From 2839ef54aaaa0ca797659a1db45876260b93b1eb Mon Sep 17 00:00:00 2001 From: Trevor Opiyo Date: Wed, 20 Mar 2024 20:12:46 -0500 Subject: [PATCH 01/45] Add support for zsh-fast-syntax-highlighting --- modules/programs/zsh/default.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/modules/programs/zsh/default.nix b/modules/programs/zsh/default.nix index bbf8ad9e..c7ff47c4 100644 --- a/modules/programs/zsh/default.nix +++ b/modules/programs/zsh/default.nix @@ -107,6 +107,12 @@ in default = false; description = "Enable zsh-syntax-highlighting."; }; + + programs.zsh.enableFastSyntaxHighlighting = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Enable zsh-fast-syntax-highlighting."; + }; }; config = mkIf cfg.enable { @@ -115,7 +121,8 @@ in [ # Include zsh package pkgs.zsh ] ++ optional cfg.enableCompletion pkgs.nix-zsh-completions - ++ optional cfg.enableSyntaxHighlighting pkgs.zsh-syntax-highlighting; + ++ optional cfg.enableSyntaxHighlighting pkgs.zsh-syntax-highlighting + ++ optional cfg.enableFastSyntaxHighlighting pkgs.zsh-fast-syntax-highlighting; environment.pathsToLink = [ "/share/zsh" ]; @@ -196,6 +203,10 @@ in "source ${pkgs.zsh-syntax-highlighting}/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh" } + ${optionalString cfg.enableFastSyntaxHighlighting + "source ${pkgs.zsh-fast-syntax-highlighting}/share/zsh-fast-syntax-highlighting/zsh-fast-syntax-highlighting.zsh" + } + ${optionalString cfg.enableFzfCompletion "source ${fzfCompletion}"} ${optionalString cfg.enableFzfGit "source ${fzfGit}"} ${optionalString cfg.enableFzfHistory "source ${fzfHistory}"} From 44c88484c4c386f3eae8a5398e9b22a78d606e43 Mon Sep 17 00:00:00 2001 From: Trevor Opiyo Date: Wed, 29 May 2024 12:23:59 -0500 Subject: [PATCH 02/45] add warning for enabling syntax highlighting and fast syntax highlighting --- modules/programs/zsh/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/programs/zsh/default.nix b/modules/programs/zsh/default.nix index c7ff47c4..d3b2f5c6 100644 --- a/modules/programs/zsh/default.nix +++ b/modules/programs/zsh/default.nix @@ -117,6 +117,9 @@ in config = mkIf cfg.enable { + warnings = mkIf (cfg.enableFastSyntaxHighlighting && cfg.enableSyntaxHighlighting) [ + "zsh-fast-syntax-highlighting and zsh-syntax-highlighting are mutually exclusive. Disable one of them." + ]; environment.systemPackages = [ # Include zsh package pkgs.zsh From 897fc37c47d2592c475f8732f3f1a4fbc9f18f9e Mon Sep 17 00:00:00 2001 From: Trevor Opiyo Date: Tue, 5 Nov 2024 08:16:35 -0600 Subject: [PATCH 03/45] Update default.nix Co-authored-by: Michael Hoang --- modules/programs/zsh/default.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/modules/programs/zsh/default.nix b/modules/programs/zsh/default.nix index d3b2f5c6..6555bacc 100644 --- a/modules/programs/zsh/default.nix +++ b/modules/programs/zsh/default.nix @@ -117,8 +117,11 @@ in config = mkIf cfg.enable { - warnings = mkIf (cfg.enableFastSyntaxHighlighting && cfg.enableSyntaxHighlighting) [ - "zsh-fast-syntax-highlighting and zsh-syntax-highlighting are mutually exclusive. Disable one of them." + assertions = [ + { + assertion = !(cfg.enableSyntaxHighlighting && cfg.enableFastSyntaxHighlighting); + message = "zsh-syntax-highlighting and zsh-fast-syntax-highlighting are mutually exclusive, please disable one of them."; + } ]; environment.systemPackages = [ # Include zsh package From 48e5c8de1a4575441b46cb174afebfa02732c0ff Mon Sep 17 00:00:00 2001 From: Trevor Opiyo Date: Wed, 6 Nov 2024 01:10:24 -0600 Subject: [PATCH 04/45] Update modules/programs/zsh/default.nix Changes added by Enzime Co-authored-by: Michael Hoang --- modules/programs/zsh/default.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/modules/programs/zsh/default.nix b/modules/programs/zsh/default.nix index 6555bacc..652ba583 100644 --- a/modules/programs/zsh/default.nix +++ b/modules/programs/zsh/default.nix @@ -108,11 +108,7 @@ in description = "Enable zsh-syntax-highlighting."; }; - programs.zsh.enableFastSyntaxHighlighting = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Enable zsh-fast-syntax-highlighting."; - }; + programs.zsh.enableFastSyntaxHighlighting = mkEnableOption "zsh-fast-syntax-highlighting"; }; config = mkIf cfg.enable { From 1a8c6cac8c7a9537fcf928714ca3778f4c59c2fd Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 21 Oct 2024 11:16:49 +1100 Subject: [PATCH 05/45] release: fix tests not running on `aarch64-darwin` --- release.nix | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/release.nix b/release.nix index a9105912..835e251f 100644 --- a/release.nix +++ b/release.nix @@ -1,14 +1,11 @@ { nixpkgs ? -, supportedSystems ? [ "x86_64-darwin" ] +, system ? builtins.currentSystem +, supportedSystems ? [ "x86_64-darwin" "aarch64-darwin" ] , scrubJobs ? true }: let - inherit (release) mapTestOn packagePlatforms pkgs all linux darwin; - - system = "x86_64-darwin"; - - mapPlatforms = systems: pkgs.lib.mapAttrs (n: v: systems); + inherit (release) mapTestOn packagePlatforms pkgs; buildFromConfig = configuration: sel: sel (import ./. { inherit nixpkgs configuration system; }).config; From e11dd028d38bd09ec4a1119742d735512775c8a6 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sun, 3 Nov 2024 21:13:53 +1100 Subject: [PATCH 06/45] release: remove `unstable` job This job is actually in Nixpkgs at https://github.com/NixOS/nixpkgs/blob/2d2a9ddbe3f2c00747398f3dc9b05f7f2ebb0f53/pkgs/top-level/release.nix#L90-L139. --- release.nix | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/release.nix b/release.nix index 835e251f..cb9e41ca 100644 --- a/release.nix +++ b/release.nix @@ -75,26 +75,6 @@ let }) (config: config.system.build.manual); jobs = { - - unstable = pkgs.releaseTools.aggregate { - name = "darwin-${pkgs.lib.nixpkgsVersion}"; - constituents = - [ jobs.stdenv.x86_64-darwin - jobs.bash.x86_64-darwin - jobs.zsh.x86_64-darwin - jobs.nix.x86_64-darwin - jobs.reattach-to-user-namespace.x86_64-darwin - jobs.tmux.x86_64-darwin - jobs.nano.x86_64-darwin - jobs.vim.x86_64-darwin - jobs.emacs.x86_64-darwin - jobs.examples.hydra.x86_64-darwin - jobs.examples.lnl.x86_64-darwin - jobs.examples.simple.x86_64-darwin - ]; - meta.description = "Release-critical builds for the darwin channel"; - }; - manualHTML = manual.manualHTML; manpages = manual.manpages; options = manual.optionsJSON; From 8a03b1850b3adf005da3f35e696e801d700740ec Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 4 Nov 2024 08:32:31 +1100 Subject: [PATCH 07/45] release: remove package jobs --- release.nix | 130 ++++++++++++++++++++++++---------------------------- 1 file changed, 59 insertions(+), 71 deletions(-) diff --git a/release.nix b/release.nix index cb9e41ca..b432a29d 100644 --- a/release.nix +++ b/release.nix @@ -5,7 +5,7 @@ }: let - inherit (release) mapTestOn packagePlatforms pkgs; + inherit (release) pkgs; buildFromConfig = configuration: sel: sel (import ./. { inherit nixpkgs configuration system; }).config; @@ -63,79 +63,67 @@ let packageSet = import nixpkgs; }; - packageSet = { - inherit (pkgs) - stdenv bash zsh nix - tmux reattach-to-user-namespace - nano emacs vim; - }; - manual = buildFromConfig ({ lib, config, ... }: { system.stateVersion = lib.mkDefault config.system.maxStateVersion; }) (config: config.system.build.manual); - jobs = { - manualHTML = manual.manualHTML; - manpages = manual.manpages; - options = manual.optionsJSON; +in { + manualHTML = manual.manualHTML; + manpages = manual.manpages; + options = manual.optionsJSON; - examples.hydra = makeSystem ./modules/examples/hydra.nix; - examples.lnl = makeSystem ./modules/examples/lnl.nix; - examples.simple = makeSystem ./modules/examples/simple.nix; + examples.hydra = makeSystem ./modules/examples/hydra.nix; + examples.lnl = makeSystem ./modules/examples/lnl.nix; + examples.simple = makeSystem ./modules/examples/simple.nix; - tests.activation-scripts = makeTest ./tests/activation-scripts.nix; - tests.autossh = makeTest ./tests/autossh.nix; - tests.checks-nix-gc = makeTest ./tests/checks-nix-gc.nix; - tests.environment-path = makeTest ./tests/environment-path.nix; - tests.environment-terminfo = makeTest ./tests/environment-terminfo.nix; - tests.homebrew = makeTest ./tests/homebrew.nix; - tests.launchd-daemons = makeTest ./tests/launchd-daemons.nix; - tests.launchd-setenv = makeTest ./tests/launchd-setenv.nix; - tests.networking-hostname = makeTest ./tests/networking-hostname.nix; - tests.networking-networkservices = makeTest ./tests/networking-networkservices.nix; - tests.nixpkgs-overlays = makeTest ./tests/nixpkgs-overlays.nix; - tests.programs-ssh = makeTest ./tests/programs-ssh.nix; - tests.programs-tmux = makeTest ./tests/programs-tmux.nix; - tests.programs-zsh = makeTest ./tests/programs-zsh.nix; - tests.programs-ssh-empty-known-hosts = makeTest ./tests/programs-ssh-empty-known-hosts.nix; - tests.security-pki = makeTest ./tests/security-pki.nix; - tests.services-activate-system = makeTest ./tests/services-activate-system.nix; - tests.services-activate-system-changed-label-prefix = makeTest ./tests/services-activate-system-changed-label-prefix.nix; - tests.services-buildkite-agent = makeTest ./tests/services-buildkite-agent.nix; - tests.services-github-runners = makeTest ./tests/services-github-runners.nix; - tests.services-lorri = makeTest ./tests/services-lorri.nix; - tests.services-nix-daemon = makeTest ./tests/services-nix-daemon.nix; - tests.sockets-nix-daemon = makeTest ./tests/sockets-nix-daemon.nix; - tests.services-aerospace = makeTest ./tests/services-aerospace.nix; - tests.services-dnsmasq = makeTest ./tests/services-dnsmasq.nix; - tests.services-eternal-terminal = makeTest ./tests/services-eternal-terminal.nix; - tests.services-nix-gc = makeTest ./tests/services-nix-gc.nix; - tests.services-nix-optimise = makeTest ./tests/services-nix-optimise.nix; - tests.services-nextdns = makeTest ./tests/services-nextdns.nix; - tests.services-netdata = makeTest ./tests/services-netdata.nix; - tests.services-ofborg = makeTest ./tests/services-ofborg.nix; - tests.services-offlineimap = makeTest ./tests/services-offlineimap.nix; - tests.services-privoxy = makeTest ./tests/services-privoxy.nix; - tests.services-redis = makeTest ./tests/services-redis.nix; - tests.services-skhd = makeTest ./tests/services-skhd.nix; - tests.services-spacebar = makeTest ./tests/services-spacebar.nix; - tests.services-spotifyd = makeTest ./tests/services-spotifyd.nix; - tests.services-synapse-bt = makeTest ./tests/services-synapse-bt.nix; - tests.services-synergy = makeTest ./tests/services-synergy.nix; - tests.services-yabai = makeTest ./tests/services-yabai.nix; - tests.services-jankyborders = makeTest ./tests/services-jankyborders.nix; - tests.system-defaults-write = makeTest ./tests/system-defaults-write.nix; - tests.system-environment = makeTest ./tests/system-environment.nix; - tests.system-keyboard-mapping = makeTest ./tests/system-keyboard-mapping.nix; - tests.system-packages = makeTest ./tests/system-packages.nix; - tests.system-path = makeTest ./tests/system-path.nix; - tests.system-shells = makeTest ./tests/system-shells.nix; - tests.users-groups = makeTest ./tests/users-groups.nix; - tests.users-packages = makeTest ./tests/users-packages.nix; - tests.fonts = makeTest ./tests/fonts.nix; - - } - // (mapTestOn (packagePlatforms packageSet)); - -in - jobs + tests.activation-scripts = makeTest ./tests/activation-scripts.nix; + tests.autossh = makeTest ./tests/autossh.nix; + tests.checks-nix-gc = makeTest ./tests/checks-nix-gc.nix; + tests.environment-path = makeTest ./tests/environment-path.nix; + tests.environment-terminfo = makeTest ./tests/environment-terminfo.nix; + tests.homebrew = makeTest ./tests/homebrew.nix; + tests.launchd-daemons = makeTest ./tests/launchd-daemons.nix; + tests.launchd-setenv = makeTest ./tests/launchd-setenv.nix; + tests.networking-hostname = makeTest ./tests/networking-hostname.nix; + tests.networking-networkservices = makeTest ./tests/networking-networkservices.nix; + tests.nixpkgs-overlays = makeTest ./tests/nixpkgs-overlays.nix; + tests.programs-ssh = makeTest ./tests/programs-ssh.nix; + tests.programs-tmux = makeTest ./tests/programs-tmux.nix; + tests.programs-zsh = makeTest ./tests/programs-zsh.nix; + tests.programs-ssh-empty-known-hosts = makeTest ./tests/programs-ssh-empty-known-hosts.nix; + tests.security-pki = makeTest ./tests/security-pki.nix; + tests.services-activate-system = makeTest ./tests/services-activate-system.nix; + tests.services-activate-system-changed-label-prefix = makeTest ./tests/services-activate-system-changed-label-prefix.nix; + tests.services-buildkite-agent = makeTest ./tests/services-buildkite-agent.nix; + tests.services-github-runners = makeTest ./tests/services-github-runners.nix; + tests.services-lorri = makeTest ./tests/services-lorri.nix; + tests.services-nix-daemon = makeTest ./tests/services-nix-daemon.nix; + tests.sockets-nix-daemon = makeTest ./tests/sockets-nix-daemon.nix; + tests.services-aerospace = makeTest ./tests/services-aerospace.nix; + tests.services-dnsmasq = makeTest ./tests/services-dnsmasq.nix; + tests.services-eternal-terminal = makeTest ./tests/services-eternal-terminal.nix; + tests.services-nix-gc = makeTest ./tests/services-nix-gc.nix; + tests.services-nix-optimise = makeTest ./tests/services-nix-optimise.nix; + tests.services-nextdns = makeTest ./tests/services-nextdns.nix; + tests.services-netdata = makeTest ./tests/services-netdata.nix; + tests.services-ofborg = makeTest ./tests/services-ofborg.nix; + tests.services-offlineimap = makeTest ./tests/services-offlineimap.nix; + tests.services-privoxy = makeTest ./tests/services-privoxy.nix; + tests.services-redis = makeTest ./tests/services-redis.nix; + tests.services-skhd = makeTest ./tests/services-skhd.nix; + tests.services-spacebar = makeTest ./tests/services-spacebar.nix; + tests.services-spotifyd = makeTest ./tests/services-spotifyd.nix; + tests.services-synapse-bt = makeTest ./tests/services-synapse-bt.nix; + tests.services-synergy = makeTest ./tests/services-synergy.nix; + tests.services-yabai = makeTest ./tests/services-yabai.nix; + tests.services-jankyborders = makeTest ./tests/services-jankyborders.nix; + tests.system-defaults-write = makeTest ./tests/system-defaults-write.nix; + tests.system-environment = makeTest ./tests/system-environment.nix; + tests.system-keyboard-mapping = makeTest ./tests/system-keyboard-mapping.nix; + tests.system-packages = makeTest ./tests/system-packages.nix; + tests.system-path = makeTest ./tests/system-path.nix; + tests.system-shells = makeTest ./tests/system-shells.nix; + tests.users-groups = makeTest ./tests/users-groups.nix; + tests.users-packages = makeTest ./tests/users-packages.nix; + tests.fonts = makeTest ./tests/fonts.nix; +} From c904f6cdcb02c85181cf478496b0b9a78308133a Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sun, 3 Nov 2024 21:43:36 +1100 Subject: [PATCH 08/45] release: rename `release` to `release-lib` to match NixOS https://github.com/NixOS/nixpkgs/blob/2d2a9ddbe3f2c00747398f3dc9b05f7f2ebb0f53/pkgs/top-level/release.nix#L56-L58 --- release.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/release.nix b/release.nix index b432a29d..c4d4c583 100644 --- a/release.nix +++ b/release.nix @@ -5,7 +5,12 @@ }: let - inherit (release) pkgs; + release-lib = import (nixpkgs + "/pkgs/top-level/release-lib.nix") { + inherit supportedSystems scrubJobs system; + packageSet = import nixpkgs; + }; + + inherit (release-lib) pkgs; buildFromConfig = configuration: sel: sel (import ./. { inherit nixpkgs configuration system; }).config; @@ -58,11 +63,6 @@ let in buildFromConfig configuration (config: config.system.build.run-test); - release = import (nixpkgs + "/pkgs/top-level/release-lib.nix") { - inherit supportedSystems scrubJobs; - packageSet = import nixpkgs; - }; - manual = buildFromConfig ({ lib, config, ... }: { system.stateVersion = lib.mkDefault config.system.maxStateVersion; }) (config: config.system.build.manual); From 56ac6182d3fcb449db620fac0658eedd56aa1597 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 4 Nov 2024 13:38:11 +1100 Subject: [PATCH 09/45] release: remove unnecessary use of `release-lib` --- release.nix | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/release.nix b/release.nix index c4d4c583..cba42101 100644 --- a/release.nix +++ b/release.nix @@ -5,19 +5,10 @@ }: let - release-lib = import (nixpkgs + "/pkgs/top-level/release-lib.nix") { - inherit supportedSystems scrubJobs system; - packageSet = import nixpkgs; - }; - - inherit (release-lib) pkgs; - buildFromConfig = configuration: sel: sel (import ./. { inherit nixpkgs configuration system; }).config; - makeSystem = configuration: pkgs.lib.genAttrs [ system ] (system: - buildFromConfig configuration (config: config.system.build.toplevel) - ); + makeSystem = configuration: buildFromConfig configuration (config: config.system.build.toplevel); makeTest = test: let From dd48cbd7766baba246f0b2e2bd42baf67e0005d6 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 4 Nov 2024 13:40:00 +1100 Subject: [PATCH 10/45] examples: fix evaluation --- modules/examples/hydra.nix | 2 ++ modules/examples/lnl.nix | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/examples/hydra.nix b/modules/examples/hydra.nix index 31604985..edbb0299 100644 --- a/modules/examples/hydra.nix +++ b/modules/examples/hydra.nix @@ -53,4 +53,6 @@ in chown hydra:hydra ~hydra ~hydra/.ssh ~hydra/.ssh/authorized_keys echo "ok" ''; + + system.stateVersion = 5; } diff --git a/modules/examples/lnl.nix b/modules/examples/lnl.nix index d944158a..f264e1ac 100644 --- a/modules/examples/lnl.nix +++ b/modules/examples/lnl.nix @@ -50,13 +50,11 @@ pkgs.gnupg pkgs.htop pkgs.jq - pkgs.mosh pkgs.ripgrep pkgs.shellcheck pkgs.vault pkgs.qes - pkgs.darwin-zsh-completions ]; services.yabai.enable = true; @@ -331,4 +329,6 @@ nix.configureBuildUsers = true; nix.nrBuildUsers = 32; + + system.stateVersion = 5; } From 569153467be5f438e4f932a09bfba79adcecf856 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 4 Nov 2024 14:00:05 +1100 Subject: [PATCH 11/45] ofborg: automatically add `ofborg` to `known{Users,Groups}` --- modules/examples/ofborg.nix | 5 ----- modules/services/ofborg/default.nix | 10 ++++------ 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/modules/examples/ofborg.nix b/modules/examples/ofborg.nix index 6cef6e79..ed928b73 100644 --- a/modules/examples/ofborg.nix +++ b/modules/examples/ofborg.nix @@ -18,11 +18,6 @@ with lib; nix.gc.automatic = true; nix.gc.options = "--max-freed $((25 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | awk '{ print $4 }')))"; - # Manage user for ofborg, this enables creating/deleting users - # depending on what modules are enabled. - users.knownGroups = [ "ofborg" ]; - users.knownUsers = [ "ofborg" ]; - # Used for backwards compatibility, please read the changelog before changing. # $ darwin-rebuild changelog system.stateVersion = 5; diff --git a/modules/services/ofborg/default.nix b/modules/services/ofborg/default.nix index 4c356158..8959cc84 100644 --- a/modules/services/ofborg/default.nix +++ b/modules/services/ofborg/default.nix @@ -46,12 +46,6 @@ in }; config = mkIf cfg.enable { - - assertions = [ - { assertion = elem "ofborg" config.users.knownGroups; message = "set users.knownGroups to enable ofborg group"; } - { assertion = elem "ofborg" config.users.knownUsers; message = "set users.knownUsers to enable ofborg user"; } - ]; - warnings = mkIf (isDerivation cfg.configFile) [ "services.ofborg.configFile is a derivation, credentials will be world readable" ]; @@ -87,9 +81,13 @@ in users.users.ofborg.shell = "/bin/bash"; users.users.ofborg.description = "OfBorg service user"; + users.knownUsers = [ "ofborg" ]; + users.groups.ofborg.gid = mkDefault 531; users.groups.ofborg.description = "Nix group for OfBorg service"; + users.knownGroups = [ "ofborg" ]; + # FIXME: create logfiles automatically if defined. system.activationScripts.preActivation.text = '' mkdir -p '${user.home}' From c13549d7a632fc107bc8802463806fc2002c9c54 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 4 Nov 2024 13:40:00 +1100 Subject: [PATCH 12/45] examples: drop `ofborg` example We decided to drop this example as the package is not available in Nixpkgs and we won't be able to import it easily and keep this example evaluating as a useful smoke test. The code in this example is already documented under `services.ofborg.*` so any interested users can still find out how to set up `ofborg`. --- flake.nix | 1 - modules/examples/ofborg.nix | 24 ------------------------ 2 files changed, 25 deletions(-) delete mode 100644 modules/examples/ofborg.nix diff --git a/flake.nix b/flake.nix index 59db4ffb..8d50f952 100644 --- a/flake.nix +++ b/flake.nix @@ -48,7 +48,6 @@ darwinModules.hydra = ./modules/examples/hydra.nix; darwinModules.lnl = ./modules/examples/lnl.nix; - darwinModules.ofborg = ./modules/examples/ofborg.nix; darwinModules.simple = ./modules/examples/simple.nix; templates.default = { diff --git a/modules/examples/ofborg.nix b/modules/examples/ofborg.nix deleted file mode 100644 index ed928b73..00000000 --- a/modules/examples/ofborg.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -{ - # Logs are enabled by default. - # $ tail -f /var/log/ofborg.log - services.ofborg.enable = true; - # services.ofborg.configFile = "/var/lib/ofborg/config.json"; - - # $ nix-channel --add https://github.com/NixOS/ofborg/archive/released.tar.gz ofborg - # $ nix-channel --update - services.ofborg.package = (import {}).ofborg.rs; - - # Keep nix-daemon updated. - services.nix-daemon.enable = true; - - nix.gc.automatic = true; - nix.gc.options = "--max-freed $((25 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | awk '{ print $4 }')))"; - - # Used for backwards compatibility, please read the changelog before changing. - # $ darwin-rebuild changelog - system.stateVersion = 5; -} From 68637ee7dbdb194755697930c36272ad115af4a6 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sun, 3 Nov 2024 21:52:58 +1100 Subject: [PATCH 13/45] flake: expose `jobs` from `release.nix` as a flattened attrset --- .github/workflows/test.yml | 8 ++++---- .github/workflows/update-manual.yml | 2 +- flake.nix | 23 +++++++---------------- release.nix | 6 +++--- 4 files changed, 15 insertions(+), 24 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index bb247e94..709edd35 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -19,8 +19,8 @@ jobs: with: install_url: https://releases.nixos.org/nix/nix-2.18.8/install - run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A tests - - run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A manpages - - run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A examples.simple + - run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A docs + - run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A examples test-unstable: runs-on: macos-13 @@ -32,8 +32,8 @@ jobs: with: install_url: https://releases.nixos.org/nix/nix-2.24.9/install - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A tests - - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A manpages - - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A examples.simple + - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A docs + - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A examples install-against-stable: runs-on: macos-13 diff --git a/.github/workflows/update-manual.yml b/.github/workflows/update-manual.yml index 36e2fd88..19638a21 100644 --- a/.github/workflows/update-manual.yml +++ b/.github/workflows/update-manual.yml @@ -21,7 +21,7 @@ jobs: - name: Build manual run: | - nix-build ./release.nix -I nixpkgs=channel:nixpkgs-24.05-darwin -I darwin=. -A manualHTML + nix build .#manualHTML --override-input nixpkgs nixpkgs/nixpkgs-24.05-darwin - name: Push update to manual run: | diff --git a/flake.nix b/flake.nix index 8d50f952..48dc3121 100644 --- a/flake.nix +++ b/flake.nix @@ -1,9 +1,12 @@ { - # WARNING this is very much still experimental. description = "A collection of darwin modules"; outputs = { self, nixpkgs }: let forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-darwin" "x86_64-darwin" ]; + + jobs = forAllSystems (system: import ./release.nix { + inherit nixpkgs system; + }); in { lib = { evalConfig = import ./eval-config.nix; @@ -55,21 +58,7 @@ description = "nix flake init -t nix-darwin"; }; - checks = forAllSystems (system: let - simple = self.lib.darwinSystem { - modules = [ - self.darwinModules.simple - { nixpkgs.hostPlatform = system; } - ]; - }; - in { - simple = simple.system; - - inherit (simple.config.system.build.manual) - optionsJSON - manualHTML - manpages; - }); + checks = forAllSystems (system: jobs.${system}.tests // jobs.${system}.examples); packages = forAllSystems (system: let pkgs = import nixpkgs { @@ -80,6 +69,8 @@ default = self.packages.${system}.darwin-rebuild; inherit (pkgs) darwin-option darwin-rebuild darwin-version darwin-uninstaller; + + inherit (jobs.${system}.docs) manualHTML manpages optionsJSON; }); }; } diff --git a/release.nix b/release.nix index cba42101..18fb239d 100644 --- a/release.nix +++ b/release.nix @@ -59,9 +59,9 @@ let }) (config: config.system.build.manual); in { - manualHTML = manual.manualHTML; - manpages = manual.manpages; - options = manual.optionsJSON; + docs = { + inherit (manual) manualHTML manpages optionsJSON; + }; examples.hydra = makeSystem ./modules/examples/hydra.nix; examples.lnl = makeSystem ./modules/examples/lnl.nix; From e0f243d17e5c6281b2541c79b52be0270be9a360 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 4 Nov 2024 08:42:12 +1100 Subject: [PATCH 14/45] ci: run nix flake check --- .github/workflows/test.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 709edd35..176d56fd 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -18,9 +18,7 @@ jobs: uses: cachix/install-nix-action@v30 with: install_url: https://releases.nixos.org/nix/nix-2.18.8/install - - run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A tests - - run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A docs - - run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A examples + - run: nix flake check --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }} test-unstable: runs-on: macos-13 @@ -31,9 +29,7 @@ jobs: uses: cachix/install-nix-action@v30 with: install_url: https://releases.nixos.org/nix/nix-2.24.9/install - - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A tests - - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A docs - - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A examples + - run: nix flake check --override-input nixpkgs nixpkgs/nixpkgs-unstable install-against-stable: runs-on: macos-13 From 37b591bd8b3ca9641a8aff165f30927755b5dc20 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 4 Nov 2024 11:53:47 +1100 Subject: [PATCH 15/45] ci: remove unused workflows --- .github/workflows/build.yml | 18 ------------------ .github/workflows/debug.yml | 23 ----------------------- 2 files changed, 41 deletions(-) delete mode 100644 .github/workflows/build.yml delete mode 100644 .github/workflows/debug.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 1cb24265..00000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,18 +0,0 @@ -name: "Build" -on: - # curl -fsSL -XPOST \ - # -H "Accept: application/vnd.github.everest-preview+json" \ - # -H "Authorization: token $GITHUB_TOKEN" \ - # --data '{"event_type": "build", "client_payload": {"args": "-f channel:nixpkgs-unstable hello"}}' \ - # https://api.github.com/repos/LnL7/nix-darwin/dispatches - repository_dispatch: - types: - - build -jobs: - build: - runs-on: macos-12 - steps: - - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v22 - - run: | - nix build ${{ github.event.client_payload.args }} -vL diff --git a/.github/workflows/debug.yml b/.github/workflows/debug.yml deleted file mode 100644 index 7535f713..00000000 --- a/.github/workflows/debug.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: "Debug" -on: - # curl -fsSL -XPOST \ - # -H "Accept: application/vnd.github.everest-preview+json" \ - # -H "Authorization: token $GITHUB_TOKEN" \ - # --data '{"event_type": "debug"}' \ - # https://api.github.com/repos/LnL7/nix-darwin/dispatches - repository_dispatch: - types: - - debug -jobs: - debug: - runs-on: macos-12 - steps: - - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v22 - - run: | - nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs - nix-channel --update - - run: | - nix-shell -A installer - nix-shell -A installer.check - - uses: mxschmitt/action-tmate@v3 From 223a920ab457160a245a588f4191f2b6782b3957 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 4 Nov 2024 14:37:59 +1100 Subject: [PATCH 16/45] ci: upgrade `actions/checkout` --- .github/workflows/test.yml | 12 ++++++------ .github/workflows/update-manual.yml | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 176d56fd..ce176ebe 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,7 +13,7 @@ jobs: runs-on: macos-13 timeout-minutes: 30 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install nix corresponding to latest stable channel uses: cachix/install-nix-action@v30 with: @@ -24,7 +24,7 @@ jobs: runs-on: macos-13 timeout-minutes: 30 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install nix from current unstable channel uses: cachix/install-nix-action@v30 with: @@ -35,7 +35,7 @@ jobs: runs-on: macos-13 timeout-minutes: 30 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install nix corresponding to latest stable channel uses: cachix/install-nix-action@v30 with: @@ -80,7 +80,7 @@ jobs: runs-on: macos-13 timeout-minutes: 30 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install nix from current unstable channel uses: cachix/install-nix-action@v30 with: @@ -125,7 +125,7 @@ jobs: runs-on: macos-13 timeout-minutes: 30 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install nix version corresponding to latest stable channel uses: cachix/install-nix-action@v30 with: @@ -154,7 +154,7 @@ jobs: runs-on: macos-13 timeout-minutes: 30 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install nix from current unstable channel uses: cachix/install-nix-action@v30 with: diff --git a/.github/workflows/update-manual.yml b/.github/workflows/update-manual.yml index 19638a21..a2f93822 100644 --- a/.github/workflows/update-manual.yml +++ b/.github/workflows/update-manual.yml @@ -11,7 +11,7 @@ jobs: runs-on: macos-13 steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: # So that we fetch all branches, since we need to checkout the `gh-pages` branch later. fetch-depth: 0 From 2af06b086283be3ab3824a86f35f6301c95b372b Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 4 Nov 2024 22:02:31 +1100 Subject: [PATCH 17/45] examples: clean up --- modules/examples/hydra.nix | 15 +++------------ modules/examples/lnl.nix | 9 +-------- 2 files changed, 4 insertions(+), 20 deletions(-) diff --git a/modules/examples/hydra.nix b/modules/examples/hydra.nix index edbb0299..eb1c5d9b 100644 --- a/modules/examples/hydra.nix +++ b/modules/examples/hydra.nix @@ -1,25 +1,16 @@ { config, lib, pkgs, ... }: -with lib; - let - environment = concatStringsSep " " + environment = lib.concatStringsSep " " [ "NIX_REMOTE=daemon" "NIX_SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]; in { - # Create /etc/bashrc that loads the nix-darwin environment. - programs.bash.enable = true; - programs.bash.completion.enable = false; - - # Recreate /run/current-system symlink after boot. - services.activate-system.enable = true; - services.nix-daemon.enable = true; - nix.settings.substituters = [ http://cache1 ]; + nix.settings.substituters = [ "http://cache1" ]; nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ]; nix.settings.trusted-users = [ "@admin" "@hydra" ]; @@ -31,7 +22,7 @@ in nix.gc.automatic = true; nix.gc.options = "--max-freed $((25 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | awk '{ print $4 }')))"; - environment.etc."per-user/hydra/ssh/authorized_keys".text = concatStringsSep "\n" + environment.etc."per-user/hydra/ssh/authorized_keys".text = lib.concatStringsSep "\n" [ "command=\"${environment} ${config.nix.package}/bin/nix-store --serve --write\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCVsc0pHGsskoayziMhA2e59bHPWe0bbKgusmqhuJFBGQ1BAk9UmPzKCWE3nCiV6CLD1+SygVkBjb06DYtc+94BnzviCa9qZtL0G4+2vhp6x8OvXh8xlf/eWw3k5MWlvu+kjJFpbW8wHWTiUqzH+uEeHklAosT0lFNjiIYd/Vs3JAezhUR62a6c7ZjWOd5F7ALGEKzOiwC4i37kSgGsIWNCbe0Ku7gyr718zhMGeyxax6saHhnkSpIB+7d6oHhKeiJSFMWctNmz1/qxXUPbxNaJvqgdKlVHhN+B7x/TIbkVr5pTC59Okx9LTcpflFIv79VT+Gf1K7VypZpSvJjG0xFRt8iDs1+ssWFBfvpo94vUbZ+ZwMDcBGR5iJeO41Gj5fYn5aaDl32RXfJ9Fkwael1L6pcXtkIc66jk+KQQpgoeNj8Y3Emntpqva/2AM41wDDvr5tKp5KhEKFLM95CoiWq+g88pZLcpqLK7wooDVqNkVUEbMaj9lBN0AzU9mcsIRGvTa6CmWAdBvwqS2fRZD97Oarqct9AWgb0X6mOUq9BJNi4i4xvjgnVkylLwtLUnibR/PeXMtkb9bv6BEZXNf5ACqxSjKXJyaIHI65I5TILCr5eEgaujgvmkREn6U3T1NZAUIeVe9aVYLqehYh79OHUBzggoHqidRrXBB/6zdg9UgQ==" "command=\"${environment} ${config.nix.package}/bin/nix-store --serve --write\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCnubA1pRqlpoAXkZ1q5nwhqi1RY2z840wFLFDj7vAMSups9E2U8PNIVtuVYApZpkBWIpzD4GGbQTF5Itnu5uBpJswc2Yat9yGWO/guuVyXIaRoBIM0Pg1WBWcWsz+k4rNludu9UQ74FHqEiqZIuIuOcgV+RIZn8xQlGt2kUqN9TWboHhZz8Zhx7EtGSJH6MJRLn3mA/pPjOF6k1jiiFG1pVDuqBTZPANkelWYCWAJ46jCyhxXltWE/jkBYGc/XbB8yT7DFE1XC6TVsSEp68R9PhVG3yqxqY06sniEyduSoGt/TDr6ycERd93bvLElXFATes85YiFszeaUgayYSKwQPe0q7YeHMhIXL0UYJYaKVVgT9saFDiHDzde7kKe+NA+J4+TbIk7Y/Ywn0jepsYV13M7TyEqgqbu9fvVGF3JI9+4g0m1gAzHTa7n6iiAedtz+Pi79uCEpRD2hWSSoLWroyPlep8j1p2tygtFsrieePEukesoToCTwqg1Ejnjh+yKdtUbc6xpyRvl3hKeO8QbCpfaaVd27e4vE4lP2JMW6nOo8b0wlVXQIFe5K2zh52q1MSwhLAq6Kg8oPmgj0lru4IivmPc+/NVwd3Qj3E9ZB8LRfTesfbcxHrC8lF5dL/QpLMeLwebrwCxL19gI0kxmDIaUQuHSyP3B2z+EmBKcN/Xw==" ]; diff --git a/modules/examples/lnl.nix b/modules/examples/lnl.nix index f264e1ac..dccae077 100644 --- a/modules/examples/lnl.nix +++ b/modules/examples/lnl.nix @@ -1,10 +1,6 @@ { config, lib, inputs, pkgs, ... }: { - # imports = [ ~/.config/nixpkgs/darwin/local-configuration.nix ]; - - # system.patches = [ ./pam.patch ]; - system.defaults.NSGlobalDomain.AppleKeyboardUIMode = 3; system.defaults.NSGlobalDomain.ApplePressAndHoldEnabled = false; system.defaults.NSGlobalDomain.InitialKeyRepeat = 10; @@ -52,7 +48,6 @@ pkgs.jq pkgs.ripgrep pkgs.shellcheck - pkgs.vault pkgs.qes ]; @@ -94,7 +89,7 @@ ''; nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ]; - nix.settings.trusted-substituters = [ https://d3i7ezr9vxxsfy.cloudfront.net ]; + nix.settings.trusted-substituters = [ "https://d3i7ezr9vxxsfy.cloudfront.net" ]; nix.settings.sandbox = true; nix.settings.extra-sandbox-paths = [ "/private/tmp" "/private/var/tmp" "/usr/bin/env" ]; @@ -300,8 +295,6 @@ fi ''; - # environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix"; - nixpkgs.config.allowUnfree = true; nixpkgs.overlays = [ From 3ea11449387edeac72fbd7791d106af7553be6e2 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 28 Oct 2024 11:11:56 +1100 Subject: [PATCH 18/45] system: run `shellcheck` on `activate` and `activate-user` scripts --- modules/system/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/system/default.nix b/modules/system/default.nix index 285936c5..a1862fae 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -92,6 +92,8 @@ in name = "darwin-system-${cfg.darwinLabel}"; preferLocalBuild = true; + nativeBuildInputs = [ pkgs.shellcheck ]; + activationScript = cfg.activationScripts.script.text; activationUserScript = cfg.activationScripts.userScript.text; inherit (cfg) darwinLabel; @@ -133,6 +135,8 @@ in chmod u+x $out/activate-user unset activationUserScript + shellcheck $out/activate $out/activate-user + echo -n "$systemConfig" > $out/systemConfig echo -n "$darwinLabel" > $out/darwin-version From 9afef9950f28780ff24908496c36f27826a601cf Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Tue, 29 Oct 2024 00:09:37 +1100 Subject: [PATCH 19/45] checks: move manual `/run` instructions to activation --- modules/system/base.nix | 54 ++++++++++++++++++++++++++++----------- modules/system/checks.nix | 24 +++-------------- 2 files changed, 43 insertions(+), 35 deletions(-) diff --git a/modules/system/base.nix b/modules/system/base.nix index 44a8d912..43c9d7ff 100644 --- a/modules/system/base.nix +++ b/modules/system/base.nix @@ -2,22 +2,46 @@ { system.activationScripts.createRun.text = '' - if ! test -L /run; then - if ! grep -q '^run\b' /etc/synthetic.conf 2>/dev/null; then + if [[ ! -L /run ]]; then + # This file doesn't exist by default on macOS and is only supported after 10.15 + # however every system with Nix installed should have this file otherwise `/nix` + # wouldn't exist. + if [[ -e /etc/synthetic.conf ]]; then + if ! grep -q '^run\b' /etc/synthetic.conf 2>/dev/null; then echo "setting up /run via /etc/synthetic.conf..." - echo -e "run\tprivate/var/run" | sudo tee -a /etc/synthetic.conf >/dev/null - sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B &>/dev/null || true - sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t &>/dev/null || true - if ! test -L /run; then - echo "warning: apfs.util failed to symlink /run" - fi - fi - if ! test -L /run; then - echo "setting up /run..." - sudo ln -sfn private/var/run /run - fi - if ! test -L /run; then - echo "warning: failed to symlink /run" + printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf >/dev/null + fi + + # for Catalina (10.15) + sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B &>/dev/null || true + # for Big Sur (11.0) + sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t &>/dev/null || true + + if [[ ! -L /run ]]; then + printf >&2 'error: apfs.util failed to symlink /run, aborting activation\n' + printf >&2 'To create a symlink from /run to /var/run, please run:\n' + printf >&2 '\n' + printf >&2 "$ printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf" + printf >&2 '$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B # For Catalina\n' + printf >&2 '$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t # For Big Sur and later\n' >&2 + printf >&2 '\n' + printf >&2 'The current contents of /etc/synthetic.conf is:\n' + printf >&2 '\n' + sudo sed 's/^/ /' /etc/synthetic.conf >&2 + printf >&2 '\n' + exit 1 + fi + else + echo "setting up /run..." + sudo ln -sfn private/var/run /run + + if [[ ! -L /run ]]; then + printf >&2 'error: failed to symlink /run, aborting activation\n' + printf >&2 'To create a symlink from /run to /var/run, please run:\n' + printf >&2 '\n' + printf >&2 '$ sudo ln -sfn private/var/link /run\n' + exit 1 + fi fi fi ''; diff --git a/modules/system/checks.nix b/modules/system/checks.nix index 497cd9a9..6d7ccc00 100644 --- a/modules/system/checks.nix +++ b/modules/system/checks.nix @@ -22,25 +22,9 @@ let ''; runLink = '' - if ! test -e /run; then - echo "error: Directory /run does not exist, aborting activation" >&2 - echo "Create a symlink to /var/run with:" >&2 - if test -e /etc/synthetic.conf; then - echo >&2 - echo "$ printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf" >&2 - echo "$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B # For Catalina" >&2 - echo "$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t # For Big Sur and later" >&2 - echo >&2 - echo "The current contents of /etc/synthetic.conf is:" >&2 - echo >&2 - sed 's/^/ /' /etc/synthetic.conf >&2 - echo >&2 - else - echo >&2 - echo "$ sudo ln -s private/var/run /run" >&2 - echo >&2 - fi - exit 2 + if [[ ! -e /run ]]; then + printf >&2 'error: directory /run does not exist, aborting activation\n' + exit 1 fi ''; @@ -59,7 +43,7 @@ let exit 2 fi ''; - + preSequoiaBuildUsers = '' ${lib.optionalString config.nix.configureBuildUsers '' # Don’t complain when we’re about to migrate old‐style build users… From 041996803af5497fb000e3f79621fa5bb6995057 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Tue, 29 Oct 2024 00:09:37 +1100 Subject: [PATCH 20/45] treewide: fix shellcheck warnings and errors --- modules/networking/default.nix | 1 + modules/system/checks.nix | 8 +++++--- modules/users/default.nix | 7 ++++++- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/modules/networking/default.nix b/modules/networking/default.nix index b53a9e4a..7a81ca1c 100644 --- a/modules/networking/default.nix +++ b/modules/networking/default.nix @@ -118,6 +118,7 @@ in echo "configuring networking..." >&2 ${optionalString (cfg.computerName != null) '' + # shellcheck disable=SC1112 scutil --set ComputerName ${escapeShellArg cfg.computerName} ''} ${optionalString (cfg.hostName != null) '' diff --git a/modules/system/checks.nix b/modules/system/checks.nix index 6d7ccc00..ec6e3b5d 100644 --- a/modules/system/checks.nix +++ b/modules/system/checks.nix @@ -88,7 +88,7 @@ let buildUsers = '' buildUser=$(dscl . -read /Groups/nixbld GroupMembership 2>&1 | awk '/^GroupMembership: / {print $2}') || true - if [ -z $buildUser ]; then + if [[ -z "$buildUser" ]]; then echo "error: Using the nix-daemon requires build users, aborting activation" >&2 echo "Create the build users or disable the daemon:" >&2 echo "$ darwin-install" >&2 @@ -104,7 +104,7 @@ let buildGroupID = '' buildGroupID=$(dscl . -read /Groups/nixbld PrimaryGroupID | awk '{print $2}') expectedBuildGroupID=${toString config.ids.gids.nixbld} - if [[ $buildGroupID != $expectedBuildGroupID ]]; then + if [[ $buildGroupID != "$expectedBuildGroupID" ]]; then printf >&2 '\e[1;31merror: Build user group has mismatching GID, aborting activation\e[0m\n' printf >&2 'The default Nix build user group ID was changed from 30000 to 350.\n' printf >&2 'You are currently managing Nix build users with nix-darwin, but your\n' @@ -114,6 +114,7 @@ let printf >&2 'Possible causes include setting up a new Nix installation with an\n' printf >&2 'existing nix-darwin configuration, setting up a new nix-darwin\n' printf >&2 'installation with an existing Nix installation, or manually increasing\n' + # shellcheck disable=SC2016 printf >&2 'your `system.stateVersion` setting.\n' printf >&2 '\n' printf >&2 'You can set the configured group ID to match the actual value:\n' @@ -266,6 +267,7 @@ let if [[ -d /etc/ssh/authorized_keys.d ]]; then printf >&2 '\e[1;31merror: /etc/ssh/authorized_keys.d exists, aborting activation\e[0m\n' printf >&2 'SECURITY NOTICE: The previous implementation of the\n' + # shellcheck disable=SC2016 printf >&2 '`users.users..openssh.authorizedKeys.*` options would not delete\n' printf >&2 'authorized keys files when the setting for a given user was removed.\n' printf >&2 '\n' @@ -334,7 +336,7 @@ in system.activationScripts.checks.text = '' ${cfg.text} - if test ''${checkActivation:-0} -eq 1; then + if [[ "''${checkActivation:-0}" -eq 1 ]]; then echo "ok" >&2 exit 0 fi diff --git a/modules/users/default.nix b/modules/users/default.nix index 6a1cd2e6..d15deac6 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -115,6 +115,7 @@ in if ! sudo dscl . -change /Users/nobody NFSHomeDirectory "$homeDirectory" "$homeDirectory" &> /dev/null; then if [[ -n "$SSH_CONNECTION" ]]; then printf >&2 '\e[1;31merror: users cannot be %s over SSH without Full Disk Access, aborting activation\e[0m\n' "$2" + # shellcheck disable=SC2016 printf >&2 'The user %s could not be %s as `darwin-rebuild` was not executed with Full Disk Access over SSH.\n' "$1" "$2" printf >&2 'You can either:\n' printf >&2 '\n' @@ -122,6 +123,7 @@ in printf >&2 '\n' printf >&2 'or\n' printf >&2 '\n' + # shellcheck disable=SC2016 printf >&2 ' run `darwin-rebuild` in a graphical session.\n' printf >&2 '\n' printf >&2 'The option "Allow full disk access for remote users" can be found by\n' @@ -135,9 +137,11 @@ in if ! sudo dscl . -change /Users/nobody NFSHomeDirectory "$homeDirectory" "$homeDirectory" &> /dev/null; then printf >&2 '\e[1;31merror: permission denied when trying to %s user %s, aborting activation\e[0m\n' "$2" "$1" - printf >&2 '`darwin-rebuild` requires permissions to administrate your computer,\n' "$1" "$2" + # shellcheck disable=SC2016 + printf >&2 '`darwin-rebuild` requires permissions to administrate your computer,\n' printf >&2 'please accept the dialog that pops up.\n' printf >&2 '\n' + # shellcheck disable=SC2016 printf >&2 'If you do not wish to be prompted every time `darwin-rebuild updates your users,\n' printf >&2 'you can grant Full Disk Access to your terminal emulator in System Settings.\n' printf >&2 '\n' @@ -187,6 +191,7 @@ in if [ "$u" -gt 501 ]; then # TODO: add `darwin.primaryUser` as well if [[ ${name} == "$USER" ]]; then + # shellcheck disable=SC2016 printf >&2 '\e[1;31merror: refusing to delete the user calling `darwin-rebuild` (%s), aborting activation\e[0m\n', ${name} exit 1 elif [[ ${name} == "root" ]]; then From fd510a7122d49cc1cbd72b9e70b1ae6b3c76c990 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sun, 3 Nov 2024 19:26:56 +1100 Subject: [PATCH 21/45] system: replace `for f in $(ls ...)` with `for f in .../*` Fixes SC2045 but has one quirk which is if the bash glob doesn't match anything it'll treat it as a string and run the loop once with `f=.../*` so we need to check that `$f` actually exists. --- modules/system/launchd.nix | 41 ++++++++++++++++++++++++++------------ modules/system/patches.nix | 15 ++++++++------ 2 files changed, 37 insertions(+), 19 deletions(-) diff --git a/modules/system/launchd.nix b/modules/system/launchd.nix index cdb6549f..c578dec3 100644 --- a/modules/system/launchd.nix +++ b/modules/system/launchd.nix @@ -105,19 +105,29 @@ in ${concatMapStringsSep "\n" (attr: launchdActivation "LaunchAgents" attr.target) launchAgents} ${concatMapStringsSep "\n" (attr: launchdActivation "LaunchDaemons" attr.target) launchDaemons} - for f in $(ls /run/current-system/Library/LaunchAgents 2> /dev/null); do - if test ! -e "${cfg.build.launchd}/Library/LaunchAgents/$f"; then - echo "removing service $(basename $f .plist)" >&2 + for f in /run/current-system/Library/LaunchAgents/*; do + [[ -e "$f" ]] || break # handle when directory is empty + f=''${f#/run/current-system/Library/LaunchAgents/} + + if [[ ! -e "${cfg.build.launchd}/Library/LaunchAgents/$f" ]]; then + echo "removing service $(basename "$f" .plist)" >&2 launchctl unload "/Library/LaunchAgents/$f" || true - if test -e "/Library/LaunchAgents/$f"; then rm -f "/Library/LaunchAgents/$f"; fi + if [[ -e "/Library/LaunchAgents/$f" ]]; then + rm -f "/Library/LaunchAgents/$f" + fi fi done - for f in $(ls /run/current-system/Library/LaunchDaemons 2> /dev/null); do - if test ! -e "${cfg.build.launchd}/Library/LaunchDaemons/$f"; then - echo "removing service $(basename $f .plist)" >&2 + for f in /run/current-system/Library/LaunchDaemons/*; do + [[ -e "$f" ]] || break # handle when directory is empty + f=''${f#/run/current-system/Library/LaunchDaemons/} + + if [[ ! -e "${cfg.build.launchd}/Library/LaunchDaemons/$f" ]]; then + echo "removing service $(basename "$f" .plist)" >&2 launchctl unload "/Library/LaunchDaemons/$f" || true - if test -e "/Library/LaunchDaemons/$f"; then rm -f "/Library/LaunchDaemons/$f"; fi + if [[ -e "/Library/LaunchDaemons/$f" ]]; then + rm -f "/Library/LaunchDaemons/$f" + fi fi done ''; @@ -133,11 +143,16 @@ in ''} ${concatMapStringsSep "\n" (attr: userLaunchdActivation attr.target) userLaunchAgents} - for f in $(ls /run/current-system/user/Library/LaunchAgents 2> /dev/null); do - if test ! -e "${cfg.build.launchd}/user/Library/LaunchAgents/$f"; then - echo "removing user service $(basename $f .plist)" >&2 - launchctl unload ~/Library/LaunchAgents/$f || true - if test -e ~/Library/LaunchAgents/$f; then rm -f ~/Library/LaunchAgents/$f; fi + for f in /run/current-system/user/Library/LaunchAgents/*; do + [[ -e "$f" ]] || break # handle when directory is empty + f=''${f#/run/current-system/user/Library/LaunchAgents/} + + if [[ ! -e "${cfg.build.launchd}/user/Library/LaunchAgents/$f" ]]; then + echo "removing user service $(basename "$f" .plist)" >&2 + launchctl unload ~/Library/LaunchAgents/"$f" || true + if [[ -e ~/Library/LaunchAgents/"$f" ]]; then + rm -f ~/Library/LaunchAgents/"$f" + fi fi done ''; diff --git a/modules/system/patches.nix b/modules/system/patches.nix index 4f965014..7b192556 100644 --- a/modules/system/patches.nix +++ b/modules/system/patches.nix @@ -30,9 +30,9 @@ in Set of patches to apply to {file}`/`. ::: {.warning} - + This can modify everything so use with caution. - + ::: Useful for safely changing system files. Unlike the etc module this @@ -56,10 +56,13 @@ in # Applying patches to /. echo "applying patches..." >&2 - for f in $(ls /run/current-system/patches 2> /dev/null); do - if test ! -e "${config.system.build.patches}/patches/$f"; then - patch --force --reverse --backup -d / -p1 < "/run/current-system/patches/$f" || true - fi + for f in /run/current-system/patches/*; do + [[ -e "$f" ]] || break # handle when directory is empty + f=''${f#/run/current-system/patches/} + + if [[ ! -e "${config.system.build.patches}/patches/$f" ]]; then + patch --force --reverse --backup -d / -p1 < "/run/current-system/patches/$f" || true + fi done ${concatMapStringsSep "\n" (f: '' From 32814a6eb1de3b564ff43e5b6453637b1eb25721 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Fri, 1 Nov 2024 00:38:47 +1100 Subject: [PATCH 22/45] users: replace runtime check to prevent deleting `root` with assertion This fixes SC2050 as `${name} == "root"` will be generated as a constant expression. --- modules/users/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/users/default.nix b/modules/users/default.nix index d15deac6..4044732c 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -99,6 +99,10 @@ in assertion = cfg.users ? root -> (cfg.users.root.home == null || cfg.users.root.home == "/var/root"); message = "`users.users.root.home` must be set to either `null` or `/var/root`."; } + { + assertion = !builtins.elem "root" deletedUsers; + message = "Remove `root` from `users.knownUsers` if you no longer want nix-darwin to manage it."; + } ]; users.gids = mkMerge gids; @@ -194,9 +198,6 @@ in # shellcheck disable=SC2016 printf >&2 '\e[1;31merror: refusing to delete the user calling `darwin-rebuild` (%s), aborting activation\e[0m\n', ${name} exit 1 - elif [[ ${name} == "root" ]]; then - printf >&2 '\e[1;31merror: refusing to delete `root`, aborting activation\e[0m\n' - exit 1 fi ensurePerms ${name} delete From cf130aa9579fc1708ff4a265d2108eefa535e9b2 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sun, 3 Nov 2024 19:53:20 +1100 Subject: [PATCH 23/45] users: don't generate `ensurePerms` when no users to manage --- modules/users/default.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/users/default.nix b/modules/users/default.nix index 4044732c..434b1daa 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -111,7 +111,7 @@ in # NOTE: We put this in `system.checks` as we want this to run first to avoid partial activations # however currently that runs at user level activation as that runs before system level activation # TODO: replace `$USER` with `$SUDO_USER` when system.checks runs from system level - system.checks.text = lib.mkAfter '' + system.checks.text = lib.mkIf (builtins.length (createdUsers ++ deletedUsers) > 0) (lib.mkAfter '' ensurePerms() { homeDirectory=$(dscl . -read /Users/nobody NFSHomeDirectory) homeDirectory=''${homeDirectory#NFSHomeDirectory: } @@ -157,7 +157,6 @@ in fi } - ${concatMapStringsSep "\n" (v: let name = lib.escapeShellArg v.name; dsclUser = lib.escapeShellArg "/Users/${v.name}"; @@ -204,7 +203,7 @@ in fi fi '') deletedUsers} - ''; + ''); system.activationScripts.groups.text = mkIf (cfg.knownGroups != []) '' echo "setting up groups..." >&2 From 3b738c765de1bb4ecc4993fa092b27dd46d495ed Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sun, 3 Nov 2024 20:30:48 +1100 Subject: [PATCH 24/45] github-runner: replace `mkdir -p -m` with `umask` `mkdir -p -m` only applies the mode on the deepest directory which could be a security issue so we use umask to be more careful. --- modules/services/github-runner/service.nix | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/modules/services/github-runner/service.nix b/modules/services/github-runner/service.nix index 175b22d1..c273f433 100644 --- a/modules/services/github-runner/service.nix +++ b/modules/services/github-runner/service.nix @@ -48,14 +48,20 @@ in text = mkBefore ('' echo >&2 "setting up GitHub Runner '${cfg.name}'..." - ${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkStateDir cfg)} - ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkStateDir cfg)} + ( + umask -S u=rwx,g=rx,o= - ${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkLogDir cfg)} - ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkLogDir cfg)} - '' + optionalString (cfg.workDir == null) '' - ${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkWorkDir cfg)} - ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkWorkDir cfg)} + ${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkStateDir cfg)} + ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkStateDir cfg)} + + ${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkLogDir cfg)} + ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkLogDir cfg)} + + ${optionalString (cfg.workDir == null) '' + ${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkWorkDir cfg)} + ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkWorkDir cfg)} + ''} + ) ''); }; })); From 79608947e27163a2e74b1bec0812ce7a942cbdb8 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sun, 3 Nov 2024 20:30:48 +1100 Subject: [PATCH 25/45] buildkit-agents: don't use `mkdir -p -m` As `cfg.dataDir` will be the `home` of the Buildkite Agent user, it is guaranted to exist so we don't need to use the `-p` flag. --- modules/services/buildkite-agents.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/buildkite-agents.nix b/modules/services/buildkite-agents.nix index 4888247e..69bc1f65 100644 --- a/modules/services/buildkite-agents.nix +++ b/modules/services/buildkite-agents.nix @@ -237,7 +237,7 @@ in tagStr = lib.concatStringsSep "," (lib.mapAttrsToList (name: value: "${name}=${value}") cfg.tags); in optionalString (cfg.privateSshKeyPath != null) '' - mkdir -m 0700 -p "${sshDir}" + mkdir -m 0700 "${sshDir}" install -m600 "${toString cfg.privateSshKeyPath}" "${sshDir}/id_rsa" '' + '' cat > "${cfg.dataDir}/buildkite-agent.cfg" < Date: Tue, 5 Nov 2024 00:54:34 +1100 Subject: [PATCH 26/45] uninstaller: remove `/run` symlink --- pkgs/darwin-uninstaller/default.nix | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/pkgs/darwin-uninstaller/default.nix b/pkgs/darwin-uninstaller/default.nix index 3eb2c244..a82974e7 100644 --- a/pkgs/darwin-uninstaller/default.nix +++ b/pkgs/darwin-uninstaller/default.nix @@ -63,10 +63,21 @@ stdenv.mkDerivation { ${uninstallSystem.system}/sw/bin/darwin-rebuild activate - if test -L /run/current-system; then + if [[ -L /run/current-system ]]; then sudo rm /run/current-system fi + if [[ -L /run ]]; then + if [[ -e /etc/synthetic.conf ]]; then + sudo sed -i -E '/^run[[:space:]]/d' /etc/synthetic.conf + sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B &>/dev/null || true + sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t &>/dev/null || true + echo >&2 "NOTE: the /run symlink will be removed on reboot" + else + sudo rm /run + fi + fi + echo >&2 echo >&2 "NOTE: The /nix/var/nix/profiles/system* profiles still exist and won't be garbage collected." echo >&2 From 1b5fa6be405425ae5040d68c4a3bfff14fdf2100 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Tue, 5 Nov 2024 01:14:16 +1100 Subject: [PATCH 27/45] uninstaller: remove unnecessary attempt to delete `nix-daemon` Fixes https://github.com/LnL7/nix-darwin/issues/910 --- pkgs/darwin-uninstaller/configuration.nix | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/pkgs/darwin-uninstaller/configuration.nix b/pkgs/darwin-uninstaller/configuration.nix index 6487774b..0bdccb98 100644 --- a/pkgs/darwin-uninstaller/configuration.nix +++ b/pkgs/darwin-uninstaller/configuration.nix @@ -7,31 +7,29 @@ with lib; assertions = mkForce []; system.activationScripts.checks.text = mkForce ""; - # Disable etc, launchd, ... environment.etc = mkForce {}; launchd.agents = mkForce {}; launchd.daemons = mkForce {}; launchd.user.agents = mkForce {}; system.activationScripts.postUserActivation.text = mkAfter '' - if test -L ~/.nix-defexpr/channels/darwin; then + if [[ -L ~/.nix-defexpr/channels/darwin ]]; then nix-channel --remove darwin || true fi ''; system.activationScripts.postActivation.text = mkAfter '' - if test -L /Applications/Nix\ Apps; then + if [[ -L /Applications/Nix\ Apps ]]; then rm /Applications/Nix\ Apps fi - if test -L /etc/static; then + if [[ -L /etc/static ]]; then rm /etc/static fi - if test -O /nix/store; then - if ! test -e /Library/LaunchDaemons/org.nixos.nix-daemon.plist; then - sudo rm /Library/LaunchDaemons/org.nixos.nix-daemon.plist || true - sudo launchctl remove org.nixos.nix-daemon 2> /dev/null || true + # If the Nix Store is owned by root then we're on a multi-user system + if [[ -O /nix/store ]]; then + if [[ -e /nix/var/nix/profiles/default/Library/LaunchDaemons/org.nixos.nix-daemon.plist ]]; then sudo cp /nix/var/nix/profiles/default/Library/LaunchDaemons/org.nixos.nix-daemon.plist /Library/LaunchDaemons/org.nixos.nix-daemon.plist sudo launchctl load -w /Library/LaunchDaemons/org.nixos.nix-daemon.plist fi From 9cd45289c9200b5adf29ed4faaf8e00a8c06da9c Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Tue, 5 Nov 2024 01:52:34 +1100 Subject: [PATCH 28/45] uninstaller: reset any shells pointing to `/run/current-system/sw/bin` --- pkgs/darwin-uninstaller/configuration.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkgs/darwin-uninstaller/configuration.nix b/pkgs/darwin-uninstaller/configuration.nix index 0bdccb98..a2283d89 100644 --- a/pkgs/darwin-uninstaller/configuration.nix +++ b/pkgs/darwin-uninstaller/configuration.nix @@ -46,5 +46,15 @@ with lib; echo >&2 fi fi + + # grep will return 1 when no lines matched which makes this line fail with `set -eo pipefail` + dscl . -list /Users UserShell | { grep "\s/run/" || true; } | awk '{print $1}' | while read -r user; do + shell=$(dscl . -read /Users/"$user" UserShell) + if [[ "$shell" != */bin/zsh ]]; then + echo >&2 "warning: changing $user's shell from $shell to /bin/zsh" + fi + + dscl . -create /Users/"$user" UserShell /bin/zsh + done ''; } From c3b406bd1c6e60a69996dbbd529328e40d298bd7 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Tue, 5 Nov 2024 02:31:26 +1100 Subject: [PATCH 29/45] uninstaller: restore `*.before-nix-darwin` files Fixes https://github.com/LnL7/nix-darwin/issues/911 Fixes https://github.com/LnL7/nix-darwin/issues/912 --- pkgs/darwin-uninstaller/configuration.nix | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/pkgs/darwin-uninstaller/configuration.nix b/pkgs/darwin-uninstaller/configuration.nix index a2283d89..75d1cacf 100644 --- a/pkgs/darwin-uninstaller/configuration.nix +++ b/pkgs/darwin-uninstaller/configuration.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ lib, pkgs, ... }: with lib; @@ -33,18 +33,6 @@ with lib; sudo cp /nix/var/nix/profiles/default/Library/LaunchDaemons/org.nixos.nix-daemon.plist /Library/LaunchDaemons/org.nixos.nix-daemon.plist sudo launchctl load -w /Library/LaunchDaemons/org.nixos.nix-daemon.plist fi - - if ! grep -q etc/profile.d/nix-daemon.sh /etc/bashrc; then - echo >&2 "Found no nix-daemon.sh reference in /etc/bashrc" - echo >&2 "add this snippet back to /etc/bashrc:" - echo >&2 - echo >&2 " # Nix" - echo >&2 " if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then" - echo >&2 " . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'" - echo >&2 " fi" - echo >&2 " # End Nix" - echo >&2 - fi fi # grep will return 1 when no lines matched which makes this line fail with `set -eo pipefail` @@ -56,5 +44,9 @@ with lib; dscl . -create /Users/"$user" UserShell /bin/zsh done + + while IFS= read -r -d "" file; do + mv "$file" "''${file%.*}" + done < <(find /etc -name '*.before-nix-darwin' -follow -print0) ''; } From ebca0c23c95cc2d2c75b3c3a290fa99a886b9738 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Tue, 5 Nov 2024 02:48:25 +1100 Subject: [PATCH 30/45] uninstaller: switch to `writeShellApplication` By not defining a `shellHook`, `nix-shell -A uninstaller` and `nix-shell -A uninstaller.check` no longer work. --- .github/workflows/test.yml | 18 ++++-- pkgs/darwin-uninstaller/default.nix | 95 ++++++++++++----------------- 2 files changed, 50 insertions(+), 63 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ce176ebe..e786b4a6 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -66,9 +66,12 @@ jobs: darwin-rebuild switch -I darwin=. - name: Test uninstallation of nix-darwin run: | - export NIX_PATH=$HOME/.nix-defexpr/channels - nix-shell -A uninstaller - nix-shell -A uninstaller.check + nix run .#darwin-uninstaller \ + --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }} \ + --extra-experimental-features "nix-command flakes" + nix run .#darwin-uninstaller.tests.uninstaller \ + --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }} \ + --extra-experimental-features "nix-command flakes" - name: Debugging tmate session if: ${{ failure() }} uses: mxschmitt/action-tmate@v3 @@ -111,9 +114,12 @@ jobs: darwin-rebuild switch -I darwin=. - name: Test uninstallation of nix-darwin run: | - export NIX_PATH=$HOME/.nix-defexpr/channels - nix-shell -A uninstaller - nix-shell -A uninstaller.check + nix run .#darwin-uninstaller \ + --override-input nixpkgs nixpkgs/nixpkgs-unstable \ + --extra-experimental-features "nix-command flakes" + nix run .#darwin-uninstaller.tests.uninstaller \ + --override-input nixpkgs nixpkgs/nixpkgs-unstable \ + --extra-experimental-features "nix-command flakes" - name: Debugging tmate session if: ${{ failure() }} uses: mxschmitt/action-tmate@v3 diff --git a/pkgs/darwin-uninstaller/default.nix b/pkgs/darwin-uninstaller/default.nix index a82974e7..5159c2c8 100644 --- a/pkgs/darwin-uninstaller/default.nix +++ b/pkgs/darwin-uninstaller/default.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, pkgs }: +{ lib, path, stdenv, writeShellApplication }: let uninstallSystem = import ../../eval-config.nix { @@ -6,39 +6,23 @@ let modules = [ ./configuration.nix { - nixpkgs.source = pkgs.path; - nixpkgs.hostPlatform = pkgs.stdenv.hostPlatform.system; + nixpkgs.source = path; + nixpkgs.hostPlatform = stdenv.hostPlatform.system; system.includeUninstaller = false; } ]; }; -in - -stdenv.mkDerivation { +in writeShellApplication { name = "darwin-uninstaller"; - preferLocalBuild = true; - - unpackPhase = ":"; - - installPhase = '' - mkdir -p $out/bin - echo "$shellHook" > $out/bin/darwin-uninstaller - chmod +x $out/bin/darwin-uninstaller - ''; - - shellHook = '' - #!${stdenv.shell} - set -e - - action=switch + text = '' while [ "$#" -gt 0 ]; do - i="$1"; shift 1 - case "$i" in - --help) - echo "darwin-uninstaller: [--help]" - exit - ;; - esac + i="$1"; shift 1 + case "$i" in + --help) + echo "darwin-uninstaller: [--help]" + exit + ;; + esac done echo >&2 @@ -50,15 +34,15 @@ stdenv.mkDerivation { echo >&2 " - restore daemon service from nix installer (only when this is a multi-user install)" echo >&2 - if test -t 0; then - read -p "Proceed? [y/n] " i - case "$i" in - y|Y) - ;; - *) - exit 3 - ;; - esac + if [[ -t 0 ]]; then + read -r -p "Proceed? [y/n] " i + case "$i" in + y|Y) + ;; + *) + exit 3 + ;; + esac fi ${uninstallSystem.system}/sw/bin/darwin-rebuild activate @@ -83,29 +67,26 @@ stdenv.mkDerivation { echo >&2 echo >&2 "Done!" echo >&2 - exit ''; - passthru.check = stdenv.mkDerivation { - name = "run-darwin-test"; - shellHook = '' - set -e - echo >&2 "running uninstaller tests..." - echo >&2 + derivationArgs.passthru.tests.uninstaller = writeShellApplication { + name = "post-uninstall-test"; + text = '' + echo >&2 "running uninstaller tests..." + echo >&2 - echo >&2 "checking darwin channel" - ! test -e ~/.nix-defexpr/channels/darwin - echo >&2 "checking /etc" - ! test -e /etc/static - echo >&2 "checking /run/current-system" - ! test -e /run/current-system - echo >&2 "checking nix-daemon service (assuming a multi-user install)" - sudo launchctl list | grep org.nixos.nix-daemon || echo "FIXME? sudo launchctl list | grep org.nixos.nix-daemon" - pgrep -l nix-daemon || echo "FIXME? pgrep -l nix-daemon" - readlink /Library/LaunchDaemons/org.nixos.nix-daemon.plist || echo "FIXME? readlink /Library/LaunchDaemons/org.nixos.nix-daemon.plist" - grep /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt /Library/LaunchDaemons/org.nixos.nix-daemon.plist || echo "FIXME? grep /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt /Library/LaunchDaemons/org.nixos.nix-daemon.plist" - echo >&2 ok - exit + echo >&2 "checking darwin channel" + test -e ~/.nix-defexpr/channels/darwin && exit 1 + echo >&2 "checking /etc" + test -e /etc/static && exit 1 + echo >&2 "checking /run/current-system" + test -e /run/current-system && exit 1 + echo >&2 "checking nix-daemon service (assuming a multi-user install)" + sudo launchctl list | grep org.nixos.nix-daemon || echo "FIXME? sudo launchctl list | grep org.nixos.nix-daemon" + pgrep -l nix-daemon || echo "FIXME? pgrep -l nix-daemon" + readlink /Library/LaunchDaemons/org.nixos.nix-daemon.plist || echo "FIXME? readlink /Library/LaunchDaemons/org.nixos.nix-daemon.plist" + grep /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt /Library/LaunchDaemons/org.nixos.nix-daemon.plist || echo "FIXME? grep /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt /Library/LaunchDaemons/org.nixos.nix-daemon.plist" + echo >&2 ok ''; }; } From 7bbc7c5db686f4e57a29c82a185596f53d110647 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 4 Nov 2024 11:55:15 +1100 Subject: [PATCH 31/45] ci: test uninstallation of nix-darwin using flakes --- .github/workflows/test.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e786b4a6..095cd3a6 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -155,6 +155,10 @@ jobs: run: | . /etc/static/bashrc darwin-rebuild build --flake ./modules/examples/flake#simple --override-input nix-darwin . --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }} + - name: Test uninstallation of nix-darwin + run: | + nix run .#darwin-uninstaller --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }} + nix run .#darwin-uninstaller.tests.uninstaller --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }} install-flake-against-unstable: runs-on: macos-13 @@ -184,3 +188,7 @@ jobs: run: | . /etc/static/bashrc darwin-rebuild build --flake ./modules/examples/flake#simple --override-input nix-darwin . --override-input nixpkgs nixpkgs/nixpkgs-unstable + - name: Test uninstallation of nix-darwin + run: | + nix run .#darwin-uninstaller --override-input nixpkgs nixpkgs/nixpkgs-unstable + nix run .#darwin-uninstaller.tests.uninstaller --override-input nixpkgs nixpkgs/nixpkgs-unstable From 3a89b614321ab8dad3962d79fc3a29bace9a8486 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Thu, 7 Nov 2024 14:19:19 +1100 Subject: [PATCH 32/45] uninstaller: check `nix-daemon` was correctly reinstalled --- pkgs/darwin-uninstaller/default.nix | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/pkgs/darwin-uninstaller/default.nix b/pkgs/darwin-uninstaller/default.nix index 5159c2c8..17c0a460 100644 --- a/pkgs/darwin-uninstaller/default.nix +++ b/pkgs/darwin-uninstaller/default.nix @@ -81,12 +81,14 @@ in writeShellApplication { test -e /etc/static && exit 1 echo >&2 "checking /run/current-system" test -e /run/current-system && exit 1 - echo >&2 "checking nix-daemon service (assuming a multi-user install)" - sudo launchctl list | grep org.nixos.nix-daemon || echo "FIXME? sudo launchctl list | grep org.nixos.nix-daemon" - pgrep -l nix-daemon || echo "FIXME? pgrep -l nix-daemon" - readlink /Library/LaunchDaemons/org.nixos.nix-daemon.plist || echo "FIXME? readlink /Library/LaunchDaemons/org.nixos.nix-daemon.plist" - grep /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt /Library/LaunchDaemons/org.nixos.nix-daemon.plist || echo "FIXME? grep /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt /Library/LaunchDaemons/org.nixos.nix-daemon.plist" - echo >&2 ok + if [[ $(stat -f '%Su' /nix/store) == "root" ]]; then + echo >&2 "checking nix-daemon service" + launchctl print system/org.nixos.nix-daemon + pgrep -l nix-daemon + test -e /Library/LaunchDaemons/org.nixos.nix-daemon.plist + [[ "$(shasum -a 256 /Library/LaunchDaemons/org.nixos.nix-daemon.plist | awk '{print $1}')" == "$(shasum -a 256 /Library/LaunchDaemons/org.nixos.nix-daemon.plist | awk '{print $1}')" ]] + echo >&2 ok + fi ''; }; } From 222c3cb558f4e56e3f9e84bb65fe23034f7f9c79 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Thu, 7 Nov 2024 16:47:15 +1100 Subject: [PATCH 33/45] ci: fix uninstaller failing to run in `install-against-unstable` --- .github/workflows/test.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 095cd3a6..623cb698 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -114,12 +114,13 @@ jobs: darwin-rebuild switch -I darwin=. - name: Test uninstallation of nix-darwin run: | + # A regression in Nix 2.19 means we need to put `--extra-experimental-features` before `--override-input` nix run .#darwin-uninstaller \ - --override-input nixpkgs nixpkgs/nixpkgs-unstable \ - --extra-experimental-features "nix-command flakes" + --extra-experimental-features "nix-command flakes" \ + --override-input nixpkgs nixpkgs/nixpkgs-unstable nix run .#darwin-uninstaller.tests.uninstaller \ - --override-input nixpkgs nixpkgs/nixpkgs-unstable \ - --extra-experimental-features "nix-command flakes" + --extra-experimental-features "nix-command flakes" \ + --override-input nixpkgs nixpkgs/nixpkgs-unstable - name: Debugging tmate session if: ${{ failure() }} uses: mxschmitt/action-tmate@v3 From 110d49af637c3da025b6b42a0caa81c1d63b2aed Mon Sep 17 00:00:00 2001 From: Yuriy Taraday Date: Mon, 4 Nov 2024 18:31:38 +0100 Subject: [PATCH 34/45] github-runner: Fix labels for different nixpkgs versions Changes to escapeShellArg introduced in https://github.com/NixOS/nixpkgs/pull/333744 made different versions of nixpkgs behave differently. If current nix-darwin is used with nixpkgs before that change, labels end up having labels quoted twice (see https://github.com/LnL7/nix-darwin/issues/1085), but without changes from https://github.com/LnL7/nix-darwin/pull/1055, with new nixpkgs, labels end up not quoted at all, and ShellCheck ends up complaining that commas might have been used as array item separator (see https://www.shellcheck.net/wiki/SC2054). Use the old version of escapeShellArg to always escape the list of labels and make nix-darwin work with both old and new versions of nixpkgs. Fixes https://github.com/LnL7/nix-darwin/issues/1085 --- modules/services/github-runner/service.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/services/github-runner/service.nix b/modules/services/github-runner/service.nix index c273f433..5d73633b 100644 --- a/modules/services/github-runner/service.nix +++ b/modules/services/github-runner/service.nix @@ -94,6 +94,10 @@ in script = let + # https://github.com/NixOS/nixpkgs/pull/333744 introduced an inconsistency with different + # versions of nixpkgs. Use the old version of escapeShellArg to make sure that labels + # are always escaped to avoid https://www.shellcheck.net/wiki/SC2054 + escapeShellArgAlways = string: "'${replaceStrings ["'"] ["'\\''"] (toString string)}'"; configure = pkgs.writeShellApplication { name = "configure-github-runner-${name}"; text = /*bash*/'' @@ -104,7 +108,7 @@ in --disableupdate --work ${escapeShellArg workDir} --url ${escapeShellArg cfg.url} - --labels "${escapeShellArg (concatStringsSep "," cfg.extraLabels)}" + --labels ${escapeShellArgAlways (concatStringsSep "," cfg.extraLabels)} ${optionalString (cfg.name != null ) "--name ${escapeShellArg cfg.name}"} ${optionalString cfg.replace "--replace"} ${optionalString (cfg.runnerGroup != null) "--runnergroup ${escapeShellArg cfg.runnerGroup}"} From f0a1269297c8ca7f5aa287166c2a9cfb6e13917c Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Fri, 8 Nov 2024 12:02:34 +1100 Subject: [PATCH 35/45] nix: don't allow using `auto-optimise-store` as it can corrupt the store --- modules/nix/default.nix | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/modules/nix/default.nix b/modules/nix/default.nix index 6bce1e35..d99aae83 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -404,7 +404,7 @@ in { darwin-config = "${config.environment.darwinConfig}"; } "/nix/var/nix/profiles/per-user/root/channels" ]; - + defaultText = lib.literalExpression '' lib.optionals cfg.channel.enable [ # Include default path . @@ -527,8 +527,10 @@ in description = '' If set to true, Nix automatically detects files in the store that have identical contents, and replaces them with hard links to a single copy. - This saves disk space. If set to false (the default), you can still run - nix-store --optimise to get rid of duplicate files. + This saves disk space. If set to false (the default), you can enable + {option}`nix.optimise.automatic` to run {command}`nix-store --optimise` + periodically to get rid of duplicate files. You can also run + {command}`nix-store --optimise` manually. ''; }; @@ -761,6 +763,13 @@ in { assertion = elem "nixbld" config.users.knownGroups -> elem "nixbld" createdGroups; message = "refusing to delete group nixbld in users.knownGroups, this would break nix"; } { assertion = elem "_nixbld1" config.users.knownGroups -> elem "_nixbld1" createdUsers; message = "refusing to delete user _nixbld1 in users.knownUsers, this would break nix"; } { assertion = config.users.groups ? "nixbld" -> config.users.groups.nixbld.members != []; message = "refusing to remove all members from nixbld group, this would break nix"; } + + { + # Should be fixed in Lix by https://gerrit.lix.systems/c/lix/+/2100 + # As `isNixAtLeast "2.92.0" "2.92.0-devpre20241107" == false`, we need to explicitly check if the user is running Lix 2.92.0 + assertion = cfg.settings.auto-optimise-store -> (cfg.package.pname == "lix" && (isNixAtLeast "2.92.0-devpre20241107" || cfg.package.version == "2.92.0")); + message = "`nix.settings.auto-optimise-store` is known to corrupt the Nix Store, please use `nix.optimise.automatic` instead."; + } ]; # Not in NixOS module From 5fbb7b7637307c89e52d7e73ed6c848353bda6a0 Mon Sep 17 00:00:00 2001 From: Sam <30577766+Samasaur1@users.noreply.github.com> Date: Thu, 7 Nov 2024 20:29:35 -0800 Subject: [PATCH 36/45] zsh: only run shell initialization in /etc/zshenv when RCs are enabled --- modules/programs/zsh/default.nix | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/modules/programs/zsh/default.nix b/modules/programs/zsh/default.nix index a9ffbd80..c6ec9175 100644 --- a/modules/programs/zsh/default.nix +++ b/modules/programs/zsh/default.nix @@ -136,17 +136,19 @@ in if [ -n "''${__ETC_ZSHENV_SOURCED-}" ]; then return; fi __ETC_ZSHENV_SOURCED=1 - if [ -z "''${__NIX_DARWIN_SET_ENVIRONMENT_DONE-}" ]; then - . ${config.system.build.setEnvironment} + if [[ -o rcs ]]; then + if [ -z "''${__NIX_DARWIN_SET_ENVIRONMENT_DONE-}" ]; then + . ${config.system.build.setEnvironment} + fi + + # Tell zsh how to find installed completions + for p in ''${(z)NIX_PROFILES}; do + fpath=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions $fpath) + done + + ${cfg.shellInit} fi - # Tell zsh how to find installed completions - for p in ''${(z)NIX_PROFILES}; do - fpath=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions $fpath) - done - - ${cfg.shellInit} - # Read system-wide modifications. if test -f /etc/zshenv.local; then source /etc/zshenv.local From a82d72d25f67dff02afbd6fb72cd16e2ec040a68 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Thu, 7 Nov 2024 23:23:46 +1100 Subject: [PATCH 37/45] flake: expose docs on Linux as well --- flake.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/flake.nix b/flake.nix index 48dc3121..fb5545b1 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,8 @@ description = "A collection of darwin modules"; outputs = { self, nixpkgs }: let - forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-darwin" "x86_64-darwin" ]; + forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-darwin" "x86_64-darwin" "aarch64-linux" "x86_64-linux" ]; + forDarwinSystems = nixpkgs.lib.genAttrs [ "aarch64-darwin" "x86_64-darwin" ]; jobs = forAllSystems (system: import ./release.nix { inherit nixpkgs system; @@ -58,9 +59,11 @@ description = "nix flake init -t nix-darwin"; }; - checks = forAllSystems (system: jobs.${system}.tests // jobs.${system}.examples); + checks = forDarwinSystems (system: jobs.${system}.tests // jobs.${system}.examples); - packages = forAllSystems (system: let + packages = forAllSystems (system: { + inherit (jobs.${system}.docs) manualHTML manpages optionsJSON; + } // (nixpkgs.lib.optionalAttrs (nixpkgs.lib.hasSuffix "darwin" system) (let pkgs = import nixpkgs { inherit system; overlays = [ self.overlays.default ]; @@ -69,8 +72,6 @@ default = self.packages.${system}.darwin-rebuild; inherit (pkgs) darwin-option darwin-rebuild darwin-version darwin-uninstaller; - - inherit (jobs.${system}.docs) manualHTML manpages optionsJSON; - }); + }))); }; } From 2ff55ab1c5c238181c3b6f1bd78156e7d77812bb Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Fri, 8 Nov 2024 16:38:31 +1100 Subject: [PATCH 38/45] manual: get revision information when called from flake --- flake.nix | 2 ++ release.nix | 11 +++++++++++ 2 files changed, 13 insertions(+) diff --git a/flake.nix b/flake.nix index fb5545b1..2c1ae1b2 100644 --- a/flake.nix +++ b/flake.nix @@ -7,6 +7,8 @@ jobs = forAllSystems (system: import ./release.nix { inherit nixpkgs system; + + nix-darwin = self; }); in { lib = { diff --git a/release.nix b/release.nix index 18fb239d..b3e2df7e 100644 --- a/release.nix +++ b/release.nix @@ -1,4 +1,6 @@ { nixpkgs ? +# Adapted from https://github.com/NixOS/nixpkgs/blob/e818264fe227ad8861e0598166cf1417297fdf54/pkgs/top-level/release.nix#L11 +, nix-darwin ? { } , system ? builtins.currentSystem , supportedSystems ? [ "x86_64-darwin" "aarch64-darwin" ] , scrubJobs ? true @@ -56,6 +58,15 @@ let manual = buildFromConfig ({ lib, config, ... }: { system.stateVersion = lib.mkDefault config.system.maxStateVersion; + + system.darwinVersionSuffix = let + shortRev = nix-darwin.shortRev or nix-darwin.dirtyShortRev or null; + in + lib.mkIf (shortRev != null) ".${shortRev}"; + system.darwinRevision = let + rev = nix-darwin.rev or nix-darwin.dirtyRev or null; + in + lib.mkIf (rev != null) rev; }) (config: config.system.build.manual); in { From a89c85192354229d9fc0adfe11f3f89620eb9487 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 9 Nov 2024 20:37:07 +1100 Subject: [PATCH 39/45] ci: don't override nixpkgs when building the manual This causes `nix-darwin` to not have `rev` or `dirtyRev` --- .github/workflows/update-manual.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/update-manual.yml b/.github/workflows/update-manual.yml index a2f93822..42ee21e5 100644 --- a/.github/workflows/update-manual.yml +++ b/.github/workflows/update-manual.yml @@ -21,7 +21,7 @@ jobs: - name: Build manual run: | - nix build .#manualHTML --override-input nixpkgs nixpkgs/nixpkgs-24.05-darwin + nix build .#manualHTML - name: Push update to manual run: | From 293589065dd0f6bbfd6f83fcdc4f2d74543337c9 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 9 Nov 2024 20:51:18 +1100 Subject: [PATCH 40/45] ci: fix manual not being regenerated when non-Nix files are updated This also fixes the README not being updated on the website as well --- .github/workflows/update-manual.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/update-manual.yml b/.github/workflows/update-manual.yml index 42ee21e5..8d2af53b 100644 --- a/.github/workflows/update-manual.yml +++ b/.github/workflows/update-manual.yml @@ -3,8 +3,6 @@ on: push: branches: - master - paths: - - '**.nix' jobs: update-manual: From 534ca06930039a616934b6d9dd8316e8df799622 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 9 Nov 2024 20:51:18 +1100 Subject: [PATCH 41/45] docs: use `nix-darwin` instead of `Darwin` --- doc/manual/default.nix | 8 ++++---- doc/manual/manual.md | 2 +- modules/examples/flake/flake.nix | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/doc/manual/default.nix b/doc/manual/default.nix index abe126b7..deada0a4 100644 --- a/doc/manual/default.nix +++ b/doc/manual/default.nix @@ -118,18 +118,18 @@ in rec { # TODO: get these parameterized in upstream nixos-render-docs sed -i -e ' - /^\.TH / s|NixOS|Darwin|g + /^\.TH / s|NixOS|nix-darwin|g /^\.SH "NAME"$/ { N - s|NixOS|Darwin|g + s|NixOS|nix-darwin|g } /^\.SH "DESCRIPTION"$/ { N; N s|/etc/nixos/configuration|configuration|g - s|NixOS|Darwin|g - s|nixos|darwin|g + s|NixOS|nix-darwin|g + s|nixos|nix-darwin|g } /\.SH "AUTHORS"$/ { diff --git a/doc/manual/manual.md b/doc/manual/manual.md index 131df7d2..bacba03f 100644 --- a/doc/manual/manual.md +++ b/doc/manual/manual.md @@ -1,4 +1,4 @@ -# Darwin Configuration Options {#book-darwin-manual} +# nix-darwin Configuration Options {#book-darwin-manual} ## Version @DARWIN_VERSION@ ```{=include=} options diff --git a/modules/examples/flake/flake.nix b/modules/examples/flake/flake.nix index e6eaefc7..bd733bd9 100644 --- a/modules/examples/flake/flake.nix +++ b/modules/examples/flake/flake.nix @@ -1,5 +1,5 @@ { - description = "Example Darwin system flake"; + description = "Example nix-darwin system flake"; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; From ae09d7ba528760f9c9b4f92d905d35c46d50ddca Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 9 Nov 2024 03:14:01 +1100 Subject: [PATCH 42/45] readme: remove outdated instructions for manually managing `/etc/bashrc` --- README.md | 7 ------- 1 file changed, 7 deletions(-) diff --git a/README.md b/README.md index d3aec37f..602ce089 100644 --- a/README.md +++ b/README.md @@ -20,13 +20,6 @@ nix-build https://github.com/LnL7/nix-darwin/archive/master.tar.gz -A installer ./result/bin/darwin-installer ``` -> NOTE: the system activation scripts don't overwrite existing etc files, so files like `/etc/bashrc` and `/etc/zshrc` won't be -> updated by default. If you didn't use the installer or skipped some of the options you'll have to take care of this yourself. -> Either modify the existing file to source/import the one from `/etc/static` or remove it. Some examples: - -- `mv /etc/bashrc /etc/bashrc.before-nix-darwin` -- `echo 'if test -e /etc/static/bashrc; then . /etc/static/bashrc; fi' | sudo tee -a /etc/bashrc` - ## Updating The installer will configure a channel for this repository. From 2fe3de580e02a3d867134d6632525cf93ffaf0cb Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 9 Nov 2024 03:14:01 +1100 Subject: [PATCH 43/45] readme: fix badge --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 602ce089..82a094df 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ # nix-darwin -![Test](https://github.com/LnL7/nix-darwin/workflows/Test/badge.svg) +[![Test](https://github.com/LnL7/nix-darwin/actions/workflows/test.yml/badge.svg)](https://github.com/LnL7/nix-darwin/actions/workflows/test.yml) Nix modules for darwin, `/etc/nixos/configuration.nix` for macOS. From 050b7db4451bbca9798d09661f098cb0033779b5 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 9 Nov 2024 03:14:01 +1100 Subject: [PATCH 44/45] installer: don't tell users to source bashrc Fixes #380 --- pkgs/darwin-installer/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/darwin-installer/default.nix b/pkgs/darwin-installer/default.nix index 37a391c0..5c6d801e 100644 --- a/pkgs/darwin-installer/default.nix +++ b/pkgs/darwin-installer/default.nix @@ -95,7 +95,7 @@ stdenv.mkDerivation { echo >&2 " Open '$config' to get started." echo >&2 " See the README for more information: https://github.com/LnL7/nix-darwin/blob/master/README.md" echo >&2 - echo >&2 " Don't forget to start a new shell or source /etc/static/bashrc." + echo >&2 " Please log out and log in again to make sure nix-darwin is properly loaded." echo >&2 exit ''; From 5a1ae6a6e41362fb52a682fd3d5f19585131d5de Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sat, 9 Nov 2024 03:14:01 +1100 Subject: [PATCH 45/45] readme: add prerequisites section --- README.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 82a094df..b9e3de7e 100644 --- a/README.md +++ b/README.md @@ -9,9 +9,16 @@ Nix modules for darwin, `/etc/nixos/configuration.nix` for macOS. This project aims to bring the convenience of a declarative system approach to macOS. nix-darwin is built up around [Nixpkgs](https://github.com/NixOS/nixpkgs), quite similar to [NixOS](https://nixos.org/). -## Installing +## Prerequisites -To install nix-darwin, a working installation of [Nix](https://github.com/NixOS/nix#installation) is required. +The only prerequisite is a Nix implementation, both Nix and Lix are supported. + +As the official Nix installer does not include an automated uninstaller, and manual uninstallation on macOS is a complex process, we recommend using one of the following installers instead: + +- The [Nix installer from Determinate Systems](https://github.com/DeterminateSystems/nix-installer?tab=readme-ov-file#determinate-nix-installer) is only recommended for use with flake-based setups. **Make sure you use it without the `--determinate` flag**. The `--determinate` flag installs the Determinate Nix distribution which does not work out of the box with nix-darwin. +* The [Lix installer](https://lix.systems/install/#on-any-other-linuxmacos-system) supports both flake-based and channel-based setups. + +## Installing If you wish to use nix-darwin with flakes, please refer to the [flakes](#flakes) section.