != null -> cfg.NewWindowTarget == "PfLo";
message = "`system.defaults.finder.NewWindowTarget` should be set to `Other` when `NewWindowTargetPath` is non-null.";
}
{
assertion = cfg.NewWindowTarget == "PfLo" -> cfg.NewWindowTargetPath != null;
message = "`system.defaults.finder.NewWindowTargetPath` should be non-null when `NewWindowTarget` is set to `Other`.";
}];
};
}

29
modules/system/defaults/hitoolbox.nix Normal file
View file

@ -0,0 +1,29 @@
{ lib, ... }:
{
options = {
system.defaults.hitoolbox.AppleFnUsageType = lib.mkOption {
type = lib.types.nullOr (lib.types.enum [
"Do Nothing"
"Change Input Source"
"Show Emoji & Symbols"
"Start Dictation"
]);
apply = key: if key == null then null else {
"Do Nothing" = 0;
"Change Input Source" = 1;
"Show Emoji & Symbols" = 2;
"Start Dictation" = 3;
}.${key};
default = null;
description = ''
Chooses what happens when you press the Fn key on the keyboard. A restart is required for
this setting to take effect.
The default is unset ("Show Emoji & Symbols").
'';
};
};
}

12
modules/system/defaults/screencapture.nix
View file

@ -29,6 +29,18 @@ with lib;
'';
};
system.defaults.screencapture.include-date = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Include date and time in screenshot filenames. The default is true.
Screenshot 2024-01-09 at 13.27.20.png would be an example for true.
Screenshot.png
Screenshot 1.png would be an example for false.
'';
};
system.defaults.screencapture.show-thumbnail = mkOption {
type = types.nullOr types.bool;
default = null;

14
modules/system/keyboard.nix
View file

@ -38,6 +38,12 @@ in
description = "Whether to swap the left Command key and left Alt key.";
};
system.keyboard.swapLeftCtrlAndFn = mkOption {
type = types.bool;
default = false;
description = "Whether to swap the left Control key and Fn (Globe) key.";
};
system.keyboard.userKeyMapping = mkOption {
internal = true;
type = types.listOf (types.attrsOf types.int);
@ -66,6 +72,14 @@ in
HIDKeyboardModifierMappingSrc = 30064771298;
HIDKeyboardModifierMappingDst = 30064771299;
})
(mkIf cfg.swapLeftCtrlAndFn {
HIDKeyboardModifierMappingSrc = 30064771296;
HIDKeyboardModifierMappingDst = 1095216660483;
})
(mkIf cfg.swapLeftCtrlAndFn {
HIDKeyboardModifierMappingSrc = 1095216660483;
HIDKeyboardModifierMappingDst = 30064771296;
})
];
system.activationScripts.keyboard.text = optionalString cfg.enableKeyMapping ''

41
modules/system/launchd.nix
View file

@ -105,19 +105,29 @@ in
${concatMapStringsSep "\n" (attr: launchdActivation "LaunchAgents" attr.target) launchAgents}
${concatMapStringsSep "\n" (attr: launchdActivation "LaunchDaemons" attr.target) launchDaemons}
for f in $(ls /run/current-system/Library/LaunchAgents 2> /dev/null); do
if test ! -e "${cfg.build.launchd}/Library/LaunchAgents/$f"; then
echo "removing service $(basename $f .plist)" >&2
for f in /run/current-system/Library/LaunchAgents/*; do
[[ -e "$f" ]] || break # handle when directory is empty
f=''${f#/run/current-system/Library/LaunchAgents/}
if [[ ! -e "${cfg.build.launchd}/Library/LaunchAgents/$f" ]]; then
echo "removing service $(basename "$f" .plist)" >&2
launchctl unload "/Library/LaunchAgents/$f" || true
if test -e "/Library/LaunchAgents/$f"; then rm -f "/Library/LaunchAgents/$f"; fi
if [[ -e "/Library/LaunchAgents/$f" ]]; then
rm -f "/Library/LaunchAgents/$f"
fi
fi
done
for f in $(ls /run/current-system/Library/LaunchDaemons 2> /dev/null); do
if test ! -e "${cfg.build.launchd}/Library/LaunchDaemons/$f"; then
echo "removing service $(basename $f .plist)" >&2
for f in /run/current-system/Library/LaunchDaemons/*; do
[[ -e "$f" ]] || break # handle when directory is empty
f=''${f#/run/current-system/Library/LaunchDaemons/}
if [[ ! -e "${cfg.build.launchd}/Library/LaunchDaemons/$f" ]]; then
echo "removing service $(basename "$f" .plist)" >&2
launchctl unload "/Library/LaunchDaemons/$f" || true
if test -e "/Library/LaunchDaemons/$f"; then rm -f "/Library/LaunchDaemons/$f"; fi
if [[ -e "/Library/LaunchDaemons/$f" ]]; then
rm -f "/Library/LaunchDaemons/$f"
fi
fi
done
'';
@ -133,11 +143,16 @@ in
''}
${concatMapStringsSep "\n" (attr: userLaunchdActivation attr.target) userLaunchAgents}
for f in $(ls /run/current-system/user/Library/LaunchAgents 2> /dev/null); do
if test ! -e "${cfg.build.launchd}/user/Library/LaunchAgents/$f"; then
echo "removing user service $(basename $f .plist)" >&2
launchctl unload ~/Library/LaunchAgents/$f || true
if test -e ~/Library/LaunchAgents/$f; then rm -f ~/Library/LaunchAgents/$f; fi
for f in /run/current-system/user/Library/LaunchAgents/*; do
[[ -e "$f" ]] || break # handle when directory is empty
f=''${f#/run/current-system/user/Library/LaunchAgents/}
if [[ ! -e "${cfg.build.launchd}/user/Library/LaunchAgents/$f" ]]; then
echo "removing user service $(basename "$f" .plist)" >&2
launchctl unload ~/Library/LaunchAgents/"$f" || true
if [[ -e ~/Library/LaunchAgents/"$f" ]]; then
rm -f ~/Library/LaunchAgents/"$f"
fi
fi
done
'';

15
modules/system/patches.nix
View file

@ -30,9 +30,9 @@ in
Set of patches to apply to {file}`/`.
::: {.warning}
This can modify everything so use with caution.
:::
Useful for safely changing system files. Unlike the etc module this
@ -56,10 +56,13 @@ in
# Applying patches to /.
echo "applying patches..." >&2
for f in $(ls /run/current-system/patches 2> /dev/null); do
if test ! -e "${config.system.build.patches}/patches/$f"; then
patch --force --reverse --backup -d / -p1 < "/run/current-system/patches/$f" || true
fi
for f in /run/current-system/patches/*; do
[[ -e "$f" ]] || break # handle when directory is empty
f=''${f#/run/current-system/patches/}
if [[ ! -e "${config.system.build.patches}/patches/$f" ]]; then
patch --force --reverse --backup -d / -p1 < "/run/current-system/patches/$f" || true
fi
done
${concatMapStringsSep "\n" (f: ''

12
modules/system/shells.nix
View file

@ -14,9 +14,15 @@ in
example = literalExpression "[ pkgs.bashInteractive pkgs.zsh ]";
description = ''
A list of permissible login shells for user accounts.
No need to mention `/bin/sh`
and other shells that are available by default on
macOS.
The default macOS shells will be automatically included:
- /bin/bash
- /bin/csh
- /bin/dash
- /bin/ksh
- /bin/sh
- /bin/tcsh
- /bin/zsh
'';
apply = map (v: if types.shellPackage.check v then "/run/current-system/sw${v.shellPath}" else v);
};

34
modules/system/version.nix
View file

@ -5,8 +5,6 @@ with lib;
let
cfg = config.system;
defaultStateVersion = options.system.stateVersion.default;
# Based on `lib.trivial.revisionWithDefault` from nixpkgs.
gitRevision = path:
if pathIsGitRepo "${path}/.git"
@ -34,8 +32,9 @@ in
{
options = {
system.stateVersion = mkOption {
type = types.int;
default = 4;
type = types.ints.between 1 config.system.maxStateVersion;
# TODO: Remove this default and the assertion below.
default = config.system.maxStateVersion;
description = ''
Every once in a while, a new NixOS release may change
configuration defaults in a way incompatible with stateful
@ -49,6 +48,12 @@ in
'';
};
system.maxStateVersion = mkOption {
internal = true;
type = types.int;
default = 5;
};
system.darwinLabel = mkOption {
type = types.str;
description = "Label to be used in the names of generated outputs.";
@ -121,9 +126,22 @@ in
# documentation is not reprocessed on every commit
system.darwinLabel = mkDefault "${cfg.nixpkgsVersion}+${cfg.darwinVersion}";
assertions = [ {
assertion = cfg.stateVersion <= defaultStateVersion;
message = "system.stateVersion = ${toString cfg.stateVersion}; is not a valid value";
} ];
assertions = [
{
assertion = options.system.stateVersion.highestPrio != (lib.mkOptionDefault { }).priority;
message = ''
The `system.stateVersion` option is not defined in your
nix-darwin configuration. The value is used to conditionalize
backwardsincompatible changes in default settings. You should
usually set this once when installing nix-darwin on a new system
and then never change it (at least without reading all the relevant
entries in the changelog using `darwin-rebuild changelog`).
You can use the current value for new installations as follows:
system.stateVersion = ${toString config.system.maxStateVersion};
'';
}
];
};
}

2
modules/time/default.nix
View file

@ -7,7 +7,7 @@ let
cfg = config.time;
timeZone = optionalString (cfg.timeZone != null) ''
if [ -z $(systemsetup -listtimezones | grep "^ ${cfg.timeZone}$") ]; then
if ! systemsetup -listtimezones | grep -q "^ ${cfg.timeZone}$"; then
echo "${cfg.timeZone} is not a valid timezone. The command 'listtimezones' will show a list of valid time zones." >&2
false
fi

255
modules/users/default.nix
View file

@ -1,14 +1,16 @@
{ config, lib, pkgs, ... }:
with lib;
let
inherit (lib) concatStringsSep concatMapStringsSep elem escapeShellArg
escapeShellArgs filter filterAttrs flatten flip mapAttrs' mapAttrsToList
mkAfter mkIf mkMerge mkOption mkOrder mkRemovedOptionModule optionals
optionalString types;
cfg = config.users;
group = import ./group.nix;
user = import ./user.nix;
toArguments = concatMapStringsSep " " (v: "'${v}'");
toGID = v: { "${toString v.gid}" = v.name; };
toUID = v: { "${toString v.uid}" = v.name; };
@ -32,9 +34,19 @@ let
then "/run/current-system/sw${v.shellPath}"
else v;
systemShells =
let
shells = mapAttrsToList (_: u: u.shell) cfg.users;
in
filter types.shellPackage.check shells;
in
{
imports = [
(mkRemovedOptionModule [ "users" "forceRecreate" ] "")
];
options = {
users.knownGroups = mkOption {
type = types.listOf types.str;
@ -79,62 +91,185 @@ in
type = types.attrsOf types.str;
default = {};
};
users.forceRecreate = mkOption {
internal = true;
type = types.bool;
default = false;
description = "Remove and recreate existing groups/users.";
};
};
config = {
assertions = [
{
# We don't check `root` like the rest of the users as on some systems `root`'s
# home directory is set to `/var/root /private/var/root`
assertion = cfg.users ? root -> (cfg.users.root.home == null || cfg.users.root.home == "/var/root");
message = "`users.users.root.home` must be set to either `null` or `/var/root`.";
}
{
assertion = !builtins.elem "root" deletedUsers;
message = "Remove `root` from `users.knownUsers` if you no longer want nix-darwin to manage it.";
}
] ++ flatten (flip mapAttrsToList cfg.users (name: user:
map (shell: {
assertion = let
s = user.shell.pname or null;
in
!user.ignoreShellProgramCheck -> (s == shell || (shell == "bash" && s == "bash-interactive")) -> (config.programs.${shell}.enable == true);
message = ''
users.users.${user.name}.shell is set to ${shell}, but
programs.${shell}.enable is not true. This will cause the ${shell}
shell to lack the basic Nix directories in its PATH and might make
logging in as that user impossible. You can fix it with:
programs.${shell}.enable = true;
If you know what you're doing and you are fine with the behavior,
set users.users.${user.name}.ignoreShellProgramCheck = true;
instead.
'';
}) [
"bash"
"fish"
"zsh"
]
));
warnings = flatten (flip mapAttrsToList cfg.users (name: user:
mkIf
(user.shell.pname or null == "bash")
"Set `users.users.${name}.shell = pkgs.bashInteractive;` instead of `pkgs.bash` as it does not include `readline`."
));
users.gids = mkMerge gids;
users.uids = mkMerge uids;
# NOTE: We put this in `system.checks` as we want this to run first to avoid partial activations
# however currently that runs at user level activation as that runs before system level activation
# TODO: replace `$USER` with `$SUDO_USER` when system.checks runs from system level
system.checks.text = mkIf (builtins.length (createdUsers ++ deletedUsers) > 0) (mkAfter ''
ensurePerms() {
homeDirectory=$(dscl . -read /Users/nobody NFSHomeDirectory)
homeDirectory=''${homeDirectory#NFSHomeDirectory: }
if ! sudo dscl . -change /Users/nobody NFSHomeDirectory "$homeDirectory" "$homeDirectory" &> /dev/null; then
if [[ -n "$SSH_CONNECTION" ]]; then
printf >&2 '\e[1;31merror: users cannot be %s over SSH without Full Disk Access, aborting activation\e[0m\n' "$2"
# shellcheck disable=SC2016
printf >&2 'The user %s could not be %s as `darwin-rebuild` was not executed with Full Disk Access over SSH.\n' "$1" "$2"
printf >&2 'You can either:\n'
printf >&2 '\n'
printf >&2 ' grant Full Disk Access to all programs run over SSH\n'
printf >&2 '\n'
printf >&2 'or\n'
printf >&2 '\n'
# shellcheck disable=SC2016
printf >&2 ' run `darwin-rebuild` in a graphical session.\n'
printf >&2 '\n'
printf >&2 'The option "Allow full disk access for remote users" can be found by\n'
printf >&2 'navigating to System Settings > General > Sharing > Remote Login\n'
printf >&2 'and then pressing on the i icon next to the switch.\n'
exit 1
else
# The TCC service required to change home directories is `kTCCServiceSystemPolicySysAdminFiles`
# and we can reset it to ensure the user gets another prompt
tccutil reset SystemPolicySysAdminFiles > /dev/null
if ! sudo dscl . -change /Users/nobody NFSHomeDirectory "$homeDirectory" "$homeDirectory" &> /dev/null; then
printf >&2 '\e[1;31merror: permission denied when trying to %s user %s, aborting activation\e[0m\n' "$2" "$1"
# shellcheck disable=SC2016
printf >&2 '`darwin-rebuild` requires permissions to administrate your computer,\n'
printf >&2 'please accept the dialog that pops up.\n'
printf >&2 '\n'
# shellcheck disable=SC2016
printf >&2 'If you do not wish to be prompted every time `darwin-rebuild updates your users,\n'
printf >&2 'you can grant Full Disk Access to your terminal emulator in System Settings.\n'
printf >&2 '\n'
printf >&2 'This can be found in System Settings > Privacy & Security > Full Disk Access.\n'
exit 1
fi
fi
fi
}
${concatMapStringsSep "\n" (v: let
name = escapeShellArg v.name;
dsclUser = escapeShellArg "/Users/${v.name}";
in ''
u=$(id -u ${name} 2> /dev/null) || true
if ! [[ -n "$u" && "$u" -ne "${toString v.uid}" ]]; then
if [ -z "$u" ]; then
ensurePerms ${name} create
${optionalString (v.home != null && v.name != "root") ''
else
homeDirectory=$(dscl . -read ${dsclUser} NFSHomeDirectory)
homeDirectory=''${homeDirectory#NFSHomeDirectory: }
if [[ ${escapeShellArg v.home} != "$homeDirectory" ]]; then
printf >&2 '\e[1;31merror: config contains the wrong home directory for %s, aborting activation\e[0m\n' ${name}
printf >&2 'nix-darwin does not support changing the home directory of existing users.\n'
printf >&2 '\n'
printf >&2 'Please set:\n'
printf >&2 '\n'
printf >&2 ' users.users.%s.home = "%s";\n' ${name} "$homeDirectory"
printf >&2 '\n'
printf >&2 'or remove it from your configuration.\n'
exit 1
fi
''}
fi
fi
'') createdUsers}
${concatMapStringsSep "\n" (v: let
name = escapeShellArg v;
in ''
u=$(id -u ${name} 2> /dev/null) || true
if [ -n "$u" ]; then
if [ "$u" -gt 501 ]; then
# TODO: add `darwin.primaryUser` as well
if [[ ${name} == "$USER" ]]; then
# shellcheck disable=SC2016
printf >&2 '\e[1;31merror: refusing to delete the user calling `darwin-rebuild` (%s), aborting activation\e[0m\n', ${name}
exit 1
fi
ensurePerms ${name} delete
fi
fi
'') deletedUsers}
'');
system.activationScripts.groups.text = mkIf (cfg.knownGroups != []) ''
echo "setting up groups..." >&2
${concatMapStringsSep "\n" (v: ''
${optionalString cfg.forceRecreate ''
g=$(dscl . -read '/Groups/${v.name}' PrimaryGroupID 2> /dev/null) || true
g=''${g#PrimaryGroupID: }
if [[ "$g" -eq ${toString v.gid} ]]; then
echo "deleting group ${v.name}..." >&2
dscl . -delete '/Groups/${v.name}' 2> /dev/null
else
echo "warning: existing group '${v.name}' has unexpected gid $g, skipping..." >&2
fi
''}
g=$(dscl . -read '/Groups/${v.name}' PrimaryGroupID 2> /dev/null) || true
${concatMapStringsSep "\n" (v: let
dsclGroup = escapeShellArg "/Groups/${v.name}";
in ''
g=$(dscl . -read ${dsclGroup} PrimaryGroupID 2> /dev/null) || true
g=''${g#PrimaryGroupID: }
if [ -z "$g" ]; then
echo "creating group ${v.name}..." >&2
dscl . -create '/Groups/${v.name}' PrimaryGroupID ${toString v.gid}
dscl . -create '/Groups/${v.name}' RealName '${v.description}'
dscl . -create ${dsclGroup} PrimaryGroupID ${toString v.gid}
dscl . -create ${dsclGroup} RealName ${escapeShellArg v.description}
g=${toString v.gid}
fi
if [ "$g" -eq ${toString v.gid} ]; then
g=$(dscl . -read '/Groups/${v.name}' GroupMembership 2> /dev/null) || true
g=$(dscl . -read ${dsclGroup} GroupMembership 2> /dev/null) || true
if [ "$g" != 'GroupMembership: ${concatStringsSep " " v.members}' ]; then
echo "updating group members ${v.name}..." >&2
dscl . -create '/Groups/${v.name}' GroupMembership ${toArguments v.members}
dscl . -create ${dsclGroup} GroupMembership ${escapeShellArgs v.members}
fi
else
echo "warning: existing group '${v.name}' has unexpected gid $g, skipping..." >&2
fi
'') createdGroups}
${concatMapStringsSep "\n" (name: ''
g=$(dscl . -read '/Groups/${name}' PrimaryGroupID 2> /dev/null) || true
${concatMapStringsSep "\n" (name: let
dsclGroup = escapeShellArg "/Groups/${name}";
in ''
g=$(dscl . -read ${dsclGroup} PrimaryGroupID 2> /dev/null) || true
g=''${g#PrimaryGroupID: }
if [ -n "$g" ]; then
if [ "$g" -gt 501 ]; then
echo "deleting group ${name}..." >&2
dscl . -delete '/Groups/${name}' 2> /dev/null
dscl . -delete ${dsclGroup}
else
echo "warning: existing group '${name}' has unexpected gid $g, skipping..." >&2
fi
@ -145,44 +280,51 @@ in
system.activationScripts.users.text = mkIf (cfg.knownUsers != []) ''
echo "setting up users..." >&2
${concatMapStringsSep "\n" (v: ''
${optionalString cfg.forceRecreate ''
u=$(dscl . -read '/Users/${v.name}' UniqueID 2> /dev/null) || true
u=''${u#UniqueID: }
if [[ "$u" -eq ${toString v.uid} ]]; then
echo "deleting user ${v.name}..." >&2
dscl . -delete '/Users/${v.name}' 2> /dev/null
else
echo "warning: existing user '${v.name}' has unexpected uid $u, skipping..." >&2
fi
''}
u=$(dscl . -read '/Users/${v.name}' UniqueID 2> /dev/null) || true
u=''${u#UniqueID: }
${concatMapStringsSep "\n" (v: let
name = escapeShellArg v.name;
dsclUser = escapeShellArg "/Users/${v.name}";
in ''
u=$(id -u ${name} 2> /dev/null) || true
if [[ -n "$u" && "$u" -ne "${toString v.uid}" ]]; then
echo "warning: existing user '${v.name}' has unexpected uid $u, skipping..." >&2
else
if [ -z "$u" ]; then
echo "creating user ${v.name}..." >&2
dscl . -create '/Users/${v.name}' UniqueID ${toString v.uid}
dscl . -create '/Users/${v.name}' PrimaryGroupID ${toString v.gid}
dscl . -create '/Users/${v.name}' IsHidden ${if v.isHidden then "1" else "0"}
dscl . -create '/Users/${v.name}' RealName '${v.description}'
dscl . -create '/Users/${v.name}' NFSHomeDirectory '${v.home}'
${optionalString v.createHome "createhomedir -cu '${v.name}'"}
sysadminctl -addUser ${escapeShellArgs ([
v.name
"-UID" v.uid
"-GID" v.gid ]
++ (optionals (v.description != null) [ "-fullName" v.description ])
++ [ "-home" (if v.home != null then v.home else "/var/empty") ]
++ [ "-shell" (if v.shell != null then shellPath v.shell else "/usr/bin/false") ])} 2> /dev/null
# We need to check as `sysadminctl -addUser` still exits with exit code 0 when there's an error
if ! id ${name} &> /dev/null; then
printf >&2 '\e[1;31merror: failed to create user %s, aborting activation\e[0m\n' ${name}
exit 1
fi
dscl . -create ${dsclUser} IsHidden ${if v.isHidden then "1" else "0"}
# `sysadminctl -addUser` won't create the home directory if we use the `-home`
# flag so we need to do it ourselves
${optionalString (v.home != null && v.createHome) "createhomedir -cu ${name} > /dev/null"}
fi
# Always set the shell path, in case it was updated
dscl . -create '/Users/${v.name}' UserShell ${lib.escapeShellArg (shellPath v.shell)}
# Update properties on known users to keep them inline with configuration
dscl . -create ${dsclUser} PrimaryGroupID ${toString v.gid}
${optionalString (v.description != null) "dscl . -create ${dsclUser} RealName ${escapeShellArg v.description}"}
${optionalString (v.shell != null) "dscl . -create ${dsclUser} UserShell ${escapeShellArg (shellPath v.shell)}"}
fi
'') createdUsers}
${concatMapStringsSep "\n" (name: ''
u=$(dscl . -read '/Users/${name}' UniqueID 2> /dev/null) || true
u=''${u#UniqueID: }
u=$(id -u ${escapeShellArg name} 2> /dev/null) || true
if [ -n "$u" ]; then
if [ "$u" -gt 501 ]; then
echo "deleting user ${name}..." >&2
dscl . -delete '/Users/${name}' 2> /dev/null
dscl . -delete ${escapeShellArg "/Users/${name}"}
else
echo "warning: existing user '${name}' has unexpected uid $u, skipping..." >&2
fi
@ -190,6 +332,9 @@ in
'') deletedUsers}
'';
# Install all the user shells
environment.systemPackages = systemShells;
environment.etc = mapAttrs' (name: { packages, ... }: {
name = "profiles/per-user/${name}";
value.source = pkgs.buildEnv {

18
modules/users/group.nix
View file

@ -1,11 +1,12 @@
{ name, lib, ... }:
with lib;
{
options = {
options = let
inherit (lib) mkOption types;
in {
name = mkOption {
type = types.str;
default = name;
description = ''
The group's name. If undefined, the name of the attribute set
will be used.
@ -13,10 +14,7 @@ with lib;
};
gid = mkOption {
type = mkOptionType {
name = "gid";
check = t: isInt t && t > 501;
};
type = types.int;
description = "The group's GID.";
};
@ -32,10 +30,4 @@ with lib;
description = "The group's description.";
};
};
config = {
name = mkDefault name;
};
}

61
modules/users/user.nix
View file

@ -1,11 +1,12 @@
{ name, lib, ... }:
with lib;
{
options = {
options = let
inherit (lib) literalExpression mkOption types;
in {
name = mkOption {
type = types.str;
type = types.nonEmptyStr;
default = name;
description = ''
The name of the user account. If undefined, the name of the
attribute set will be used.
@ -13,12 +14,18 @@ with lib;
};
description = mkOption {
type = types.str;
default = "";
type = types.nullOr types.nonEmptyStr;
default = null;
example = "Alice Q. User";
description = ''
A short description of the user account, typically the
user's full name.
This defaults to `null` which means, on creation, `sysadminctl`
will pick the description which is usually always {option}`name`.
Using an empty name is not supported and breaks macOS like
making the user not appear in Directory Utility.
'';
};
@ -46,9 +53,15 @@ with lib;
# };
home = mkOption {
type = types.path;
default = "/var/empty";
description = "The user's home directory.";
type = types.nullOr types.path;
default = null;
description = ''
The user's home directory. This defaults to `null`.
When this is set to `null`, if the user has not been created yet,
they will be created with the home directory `/var/empty` to match
the old default.
'';
};
createHome = mkOption {
@ -58,10 +71,28 @@ with lib;
};
shell = mkOption {
type = types.either types.shellPackage types.path;
default = "/sbin/nologin";
type = types.nullOr (types.either types.shellPackage types.path);
default = null;
example = literalExpression "pkgs.bashInteractive";
description = "The user's shell.";
description = ''
The user's shell. This defaults to `null`.
When this is set to `null`, if the user has not been created yet,
they will be created with the shell `/usr/bin/false` to prevent
interactive login. If the user already exists, the value is
considered managed by macOS and `nix-darwin` will not change it.
'';
};
ignoreShellProgramCheck = mkOption {
type = types.bool;
default = false;
description = ''
By default, nix-darwin will check that programs.SHELL.enable is set to
true if the user has a custom shell specified. If that behavior isn't
required and there are custom overrides in place to make sure that the
shell is functional, set this to true.
'';
};
packages = mkOption {
@ -75,10 +106,4 @@ with lib;
'';
};
};
config = {
name = mkDefault name;
};
}

147
pkgs/darwin-installer/default.nix
View file

@ -1,147 +0,0 @@
{ stdenv, nix, pkgs, nix-darwin }:
let
nixPath = pkgs.lib.concatStringsSep ":" [
"darwin=${nix-darwin}"
"nixpkgs=${pkgs.path}"
"$HOME/.nix-defexpr/channels"
"/nix/var/nix/profiles/per-user/root/channels"
"$NIX_PATH"
];
in
stdenv.mkDerivation {
name = "darwin-installer";
preferLocalBuild = true;
unpackPhase = ":";
installPhase = ''
mkdir -p $out/bin
echo "$shellHook" > $out/bin/darwin-installer
chmod +x $out/bin/darwin-installer
'';
shellHook = ''
#!${stdenv.shell}
set -e
_PATH=$PATH
export PATH=/nix/var/nix/profiles/default/bin:${nix}/bin:${pkgs.gnused}/bin:${pkgs.openssh}/bin:/usr/bin:/bin:/usr/sbin:/sbin
action=switch
while [ "$#" -gt 0 ]; do
i="$1"; shift 1
case "$i" in
--help)
echo "darwin-installer: [--help] [--check]"
exit
;;
--check)
action=check
;;
esac
done
echo >&2
echo >&2 "Installing nix-darwin..."
echo >&2
config="$HOME/.nixpkgs/darwin-configuration.nix"
if ! test -f "$config"; then
echo "copying example configuration.nix" >&2
mkdir -p "$HOME/.nixpkgs"
cp "${../../modules/examples/simple.nix}" "$config"
chmod u+w "$config"
# Enable nix-daemon service for multi-user installs.
if [ ! -w /nix/var/nix/db ]; then
sed -i 's/# services.nix-daemon.enable/services.nix-daemon.enable/' "$config"
fi
fi
# Skip when stdin is not a tty, eg.
# $ yes | darwin-installer
if test -t 0; then
read -p "Would you like to edit the default configuration.nix before starting? [y/N] " i
case "$i" in
y|Y)
PATH=$_PATH ''${EDITOR:-nano} "$config"
;;
esac
fi
i=y
darwinPath=$(NIX_PATH=$HOME/.nix-defexpr/channels nix-instantiate --eval -E '<darwin>' 2> /dev/null) || true
if ! test -e "$darwinPath"; then
if test -t 0; then
read -p "Would you like to manage <darwin> with nix-channel? [y/N] " i
fi
case "$i" in
y|Y)
nix-channel --add https://github.com/LnL7/nix-darwin/archive/master.tar.gz darwin
nix-channel --update
;;
esac
fi
export NIX_PATH=${nixPath}
system=$(nix-build '<darwin>' -I "darwin-config=$config" -A system --no-out-link --show-trace)
export PATH=$system/sw/bin:$PATH
darwin-rebuild "$action" -I "darwin-config=$config"
echo >&2
echo >&2 " Open '$config' to get started."
echo >&2 " See the README for more information: https://github.com/LnL7/nix-darwin/blob/master/README.md"
echo >&2
echo >&2 " Don't forget to start a new shell or source /etc/static/bashrc."
echo >&2
exit
'';
passthru.check = stdenv.mkDerivation {
name = "run-darwin-test";
shellHook = ''
set -e
echo >&2 "running installer tests..."
echo >&2
echo >&2 "checking configuration.nix"
test -f ~/.nixpkgs/darwin-configuration.nix
test -w ~/.nixpkgs/darwin-configuration.nix
echo >&2 "checking darwin channel"
readlink ~/.nix-defexpr/channels/darwin
test -e ~/.nix-defexpr/channels/darwin
echo >&2 "checking /etc"
readlink /etc/static
test -e /etc/static
echo >&2 "checking profile"
cat /etc/profile
grep -v nix-daemon.sh /etc/profile
echo >&2 "checking /run/current-system"
readlink /run
test -e /run
readlink /run/current-system
test -e /run/current-system
echo >&2 "checking system profile"
readlink /nix/var/nix/profiles/system
test -e /nix/var/nix/profiles/system
echo >&2 "checking bash environment"
env -i USER=john HOME=/Users/john bash -li -c 'echo $PATH'
env -i USER=john HOME=/Users/john bash -li -c 'echo $PATH' | grep /Users/john/.nix-profile/bin:/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin
env -i USER=john HOME=/Users/john bash -li -c 'echo $NIX_PATH'
env -i USER=john HOME=/Users/john bash -li -c 'echo $NIX_PATH' | grep darwin-config=/Users/john/.nixpkgs/darwin-configuration.nix:/nix/var/nix/profiles/per-user/root/channels
echo >&2 "checking zsh environment"
env -i USER=john HOME=/Users/john zsh -l -c 'echo $PATH'
env -i USER=john HOME=/Users/john zsh -l -c 'echo $PATH' | grep /Users/john/.nix-profile/bin:/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin
env -i USER=john HOME=/Users/john zsh -l -c 'echo $NIX_PATH'
env -i USER=john HOME=/Users/john zsh -l -c 'echo $NIX_PATH' | grep darwin-config=/Users/john/.nixpkgs/darwin-configuration.nix:/nix/var/nix/profiles/per-user/root/channels
echo >&2 ok
exit
'';
};
}

45
pkgs/darwin-uninstaller/configuration.nix
View file

@ -1,4 +1,4 @@
{ lib, ... }:
{ lib, pkgs, ... }:
with lib;
@ -7,46 +7,49 @@ with lib;
assertions = mkForce [];
system.activationScripts.checks.text = mkForce "";
# Disable etc, launchd, ...
environment.etc = mkForce {};
launchd.agents = mkForce {};
launchd.daemons = mkForce {};
launchd.user.agents = mkForce {};
# Don't try to reload `nix-daemon`
nix.useDaemon = mkForce false;
system.activationScripts.postUserActivation.text = mkAfter ''
if test -L ~/.nix-defexpr/channels/darwin; then
if [[ -L ~/.nix-defexpr/channels/darwin ]]; then
nix-channel --remove darwin || true
fi
'';
system.activationScripts.postActivation.text = mkAfter ''
if test -L /Applications/Nix\ Apps; then
if [[ -L /Applications/Nix\ Apps ]]; then
rm /Applications/Nix\ Apps
fi
if test -L /etc/static; then
if [[ -L /etc/static ]]; then
rm /etc/static
fi
if test -O /nix/store; then
if ! test -e /Library/LaunchDaemons/org.nixos.nix-daemon.plist; then
sudo rm /Library/LaunchDaemons/org.nixos.nix-daemon.plist || true
sudo launchctl remove org.nixos.nix-daemon 2> /dev/null || true
# If the Nix Store is owned by root then we're on a multi-user system
if [[ -O /nix/store ]]; then
if [[ -e /nix/var/nix/profiles/default/Library/LaunchDaemons/org.nixos.nix-daemon.plist ]]; then
sudo cp /nix/var/nix/profiles/default/Library/LaunchDaemons/org.nixos.nix-daemon.plist /Library/LaunchDaemons/org.nixos.nix-daemon.plist
sudo launchctl load -w /Library/LaunchDaemons/org.nixos.nix-daemon.plist
fi
if ! grep -q etc/profile.d/nix-daemon.sh /etc/bashrc; then
echo >&2 "Found no nix-daemon.sh reference in /etc/bashrc"
echo >&2 "add this snippet back to /etc/bashrc:"
echo >&2
echo >&2 " # Nix"
echo >&2 " if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then"
echo >&2 " . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'"
echo >&2 " fi"
echo >&2 " # End Nix"
echo >&2
fi
fi
# grep will return 1 when no lines matched which makes this line fail with `set -eo pipefail`
dscl . -list /Users UserShell | { grep "\s/run/" || true; } | awk '{print $1}' | while read -r user; do
shell=$(dscl . -read /Users/"$user" UserShell)
if [[ "$shell" != */bin/zsh ]]; then
echo >&2 "warning: changing $user's shell from $shell to /bin/zsh"
fi
dscl . -create /Users/"$user" UserShell /bin/zsh
done
while IFS= read -r -d "" file; do
mv "$file" "''${file%.*}"
done < <(find /etc -name '*.before-nix-darwin' -follow -print0)
'';
}

115
pkgs/darwin-uninstaller/default.nix
View file

@ -1,4 +1,4 @@
{ stdenv, lib, pkgs }:
{ lib, path, stdenv, writeShellApplication }:
let
uninstallSystem = import ../../eval-config.nix {
@ -6,39 +6,23 @@ let
modules = [
./configuration.nix
{
nixpkgs.source = pkgs.path;
nixpkgs.hostPlatform = pkgs.stdenv.hostPlatform.system;
nixpkgs.source = path;
nixpkgs.hostPlatform = stdenv.hostPlatform.system;
system.includeUninstaller = false;
}
];
};
in
stdenv.mkDerivation {
in writeShellApplication {
name = "darwin-uninstaller";
preferLocalBuild = true;
unpackPhase = ":";
installPhase = ''
mkdir -p $out/bin
echo "$shellHook" > $out/bin/darwin-uninstaller
chmod +x $out/bin/darwin-uninstaller
'';
shellHook = ''
#!${stdenv.shell}
set -e
action=switch
text = ''
while [ "$#" -gt 0 ]; do
i="$1"; shift 1
case "$i" in
--help)
echo "darwin-uninstaller: [--help]"
exit
;;
esac
i="$1"; shift 1
case "$i" in
--help)
echo "darwin-uninstaller: [--help]"
exit
;;
esac
done
echo >&2
@ -47,54 +31,67 @@ stdenv.mkDerivation {
echo >&2 " - remove /Applications/Nix Apps symlink"
echo >&2 " - cleanup static /etc files"
echo >&2 " - disable and remove all launchd services managed by nix-darwin"
echo >&2 " - restore daemon service from nix installer (only when this is a multi-user install)"
if [[ $(stat -f '%Su' /nix/store) == "root" ]]; then
echo >&2 " - restore nix-daemon service from nix installer as this is a multi-user install"
fi
echo >&2
if test -t 0; then
read -p "Proceed? [y/n] " i
case "$i" in
y|Y)
;;
*)
exit 3
;;
esac
if [[ -t 0 ]]; then
read -r -p "Proceed? [y/n] " i
case "$i" in
y|Y)
;;
*)
exit 3
;;
esac
fi
${uninstallSystem.system}/sw/bin/darwin-rebuild activate
if test -L /run/current-system; then
if [[ -L /run/current-system ]]; then
sudo rm /run/current-system
fi
if [[ -L /run ]]; then
if [[ -e /etc/synthetic.conf ]]; then
sudo sed -i -E '/^run[[:space:]]/d' /etc/synthetic.conf
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B &>/dev/null || true
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t &>/dev/null || true
echo >&2 "NOTE: the /run symlink will be removed on reboot"
else
sudo rm /run
fi
fi
echo >&2
echo >&2 "NOTE: The /nix/var/nix/profiles/system* profiles still exist and won't be garbage collected."
echo >&2
echo >&2 "Done!"
echo >&2
exit
'';
passthru.check = stdenv.mkDerivation {
name = "run-darwin-test";
shellHook = ''
set -e
echo >&2 "running uninstaller tests..."
echo >&2
derivationArgs.passthru.tests.uninstaller = writeShellApplication {
name = "post-uninstall-test";
text = ''
echo >&2 "running uninstaller tests..."
echo >&2
echo >&2 "checking darwin channel"
! test -e ~/.nix-defexpr/channels/darwin
echo >&2 "checking /etc"
! test -e /etc/static
echo >&2 "checking /run/current-system"
! test -e /run/current-system
echo >&2 "checking nix-daemon service (assuming a multi-user install)"
sudo launchctl list | grep org.nixos.nix-daemon || echo "FIXME? sudo launchctl list | grep org.nixos.nix-daemon"
pgrep -l nix-daemon || echo "FIXME? pgrep -l nix-daemon"
readlink /Library/LaunchDaemons/org.nixos.nix-daemon.plist || echo "FIXME? readlink /Library/LaunchDaemons/org.nixos.nix-daemon.plist"
grep /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt /Library/LaunchDaemons/org.nixos.nix-daemon.plist || echo "FIXME? grep /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt /Library/LaunchDaemons/org.nixos.nix-daemon.plist"
echo >&2 ok
exit
echo >&2 "checking darwin channel"
test -e ~/.nix-defexpr/channels/darwin && exit 1
echo >&2 "checking /etc"
test -e /etc/static && exit 1
echo >&2 "checking /run/current-system"
test -e /run/current-system && exit 1
if [[ $(stat -f '%Su' /nix/store) == "root" ]]; then
echo >&2 "checking nix-daemon service"
launchctl print system/org.nixos.nix-daemon
pgrep -l nix-daemon
test -e /Library/LaunchDaemons/org.nixos.nix-daemon.plist
[[ "$(shasum -a 256 /Library/LaunchDaemons/org.nixos.nix-daemon.plist | awk '{print $1}')" == "$(shasum -a 256 /Library/LaunchDaemons/org.nixos.nix-daemon.plist | awk '{print $1}')" ]]
nix-store --store daemon -q --hash ${stdenv.shell}
fi
echo >&2 ok
'';
};
}

74
pkgs/nix-tools/darwin-rebuild.sh
View file

@ -9,17 +9,25 @@ showSyntax() {
echo " [--list-generations] [{--profile-name | -p} name] [--rollback]" >&2
echo " [{--switch-generation | -G} generation] [--verbose...] [-v...]" >&2
echo " [-Q] [{--max-jobs | -j} number] [--cores number] [--dry-run]" >&2
echo " [--keep-going] [-k] [--keep-failed] [-K] [--fallback] [--show-trace]" >&2
echo " [-I path] [--option name value] [--arg name value] [--argstr name value]" >&2
echo " [--flake flake] [--update-input input flake] [--impure] [--recreate-lock-file]" >&2
echo " [--no-update-lock-file] [--refresh]" >&2
echo " [--offline] [--substituters substituters-list] ..." >&2
echo " [--keep-going | -k] [--keep-failed | -K] [--fallback] [--show-trace]" >&2
echo " [--print-build-logs | -L] [--impure] [-I path]" >&2
echo " [--option name value] [--arg name value] [--argstr name value]" >&2
echo " [--no-flake | [--flake flake]" >&2
echo " [--commit-lock-file] [--recreate-lock-file]" >&2
echo " [--no-update-lock-file] [--no-write-lock-file]" >&2
echo " [--override-input input flake] [--update-input input]" >&2
echo " [--no-registries] [--offline] [--refresh]]" >&2
echo " [--substituters substituters-list] ..." >&2
exit 1
}
sudo() {
# REMOVEME when support for macOS 10.13 is dropped
# macOS 10.13 does not support sudo --preserve-env so we make this conditional
if command sudo --help | grep -- --preserve-env= >/dev/null; then
command sudo -H --preserve-env=PATH env "$@"
# We use `env` before our command to ensure the preserved PATH gets checked
# when trying to resolve the command to execute
command sudo -H --preserve-env=PATH --preserve-env=SSH_CONNECTION env "$@"
else
command sudo -H "$@"
fi
@ -34,6 +42,7 @@ extraProfileFlags=()
profile=@profile@
action=
flake=
noFlake=
while [ $# -gt 0 ]; do
i=$1; shift 1
@ -77,6 +86,9 @@ while [ $# -gt 0 ]; do
flake=$1
shift 1
;;
--no-flake)
noFlake=1
;;
-L|-vL|--print-build-logs|--impure|--recreate-lock-file|--no-update-lock-file|--no-write-lock-file|--no-registries|--commit-lock-file|--refresh)
extraLockFlags+=("$i")
;;
@ -137,43 +149,25 @@ if [ -z "$action" ]; then showSyntax; fi
flakeFlags=(--extra-experimental-features 'nix-command flakes')
if [ -n "$flake" ]; then
# Offical regex from https://www.rfc-editor.org/rfc/rfc3986#appendix-B
if [[ "${flake}" =~ ^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))? ]]; then
scheme=${BASH_REMATCH[1]} # eg. http:
authority=${BASH_REMATCH[3]} # eg. //www.ics.uci.edu
path=${BASH_REMATCH[5]} # eg. /pub/ietf/uri/
queryWithQuestion=${BASH_REMATCH[6]}
fragment=${BASH_REMATCH[9]}
# Use /etc/nix-darwin/flake.nix if it exists. It can be a symlink to the
# actual flake.
if [[ -z $flake && -e /etc/nix-darwin/flake.nix && -z $noFlake ]]; then
flake="$(dirname "$(readlink -f /etc/nix-darwin/flake.nix)")"
fi
flake=${scheme}${authority}${path}${queryWithQuestion}
flakeAttr=${fragment}
# For convenience, use the hostname as the default configuration to
# build from the flake.
if [[ -n "$flake" ]]; then
if [[ $flake =~ ^(.*)\#([^\#\"]*)$ ]]; then
flake="${BASH_REMATCH[1]}"
flakeAttr="${BASH_REMATCH[2]}"
fi
if [ -z "$flakeAttr" ]; then
if [[ -z "$flakeAttr" ]]; then
flakeAttr=$(scutil --get LocalHostName)
fi
flakeAttr=darwinConfigurations.${flakeAttr}
fi
if [ -n "$flake" ]; then
if nix "${flakeFlags[@]}" flake metadata --version &>/dev/null; then
cmd=metadata
else
cmd=info
fi
metadata=$(nix "${flakeFlags[@]}" flake "$cmd" --json "${extraMetadataFlags[@]}" "${extraLockFlags[@]}" -- "$flake")
flake=$(jq -r .url <<<"${metadata}")
if [ "$(jq -r .resolved.submodules <<<"${metadata}")" = "true" ]; then
if [[ "$flake" == *'?'* ]]; then
flake="${flake}&submodules=1"
else
flake="${flake}?submodules=1"
fi
fi
fi
if [ "$action" != build ]; then
if [ -n "$flake" ]; then
extraBuildFlags+=("--no-link")
@ -191,7 +185,7 @@ if [ "$action" = edit ]; then
fi
fi
if [ "$action" = switch ] || [ "$action" = build ] || [ "$action" = check ]; then
if [ "$action" = switch ] || [ "$action" = build ] || [ "$action" = check ] || [ "$action" = changelog ]; then
echo "building the system configuration..." >&2
if [ -z "$flake" ]; then
systemConfig="$(nix-build '<darwin>' "${extraBuildFlags[@]}" -A system)"
@ -240,11 +234,7 @@ if [ "$action" = switch ] || [ "$action" = activate ] || [ "$action" = rollback
fi
if [ "$action" = changelog ]; then
echo >&2
echo "CHANGELOG" >&2
echo >&2
head -n 32 "$systemConfig/darwin-changes"
echo >&2
${PAGER:-less} -- "$systemConfig/darwin-changes"
fi
if [ "$action" = check ]; then

1
pkgs/nix-tools/default.nix
View file

@ -17,6 +17,7 @@ let
inherit name src;
dir = "bin";
isExecutable = true;
meta.mainProgram = name;
} // env);
path = "${extraPath}:${systemPath}";

178
release.nix
View file

@ -1,21 +1,16 @@
{ nixpkgs ? <nixpkgs>
, supportedSystems ? [ "x86_64-darwin" ]
# Adapted from https://github.com/NixOS/nixpkgs/blob/e818264fe227ad8861e0598166cf1417297fdf54/pkgs/top-level/release.nix#L11
, nix-darwin ? { }
, system ? builtins.currentSystem
, supportedSystems ? [ "x86_64-darwin" "aarch64-darwin" ]
, scrubJobs ? true
}:
let
inherit (release) mapTestOn packagePlatforms pkgs all linux darwin;
system = "x86_64-darwin";
mapPlatforms = systems: pkgs.lib.mapAttrs (n: v: systems);
buildFromConfig = configuration: sel: sel
(import ./. { inherit nixpkgs configuration system; }).config;
makeSystem = configuration: pkgs.lib.genAttrs [ system ] (system:
buildFromConfig configuration (config: config.system.build.toplevel)
);
makeSystem = configuration: buildFromConfig configuration (config: config.system.build.toplevel);
makeTest = test:
let
@ -40,6 +35,8 @@ let
};
config = {
system.stateVersion = lib.mkDefault config.system.maxStateVersion;
system.build.run-test = pkgs.runCommand "darwin-test-${testName}"
{ allowSubstitutes = false; preferLocalBuild = true; }
''
@ -59,97 +56,76 @@ let
in
buildFromConfig configuration (config: config.system.build.run-test);
release = import <nixpkgs/pkgs/top-level/release-lib.nix> {
inherit supportedSystems scrubJobs;
packageSet = import nixpkgs;
manual = buildFromConfig ({ lib, config, ... }: {
system.stateVersion = lib.mkDefault config.system.maxStateVersion;
system.darwinVersionSuffix = let
shortRev = nix-darwin.shortRev or nix-darwin.dirtyShortRev or null;
in
lib.mkIf (shortRev != null) ".${shortRev}";
system.darwinRevision = let
rev = nix-darwin.rev or nix-darwin.dirtyRev or null;
in
lib.mkIf (rev != null) rev;
}) (config: config.system.build.manual);
in {
docs = {
inherit (manual) manualHTML manpages optionsJSON;
};
packageSet = {
inherit (pkgs)
stdenv bash zsh nix
tmux reattach-to-user-namespace
nano emacs vim;
};
examples.hydra = makeSystem ./modules/examples/hydra.nix;
examples.lnl = makeSystem ./modules/examples/lnl.nix;
examples.simple = makeSystem ./modules/examples/simple.nix;
jobs = {
unstable = pkgs.releaseTools.aggregate {
name = "darwin-${pkgs.lib.nixpkgsVersion}";
constituents =
[ jobs.stdenv.x86_64-darwin
jobs.bash.x86_64-darwin
jobs.zsh.x86_64-darwin
jobs.nix.x86_64-darwin
jobs.reattach-to-user-namespace.x86_64-darwin
jobs.tmux.x86_64-darwin
jobs.nano.x86_64-darwin
jobs.vim.x86_64-darwin
jobs.emacs.x86_64-darwin
jobs.examples.hydra.x86_64-darwin
jobs.examples.lnl.x86_64-darwin
jobs.examples.simple.x86_64-darwin
];
meta.description = "Release-critical builds for the darwin channel";
};
manualHTML = buildFromConfig ({ ... }: { }) (config: config.system.build.manual.manualHTML);
manpages = buildFromConfig ({ ... }: { }) (config: config.system.build.manual.manpages);
options = buildFromConfig ({ ... }: { }) (config: config.system.build.manual.optionsJSON);
examples.hydra = makeSystem ./modules/examples/hydra.nix;
examples.lnl = makeSystem ./modules/examples/lnl.nix;
examples.simple = makeSystem ./modules/examples/simple.nix;
tests.activation-scripts = makeTest ./tests/activation-scripts.nix;
tests.autossh = makeTest ./tests/autossh.nix;
tests.checks-nix-gc = makeTest ./tests/checks-nix-gc.nix;
tests.environment-path = makeTest ./tests/environment-path.nix;
tests.environment-terminfo = makeTest ./tests/environment-terminfo.nix;
tests.homebrew = makeTest ./tests/homebrew.nix;
tests.launchd-daemons = makeTest ./tests/launchd-daemons.nix;
tests.launchd-setenv = makeTest ./tests/launchd-setenv.nix;
tests.networking-hostname = makeTest ./tests/networking-hostname.nix;
tests.networking-networkservices = makeTest ./tests/networking-networkservices.nix;
tests.nixpkgs-overlays = makeTest ./tests/nixpkgs-overlays.nix;
tests.programs-ssh = makeTest ./tests/programs-ssh.nix;
tests.programs-tmux = makeTest ./tests/programs-tmux.nix;
tests.programs-zsh = makeTest ./tests/programs-zsh.nix;
tests.programs-ssh-empty-known-hosts = makeTest ./tests/programs-ssh-empty-known-hosts.nix;
tests.security-pki = makeTest ./tests/security-pki.nix;
tests.services-activate-system = makeTest ./tests/services-activate-system.nix;
tests.services-activate-system-changed-label-prefix = makeTest ./tests/services-activate-system-changed-label-prefix.nix;
tests.services-buildkite-agent = makeTest ./tests/services-buildkite-agent.nix;
tests.services-github-runners = makeTest ./tests/services-github-runners.nix;
tests.services-lorri = makeTest ./tests/services-lorri.nix;
tests.services-nix-daemon = makeTest ./tests/services-nix-daemon.nix;
tests.sockets-nix-daemon = makeTest ./tests/sockets-nix-daemon.nix;
tests.services-dnsmasq = makeTest ./tests/services-dnsmasq.nix;
tests.services-eternal-terminal = makeTest ./tests/services-eternal-terminal.nix;
tests.services-nix-gc = makeTest ./tests/services-nix-gc.nix;
tests.services-nix-optimise = makeTest ./tests/services-nix-optimise.nix;
tests.services-nextdns = makeTest ./tests/services-nextdns.nix;
tests.services-ofborg = makeTest ./tests/services-ofborg.nix;
tests.services-offlineimap = makeTest ./tests/services-offlineimap.nix;
tests.services-privoxy = makeTest ./tests/services-privoxy.nix;
tests.services-redis = makeTest ./tests/services-redis.nix;
tests.services-skhd = makeTest ./tests/services-skhd.nix;
tests.services-spacebar = makeTest ./tests/services-spacebar.nix;
tests.services-spotifyd = makeTest ./tests/services-spotifyd.nix;
tests.services-synapse-bt = makeTest ./tests/services-synapse-bt.nix;
tests.services-synergy = makeTest ./tests/services-synergy.nix;
tests.services-yabai = makeTest ./tests/services-yabai.nix;
tests.system-defaults-write = makeTest ./tests/system-defaults-write.nix;
tests.system-environment = makeTest ./tests/system-environment.nix;
tests.system-keyboard-mapping = makeTest ./tests/system-keyboard-mapping.nix;
tests.system-packages = makeTest ./tests/system-packages.nix;
tests.system-path = makeTest ./tests/system-path.nix;
tests.system-shells = makeTest ./tests/system-shells.nix;
tests.users-groups = makeTest ./tests/users-groups.nix;
tests.users-packages = makeTest ./tests/users-packages.nix;
tests.fonts = makeTest ./tests/fonts.nix;
}
// (mapTestOn (packagePlatforms packageSet));
in
jobs
tests.activation-scripts = makeTest ./tests/activation-scripts.nix;
tests.autossh = makeTest ./tests/autossh.nix;
tests.checks-nix-gc = makeTest ./tests/checks-nix-gc.nix;
tests.environment-path = makeTest ./tests/environment-path.nix;
tests.environment-terminfo = makeTest ./tests/environment-terminfo.nix;
tests.homebrew = makeTest ./tests/homebrew.nix;
tests.launchd-daemons = makeTest ./tests/launchd-daemons.nix;
tests.launchd-setenv = makeTest ./tests/launchd-setenv.nix;
tests.networking-hostname = makeTest ./tests/networking-hostname.nix;
tests.networking-networkservices = makeTest ./tests/networking-networkservices.nix;
tests.nixpkgs-overlays = makeTest ./tests/nixpkgs-overlays.nix;
tests.programs-ssh = makeTest ./tests/programs-ssh.nix;
tests.programs-tmux = makeTest ./tests/programs-tmux.nix;
tests.programs-zsh = makeTest ./tests/programs-zsh.nix;
tests.programs-ssh-empty-known-hosts = makeTest ./tests/programs-ssh-empty-known-hosts.nix;
tests.security-pki = makeTest ./tests/security-pki.nix;
tests.services-activate-system = makeTest ./tests/services-activate-system.nix;
tests.services-activate-system-changed-label-prefix = makeTest ./tests/services-activate-system-changed-label-prefix.nix;
tests.services-buildkite-agent = makeTest ./tests/services-buildkite-agent.nix;
tests.services-github-runners = makeTest ./tests/services-github-runners.nix;
tests.services-lorri = makeTest ./tests/services-lorri.nix;
tests.services-nix-daemon = makeTest ./tests/services-nix-daemon.nix;
tests.sockets-nix-daemon = makeTest ./tests/sockets-nix-daemon.nix;
tests.services-aerospace = makeTest ./tests/services-aerospace.nix;
tests.services-dnsmasq = makeTest ./tests/services-dnsmasq.nix;
tests.services-eternal-terminal = makeTest ./tests/services-eternal-terminal.nix;
tests.services-nix-gc = makeTest ./tests/services-nix-gc.nix;
tests.services-nix-optimise = makeTest ./tests/services-nix-optimise.nix;
tests.services-nextdns = makeTest ./tests/services-nextdns.nix;
tests.services-netdata = makeTest ./tests/services-netdata.nix;
tests.services-ofborg = makeTest ./tests/services-ofborg.nix;
tests.services-offlineimap = makeTest ./tests/services-offlineimap.nix;
tests.services-privoxy = makeTest ./tests/services-privoxy.nix;
tests.services-redis = makeTest ./tests/services-redis.nix;
tests.services-skhd = makeTest ./tests/services-skhd.nix;
tests.services-spacebar = makeTest ./tests/services-spacebar.nix;
tests.services-spotifyd = makeTest ./tests/services-spotifyd.nix;
tests.services-synapse-bt = makeTest ./tests/services-synapse-bt.nix;
tests.services-synergy = makeTest ./tests/services-synergy.nix;
tests.services-yabai = makeTest ./tests/services-yabai.nix;
tests.services-jankyborders = makeTest ./tests/services-jankyborders.nix;
tests.system-defaults-write = makeTest ./tests/system-defaults-write.nix;
tests.system-environment = makeTest ./tests/system-environment.nix;
tests.system-keyboard-mapping = makeTest ./tests/system-keyboard-mapping.nix;
tests.system-packages = makeTest ./tests/system-packages.nix;
tests.system-path = makeTest ./tests/system-path.nix;
tests.system-shells = makeTest ./tests/system-shells.nix;
tests.users-groups = makeTest ./tests/users-groups.nix;
tests.users-packages = makeTest ./tests/users-packages.nix;
tests.fonts = makeTest ./tests/fonts.nix;
}

16
tests/autossh.nix
View file

@ -1,17 +1,19 @@
{ config, pkgs, ... }:
{
services.autossh.sessions = [ {
name = "foo";
user = "jfelice";
extraArguments = "-i /some/key -T -N bar.eraserhead.net";
} ];
services.autossh.sessions = [
{
name = "foo";
user = "jfelice";
extraArguments = "-i /some/key -T -N bar.eraserhead.net";
}
];
test = ''
plist=${config.out}/Library/LaunchDaemons/org.nixos.autossh-foo.plist
test -f $plist
grep '<string>exec /nix/store/.*/bin/autossh ' $plist
grep '<string>exec.*-i /some/key ' $plist
grep '<string>/bin/wait4path /nix/store &amp;&amp; exec /nix/store/.*/bin/autossh ' $plist
grep '<string>/bin/wait4path /nix/store &amp;&amp; exec.*-i /some/key ' $plist
tr -d '\n\t ' <$plist |grep '<key>KeepAlive</key><true */>'
'';
}

201
tests/fixtures/system-defaults-write/activate-user.txt vendored
View file

@ -48,6 +48,11 @@ defaults write -g 'AppleShowScrollBars' $'<?xml version="1.0" encoding="UTF-8"?>
<plist version="1.0">
<string>Always</string>
</plist>'
defaults write -g 'AppleSpacesSwitchOnActivate' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write -g 'AppleWindowTabbingMode' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
@ -73,6 +78,11 @@ defaults write -g 'NSAutomaticDashSubstitutionEnabled' $'<?xml version="1.0" enc
<plist version="1.0">
<false/>
</plist>'
defaults write -g 'NSAutomaticInlinePredictionEnabled' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write -g 'NSAutomaticPeriodSubstitutionEnabled' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
@ -195,6 +205,11 @@ defaults write .GlobalPreferences 'com.apple.sound.beep.sound' $'<?xml version="
<string>/System/Library/Sounds/Funk.aiff</string>
</plist>'
defaults write com.apple.menuextra.clock 'FlashDateSeparators' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write com.apple.menuextra.clock 'Show24Hour' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
@ -289,9 +304,118 @@ defaults write com.apple.dock 'persistent-others' $'<?xml version="1.0" encoding
</dict>
</array>
</plist>'
defaults write com.apple.dock 'scroll-to-open' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write com.apple.finder 'AppleShowAllExtensions' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.finder 'AppleShowAllFiles' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.finder 'CreateDesktop' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write com.apple.finder 'FXDefaultSearchScope' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<string>SCcf</string>
</plist>'
defaults write com.apple.finder 'FXEnableExtensionChangeWarning' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write com.apple.finder 'FXPreferredViewStyle' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<string>Flwv</string>
</plist>'
defaults write com.apple.finder 'FXRemoveOldTrashItems' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write com.apple.finder 'NewWindowTarget' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<string>PfLo</string>
</plist>'
defaults write com.apple.finder 'NewWindowTargetPath' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<string>file:///Library/Apple</string>
</plist>'
defaults write com.apple.finder 'QuitMenuItem' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.finder 'ShowExternalHardDrivesOnDesktop' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write com.apple.finder 'ShowHardDrivesOnDesktop' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write com.apple.finder 'ShowMountedServersOnDesktop' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write com.apple.finder 'ShowPathbar' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.finder 'ShowRemovableMediaOnDesktop' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write com.apple.finder 'ShowStatusBar' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.finder '_FXShowPosixPathInTitle' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.finder '_FXSortFoldersFirst' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.finder '_FXSortFoldersFirstOnDesktop' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write com.apple.HIToolbox 'AppleFnUsageType' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<integer>2</integer>
</plist>'
defaults write com.apple.screencapture 'include-date' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.screencapture 'location' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
@ -370,3 +494,78 @@ defaults write com.apple.Safari 'com.apple.Safari.ContentPageGroupIdentifier.Web
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.WindowManager 'AppWindowGroupingBehavior' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.WindowManager 'AutoHide' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write com.apple.WindowManager 'EnableStandardClickToShowDesktop' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write com.apple.WindowManager 'GloballyEnabled' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write com.apple.WindowManager 'HideDesktop' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write com.apple.WindowManager 'StageManagerHideWidgets' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.WindowManager 'StandardHideDesktopIcons' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<false/>
</plist>'
defaults write com.apple.WindowManager 'StandardHideWidgets' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write ~/Library/Preferences/ByHost/com.apple.controlcenter 'AirDrop' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<integer>18</integer>
</plist>'
defaults write ~/Library/Preferences/ByHost/com.apple.controlcenter 'BatteryShowPercentage' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write ~/Library/Preferences/ByHost/com.apple.controlcenter 'Bluetooth' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<integer>18</integer>
</plist>'
defaults write ~/Library/Preferences/ByHost/com.apple.controlcenter 'Display' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<integer>24</integer>
</plist>'
defaults write ~/Library/Preferences/ByHost/com.apple.controlcenter 'FocusModes' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<integer>24</integer>
</plist>'
defaults write ~/Library/Preferences/ByHost/com.apple.controlcenter 'NowPlaying' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<integer>18</integer>
</plist>'
defaults write ~/Library/Preferences/ByHost/com.apple.controlcenter 'Sound' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<integer>24</integer>
</plist>'

6
tests/networking-hostname.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ lib, config, pkgs, ... }:
{
networking.hostName = "EVE";
@ -7,8 +7,8 @@
test = ''
echo checking hostname in /activate >&2
grep "scutil --set ComputerName 'EVEs MacBook Pro'" ${config.out}/activate
grep "scutil --set LocalHostName 'EVE'" ${config.out}/activate
grep "scutil --set HostName 'EVE'" ${config.out}/activate
grep "scutil --set LocalHostName ${lib.escapeShellArg "EVE"}" ${config.out}/activate
grep "scutil --set HostName ${lib.escapeShellArg "EVE"}" ${config.out}/activate
echo checking defaults write in ${config.out}/activate-user >&2
'';
}

10
tests/networking-networkservices.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ config, lib, ... }:
{
networking.knownNetworkServices = [ "Wi-Fi" "Thunderbolt Ethernet" ];
@ -6,10 +6,10 @@
test = ''
echo checking dns settings in /activate >&2
grep "networksetup -setdnsservers 'Wi-Fi' '8.8.8.8' '8.8.4.4'" ${config.out}/activate
grep "networksetup -setdnsservers 'Thunderbolt Ethernet' '8.8.8.8' '8.8.4.4'" ${config.out}/activate
grep "networksetup -setdnsservers ${lib.escapeShellArgs [ "Wi-Fi" "8.8.8.8" "8.8.4.4" ]}" ${config.out}/activate
grep "networksetup -setdnsservers ${lib.escapeShellArgs [ "Thunderbolt Ethernet" "8.8.8.8" "8.8.4.4" ]}" ${config.out}/activate
echo checking empty searchdomain settings in /activate >&2
grep "networksetup -setsearchdomains 'Wi-Fi' 'empty'" ${config.out}/activate
grep "networksetup -setsearchdomains 'Thunderbolt Ethernet' 'empty'" ${config.out}/activate
grep "networksetup -setsearchdomains ${lib.escapeShellArgs [ "Wi-Fi" "empty" ]}" ${config.out}/activate
grep "networksetup -setsearchdomains ${lib.escapeShellArgs [ "Thunderbolt Ethernet" "empty" ]}" ${config.out}/activate
'';
}

10
tests/networking-wakeonlan.nix Normal file
View file

@ -0,0 +1,10 @@
{ config, pkgs, ... }:
{
networking.wakeOnLan.enable = true;
test = ''
echo checking wake on network access settings in /activate >&2
grep "systemsetup -setWakeOnNetworkAccess 'on'" ${config.out}/activate
'';
}

12
tests/power-restart.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, pkgs, ... }:
{
power.restartAfterPowerFailure = true;
power.restartAfterFreeze = true;
test = ''
echo checking restart power settings in /activate >&2
grep "systemsetup -setRestartPowerFailure 'on'" ${config.out}/activate
grep "systemsetup -setRestartFreeze 'on'" ${config.out}/activate
'';
}

16
tests/power-sleep.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, pkgs, ... }:
{
power.sleep.computer = "never";
power.sleep.display = 15;
power.sleep.harddisk = 5;
power.sleep.allowSleepByPowerButton = false;
test = ''
echo checking power sleep settings in /activate >&2
grep "systemsetup -setComputerSleep 'never'" ${config.out}/activate
grep "systemsetup -setDisplaySleep '15'" ${config.out}/activate
grep "systemsetup -setHardDiskSleep '5'" ${config.out}/activate
grep "systemsetup -setAllowPowerButtonToSleepComputer 'off'" ${config.out}/activate
'';
}

4
tests/programs-zsh.nix
View file

@ -22,8 +22,6 @@
echo >&2 "checking setEnvironment in /etc/zshenv"
fgrep '. ${config.system.build.setEnvironment}' ${config.out}/etc/zshenv
echo >&2 "checking nix-shell return /etc/zshenv"
grep 'if test -n "$IN_NIX_SHELL"; then return; fi' ${config.out}/etc/zshenv
echo >&2 "checking zshenv.d in /etc/zshenv"
grep 'source /etc/zshenv.d/\*.conf' ${config.out}/etc/zshenv
@ -36,7 +34,7 @@
echo >&2 "checking compinit in /etc/zshrc"
grep 'autoload -U compinit && compinit' ${config.out}/etc/zshrc
echo >&2 "checking bashcompinit in /etc/zshrc"
grep -vq 'bashcompinit' ${config.out}/etc/zshrc
(! grep 'bashcompinit' ${config.out}/etc/zshrc)
echo >&2 "checking zprofile.d in /etc/zprofile"
grep 'source /etc/zprofile.d/\*.conf' ${config.out}/etc/zprofile

3
tests/services-activate-system-changed-label-prefix.nix
View file

@ -1,7 +1,6 @@
{ config, pkgs, ... }:
{
services.activate-system.enable = true;
launchd.labelPrefix = "org.nix-darwin";
test = ''
@ -9,7 +8,7 @@
grep "org.nix-darwin.activate-system" ${config.out}/Library/LaunchDaemons/org.nix-darwin.activate-system.plist
echo checking activation of /run/current-system >&2
script=$(cat ${config.out}/Library/LaunchDaemons/org.nix-darwin.activate-system.plist | awk -F'[< ]' '$3 ~ "^/nix/store/.*" {print $3}')
script=$(cat ${config.out}/Library/LaunchDaemons/org.nix-darwin.activate-system.plist | awk -F'[< ]' '$6 ~ "^/nix/store/.*" {print $6}')
grep "ln -sfn .* /run/current-system" "$script"
'';
}

4
tests/services-activate-system.nix
View file

@ -1,14 +1,12 @@
{ config, pkgs, ... }:
{
services.activate-system.enable = true;
test = ''
echo checking activation service in /Library/LaunchDaemons >&2
grep "org.nixos.activate-system" ${config.out}/Library/LaunchDaemons/org.nixos.activate-system.plist
echo checking activation of /run/current-system >&2
script=$(cat ${config.out}/Library/LaunchDaemons/org.nixos.activate-system.plist | awk -F'[< ]' '$3 ~ "^/nix/store/.*" {print $3}')
script=$(cat ${config.out}/Library/LaunchDaemons/org.nixos.activate-system.plist | awk -F'[< ]' '$6 ~ "^/nix/store/.*" {print $6}')
grep "ln -sfn .* /run/current-system" "$script"
'';
}

36
tests/services-aerospace.nix Normal file
View file

@ -0,0 +1,36 @@
{ config, pkgs, ... }:
let
aerospace = pkgs.runCommand "aerospace-0.0.0" { } "mkdir $out";
in
{
services.aerospace.enable = true;
services.aerospace.package = aerospace;
services.aerospace.settings = {
gaps = {
outer.left = 8;
outer.bottom = 8;
outer.top = 8;
outer.right = 8;
};
mode.main.binding = {
alt-h = "focus left";
alt-j = "focus down";
alt-k = "focus up";
alt-l = "focus right";
};
};
test = ''
echo >&2 "checking aerospace service in ~/Library/LaunchAgents"
grep "org.nixos.aerospace" ${config.out}/user/Library/LaunchAgents/org.nixos.aerospace.plist
grep "${aerospace}/Applications/AeroSpace.app/Contents/MacOS/AeroSpace" ${config.out}/user/Library/LaunchAgents/org.nixos.aerospace.plist
conf=`sed -En 's/^[[:space:]]*<string>.*--config-path (.*)<\/string>$/\1/p' \
${config.out}/user/Library/LaunchAgents/org.nixos.aerospace.plist`
echo >&2 "checking config in $conf"
if [ `cat $conf | wc -l` -eq "27" ]; then echo "aerospace.toml config correctly contains 27 lines"; else return 1; fi
'';
}

4
tests/services-buildkite-agent.nix
View file

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
let
buildkite-agent = pkgs.runCommand "buildkite-agent-0.0.0" {} "mkdir $out";
buildkite-agent = pkgs.runCommand "buildkite-agent-0.0.0" { } "mkdir $out";
tokenPath = pkgs.writeText "buildkite_token" "TEST_TOKEN";
in
@ -20,7 +20,7 @@ in
grep "org.nixos.buildkite-agent-test" ${config.out}/Library/LaunchDaemons/org.nixos.buildkite-agent-test.plist
echo "checking creation of buildkite-agent service config" >&2
script=$(cat ${config.out}/Library/LaunchDaemons/org.nixos.buildkite-agent-test.plist | awk -F'[< ]' '$3 ~ "^/nix/store/.*" {print $3}')
script=$(cat ${config.out}/Library/LaunchDaemons/org.nixos.buildkite-agent-test.plist | awk -F'[< ]' '$6 ~ "^/nix/store/.*" {print $6}')
grep "yolo=1" "$script"
grep "${tokenPath}" "$script"

28
tests/services-jankyborders.nix Normal file
View file

@ -0,0 +1,28 @@
{ config, lib, pkgs, ... }:
with lib;
let
jankyborders = pkgs.runCommand "borders-0.0.0" {} "mkdir $out";
in
{
services.jankyborders.enable = true;
services.jankyborders.package = jankyborders;
services.jankyborders.width = 5.0;
services.jankyborders.hidpi = true;
services.jankyborders.active_color = "0xFFFFFFFF";
services.jankyborders.order = "below";
test = ''
echo >&2 "checking jankyborders service in ~/Library/LaunchAgents"
grep "org.nixos.jankyborders" ${config.out}/user/Library/LaunchAgents/org.nixos.jankyborders.plist
grep "${jankyborders}/bin/borders" ${config.out}/user/Library/LaunchAgents/org.nixos.jankyborders.plist
echo >&2 "checking jankyborders config arguments"
grep "width=5.000000" ${config.out}/user/Library/LaunchAgents/org.nixos.jankyborders.plist
grep "hidpi=on" ${config.out}/user/Library/LaunchAgents/org.nixos.jankyborders.plist
grep "active_color=0xFFFFFFFF" ${config.out}/user/Library/LaunchAgents/org.nixos.jankyborders.plist
grep "order=below" ${config.out}/user/Library/LaunchAgents/org.nixos.jankyborders.plist
'';
}

25
tests/services-lorri.nix
View file

@ -1,14 +1,29 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
plistPath = "${config.out}/user/Library/LaunchAgents/org.nixos.lorri.plist";
expectedPath = "${lib.makeBinPath [config.nix.package pkgs.git pkgs.gnutar pkgs.gzip]}";
expectedNixPath = "${"nixpkgs="+ toString pkgs.path}";
expectedPath = "${lib.makeBinPath [
config.nix.package
pkgs.git
pkgs.gnutar
pkgs.gzip
]}";
expectedNixPath = "${"nixpkgs=" + toString pkgs.path}";
in
{
services.lorri.enable = true;
test = ''
PATH=${lib.makeBinPath [ pkgs.xcbuild pkgs.jq ]}:$PATH
PATH=${
lib.makeBinPath [
pkgs.xcbuild
pkgs.jq
]
}:$PATH
plutil -lint ${plistPath}
plutil -convert json -o service.json ${plistPath}
@ -21,7 +36,7 @@ in
<service.json jq -e ".ProgramArguments|length == 3"
<service.json jq -e ".ProgramArguments[0] == \"/bin/sh\""
<service.json jq -e ".ProgramArguments[1] == \"-c\""
<service.json jq -e ".ProgramArguments[2] == \"exec ${pkgs.lorri}/bin/lorri daemon\""
<service.json jq -e ".ProgramArguments[2] == \"/bin/wait4path /nix/store && exec ${pkgs.lorri}/bin/lorri daemon\""
<service.json jq -e ".RunAtLoad == true"
'';
}

19
tests/services-netdata.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, lib, pkgs, ... }:
with lib;
let
netdata = pkgs.runCommand "netdata-0.0.0" {} "mkdir $out";
in
{
services.netdata = {
enable = true;
package = netdata;
};
test = ''
echo >&2 "checking netdata service in launchd daemons"
grep "netdata" ${config.out}/Library/LaunchDaemons/netdata.plist
grep "${netdata}/bin/netdata" ${config.out}/Library/LaunchDaemons/netdata.plist
'';
}

4
tests/services-nix-gc.nix
View file

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
let
nix = pkgs.runCommand "nix-2.2" {} "mkdir -p $out";
nix = pkgs.runCommand "nix-2.2" { } "mkdir -p $out";
in
{
@ -13,7 +13,7 @@ in
test = ''
echo checking nix-gc service in /Library/LaunchDaemons >&2
grep "<string>org.nixos.nix-gc</string>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-gc.plist
grep "<string>exec ${nix}/bin/nix-collect-garbage --delete-older-than 30d</string>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-gc.plist
grep "<string>/bin/wait4path /nix/store &amp;&amp; exec ${nix}/bin/nix-collect-garbage --delete-older-than 30d</string>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-gc.plist
grep "<key>UserName</key>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-gc.plist
grep "<string>nixuser</string>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-gc.plist

4
tests/services-nix-optimise.nix
View file

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
let
nix = pkgs.runCommand "nix-2.2" {} "mkdir -p $out";
nix = pkgs.runCommand "nix-2.2" { } "mkdir -p $out";
in
{
@ -13,7 +13,7 @@ in
echo checking nix-optimise service in /Library/LaunchDaemons >&2
grep "<string>org.nixos.nix-optimise</string>" \
${config.out}/Library/LaunchDaemons/org.nixos.nix-optimise.plist
grep "<string>/bin/wait4path ${nix} &amp;&amp; exec ${nix}/bin/nix-store --optimise</string>" \
grep "<string>/bin/wait4path /nix/store &amp;&amp; exec ${nix}/bin/nix-store --optimise</string>" \
${config.out}/Library/LaunchDaemons/org.nixos.nix-optimise.plist
grep "<key>UserName</key>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-optimise.plist
grep "<string>nixuser</string>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-optimise.plist

75
tests/system-defaults-write.nix
View file

@ -11,7 +11,9 @@
system.defaults.NSGlobalDomain.AppleShowAllExtensions = true;
system.defaults.NSGlobalDomain.AppleShowScrollBars = "Always";
system.defaults.NSGlobalDomain.AppleScrollerPagingBehavior = true;
system.defaults.NSGlobalDomain.AppleSpacesSwitchOnActivate = false;
system.defaults.NSGlobalDomain.NSAutomaticCapitalizationEnabled = false;
system.defaults.NSGlobalDomain.NSAutomaticInlinePredictionEnabled = false;
system.defaults.NSGlobalDomain.NSAutomaticDashSubstitutionEnabled = false;
system.defaults.NSGlobalDomain.NSAutomaticPeriodSubstitutionEnabled = false;
system.defaults.NSGlobalDomain.NSAutomaticQuoteSubstitutionEnabled = false;
@ -40,6 +42,7 @@
system.defaults.NSGlobalDomain."com.apple.springing.delay" = 0.0;
system.defaults.NSGlobalDomain."com.apple.swipescrolldirection" = true;
system.defaults.".GlobalPreferences"."com.apple.sound.beep.sound" = "/System/Library/Sounds/Funk.aiff";
system.defaults.menuExtraClock.FlashDateSeparators = false;
system.defaults.menuExtraClock.Show24Hour = false;
system.defaults.menuExtraClock.ShowDayOfWeek = true;
system.defaults.menuExtraClock.ShowDate = 2;
@ -48,7 +51,29 @@
system.defaults.dock.orientation = "left";
system.defaults.dock.persistent-apps = ["MyApp.app" "Cool.app"];
system.defaults.dock.persistent-others = ["~/Documents" "~/Downloads/file.txt"];
system.defaults.dock.scroll-to-open = false;
system.defaults.finder.AppleShowAllFiles = true;
system.defaults.finder.ShowStatusBar = true;
system.defaults.finder.ShowPathbar = true;
system.defaults.finder.FXDefaultSearchScope = "SCcf";
system.defaults.finder.FXPreferredViewStyle = "Flwv";
system.defaults.finder.FXRemoveOldTrashItems = false;
system.defaults.finder.AppleShowAllExtensions = true;
system.defaults.finder.CreateDesktop = false;
system.defaults.finder.NewWindowTarget = "Other";
system.defaults.finder.NewWindowTargetPath = "file:///Library/Apple";
system.defaults.finder.QuitMenuItem = true;
system.defaults.finder._FXShowPosixPathInTitle = true;
system.defaults.finder._FXSortFoldersFirst = true;
system.defaults.finder._FXSortFoldersFirstOnDesktop = false;
system.defaults.finder.FXEnableExtensionChangeWarning = false;
system.defaults.finder.ShowExternalHardDrivesOnDesktop = false;
system.defaults.finder.ShowHardDrivesOnDesktop = false;
system.defaults.finder.ShowMountedServersOnDesktop = false;
system.defaults.finder.ShowRemovableMediaOnDesktop = false;
system.defaults.hitoolbox.AppleFnUsageType = "Show Emoji & Symbols";
system.defaults.screencapture.location = "/tmp";
system.defaults.screencapture.include-date = true;
system.defaults.screensaver.askForPassword = true;
system.defaults.screensaver.askForPasswordDelay = 5;
system.defaults.smb.NetBIOSName = "IMAC-000000";
@ -63,25 +88,41 @@
system.defaults.ActivityMonitor.SortColumn = "CPUUsage";
system.defaults.ActivityMonitor.SortDirection = 0;
system.defaults.ActivityMonitor.OpenMainWindow = true;
system.defaults.WindowManager.GloballyEnabled = false;
system.defaults.WindowManager.EnableStandardClickToShowDesktop = false;
system.defaults.WindowManager.AutoHide = false;
system.defaults.WindowManager.AppWindowGroupingBehavior = true;
system.defaults.WindowManager.StandardHideDesktopIcons = false;
system.defaults.WindowManager.HideDesktop = false;
system.defaults.WindowManager.StandardHideWidgets = true;
system.defaults.WindowManager.StageManagerHideWidgets = true;
system.defaults.CustomUserPreferences = {
"NSGlobalDomain" = { "TISRomanSwitchState" = 1; };
"com.apple.Safari" = {
"com.apple.Safari.ContentPageGroupIdentifier.WebKit2DeveloperExtrasEnabled" =
true;
};
"NSGlobalDomain" = { "TISRomanSwitchState" = 1; };
"com.apple.Safari" = {
"com.apple.Safari.ContentPageGroupIdentifier.WebKit2DeveloperExtrasEnabled" =
true;
};
test = lib.strings.concatMapStringsSep "\n" (x: ''
echo >&2 "checking defaults write in /${x}"
${pkgs.python3}/bin/python3 <<EOL
import sys
from pathlib import Path
fixture = '${./fixtures/system-defaults-write}/${x}.txt'
out = '${config.out}/${x}'
if Path(fixture).read_text() not in Path(out).read_text():
print("Did not find content from %s in %s" % (fixture, out), file=sys.stderr)
sys.exit(1)
EOL
'') [
};
system.defaults.controlcenter.BatteryShowPercentage = true;
system.defaults.controlcenter.Sound = false;
system.defaults.controlcenter.Bluetooth = true;
system.defaults.controlcenter.AirDrop = true;
system.defaults.controlcenter.Display = false;
system.defaults.controlcenter.FocusModes = false;
system.defaults.controlcenter.NowPlaying = true;
test = lib.strings.concatMapStringsSep "\n"
(x: ''
echo >&2 "checking defaults write in /${x}"
${pkgs.python3}/bin/python3 <<EOL
import sys
from pathlib import Path
fixture = '${./fixtures/system-defaults-write}/${x}.txt'
out = '${config.out}/${x}'
if Path(fixture).read_text() not in Path(out).read_text():
print("Did not find content from %s in %s" % (fixture, out), file=sys.stderr)
sys.exit(1)
EOL
'') [
"activate"
"activate-user"
];

3
tests/system-keyboard-mapping.nix
View file

@ -6,6 +6,7 @@
system.keyboard.remapCapsLockToEscape = true;
system.keyboard.nonUS.remapTilde = true;
system.keyboard.swapLeftCommandAndLeftAlt = true;
system.keyboard.swapLeftCtrlAndFn = true;
test = ''
echo checking keyboard mappings in /activate >&2
@ -17,5 +18,7 @@
grep "\"HIDKeyboardModifierMappingDst\":30064771296" ${config.out}/activate
grep "\"HIDKeyboardModifierMappingDst\":30064771298" ${config.out}/activate
grep "\"HIDKeyboardModifierMappingDst\":30064771299" ${config.out}/activate
grep "\"HIDKeyboardModifierMappingDst\":30064771296" ${config.out}/activate
grep "\"HIDKeyboardModifierMappingDst\":1095216660483" ${config.out}/activate
'';
}

Some files were not shown because too many files have changed in this diff Show more