mirrors/nix-darwin
mirrors/nix-darwin
1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2025-03-18 14:28:18 +00:00
Code Activity

Merge branch 'master' into kabir/one-sudo

Browse source
This commit is contained in:
Kabir Oberai 2024-11-09 22:54:58 -05:00
commit 6f391da544
28 changed files with 375 additions and 426 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
.github/workflows/build.yml vendored
View file

@ -1,18 +0,0 @@
name: "Build"
on:
# curl -fsSL -XPOST \
# -H "Accept: application/vnd.github.everest-preview+json" \
# -H "Authorization: token $GITHUB_TOKEN" \
# --data '{"event_type": "build", "client_payload": {"args": "-f channel:nixpkgs-unstable hello"}}' \
# https://api.github.com/repos/LnL7/nix-darwin/dispatches
repository_dispatch:
types:
- build
jobs:
build:
runs-on: macos-12
steps:
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@v22
- run: |
nix build ${{ github.event.client_payload.args }} -vL

23
.github/workflows/debug.yml vendored
View file

@ -1,23 +0,0 @@
name: "Debug"
on:
# curl -fsSL -XPOST \
# -H "Accept: application/vnd.github.everest-preview+json" \
# -H "Authorization: token $GITHUB_TOKEN" \
# --data '{"event_type": "debug"}' \
# https://api.github.com/repos/LnL7/nix-darwin/dispatches
repository_dispatch:
types:
- debug
jobs:
debug:
runs-on: macos-12
steps:
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@v22
- run: |
nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs
nix-channel --update
- run: |
nix-shell -A installer
nix-shell -A installer.check
- uses: mxschmitt/action-tmate@v3

47
.github/workflows/test.yml vendored
View file

@ -13,33 +13,29 @@ jobs:
runs-on: macos-13 runs-on: macos-13
timeout-minutes: 30 timeout-minutes: 30
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v4
- name: Install nix corresponding to latest stable channel - name: Install nix corresponding to latest stable channel
uses: cachix/install-nix-action@v30 uses: cachix/install-nix-action@v30
with: with:
install_url: https://releases.nixos.org/nix/nix-2.18.8/install install_url: https://releases.nixos.org/nix/nix-2.18.8/install
- run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A tests - run: nix flake check --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
- run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A manpages
- run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A examples.simple
test-unstable: test-unstable:
runs-on: macos-13 runs-on: macos-13
timeout-minutes: 30 timeout-minutes: 30
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v4
- name: Install nix from current unstable channel - name: Install nix from current unstable channel
uses: cachix/install-nix-action@v30 uses: cachix/install-nix-action@v30
with: with:
install_url: https://releases.nixos.org/nix/nix-2.24.9/install install_url: https://releases.nixos.org/nix/nix-2.24.9/install
- run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A tests - run: nix flake check --override-input nixpkgs nixpkgs/nixpkgs-unstable
- run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A manpages
- run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A examples.simple
install-against-stable: install-against-stable:
runs-on: macos-13 runs-on: macos-13
timeout-minutes: 30 timeout-minutes: 30
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v4
- name: Install nix corresponding to latest stable channel - name: Install nix corresponding to latest stable channel
uses: cachix/install-nix-action@v30 uses: cachix/install-nix-action@v30
with: with:
@ -70,9 +66,12 @@ jobs:
darwin-rebuild switch -I darwin=. darwin-rebuild switch -I darwin=.
- name: Test uninstallation of nix-darwin - name: Test uninstallation of nix-darwin
run: | run: |
export NIX_PATH=$HOME/.nix-defexpr/channels nix run .#darwin-uninstaller \
nix-shell -A uninstaller --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }} \
nix-shell -A uninstaller.check --extra-experimental-features "nix-command flakes"
nix run .#darwin-uninstaller.tests.uninstaller \
--override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }} \
--extra-experimental-features "nix-command flakes"
- name: Debugging tmate session - name: Debugging tmate session
if: ${{ failure() }} if: ${{ failure() }}
uses: mxschmitt/action-tmate@v3 uses: mxschmitt/action-tmate@v3
@ -84,7 +83,7 @@ jobs:
runs-on: macos-13 runs-on: macos-13
timeout-minutes: 30 timeout-minutes: 30
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v4
- name: Install nix from current unstable channel - name: Install nix from current unstable channel
uses: cachix/install-nix-action@v30 uses: cachix/install-nix-action@v30
with: with:
@ -115,9 +114,13 @@ jobs:
darwin-rebuild switch -I darwin=. darwin-rebuild switch -I darwin=.
- name: Test uninstallation of nix-darwin - name: Test uninstallation of nix-darwin
run: | run: |
export NIX_PATH=$HOME/.nix-defexpr/channels # A regression in Nix 2.19 means we need to put `--extra-experimental-features` before `--override-input`
nix-shell -A uninstaller nix run .#darwin-uninstaller \
nix-shell -A uninstaller.check --extra-experimental-features "nix-command flakes" \
--override-input nixpkgs nixpkgs/nixpkgs-unstable
nix run .#darwin-uninstaller.tests.uninstaller \
--extra-experimental-features "nix-command flakes" \
--override-input nixpkgs nixpkgs/nixpkgs-unstable
- name: Debugging tmate session - name: Debugging tmate session
if: ${{ failure() }} if: ${{ failure() }}
uses: mxschmitt/action-tmate@v3 uses: mxschmitt/action-tmate@v3
@ -129,7 +132,7 @@ jobs:
runs-on: macos-13 runs-on: macos-13
timeout-minutes: 30 timeout-minutes: 30
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v4
- name: Install nix version corresponding to latest stable channel - name: Install nix version corresponding to latest stable channel
uses: cachix/install-nix-action@v30 uses: cachix/install-nix-action@v30
with: with:
@ -153,12 +156,16 @@ jobs:
run: | run: |
. /etc/static/bashrc . /etc/static/bashrc
darwin-rebuild build --flake ./modules/examples/flake#simple --override-input nix-darwin . --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }} darwin-rebuild build --flake ./modules/examples/flake#simple --override-input nix-darwin . --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
- name: Test uninstallation of nix-darwin
run: |
nix run .#darwin-uninstaller --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
nix run .#darwin-uninstaller.tests.uninstaller --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
install-flake-against-unstable: install-flake-against-unstable:
runs-on: macos-13 runs-on: macos-13
timeout-minutes: 30 timeout-minutes: 30
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v4
- name: Install nix from current unstable channel - name: Install nix from current unstable channel
uses: cachix/install-nix-action@v30 uses: cachix/install-nix-action@v30
with: with:
@ -182,3 +189,7 @@ jobs:
run: | run: |
. /etc/static/bashrc . /etc/static/bashrc
darwin-rebuild build --flake ./modules/examples/flake#simple --override-input nix-darwin . --override-input nixpkgs nixpkgs/nixpkgs-unstable darwin-rebuild build --flake ./modules/examples/flake#simple --override-input nix-darwin . --override-input nixpkgs nixpkgs/nixpkgs-unstable
- name: Test uninstallation of nix-darwin
run: |
nix run .#darwin-uninstaller --override-input nixpkgs nixpkgs/nixpkgs-unstable
nix run .#darwin-uninstaller.tests.uninstaller --override-input nixpkgs nixpkgs/nixpkgs-unstable

6
.github/workflows/update-manual.yml vendored
View file

@ -3,15 +3,13 @@ on:
push: push:
branches: branches:
- master - master
paths:
- '**.nix'
jobs: jobs:
update-manual: update-manual:
runs-on: macos-13 runs-on: macos-13
steps: steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v3 uses: actions/checkout@v4
with: with:
# So that we fetch all branches, since we need to checkout the `gh-pages` branch later. # So that we fetch all branches, since we need to checkout the `gh-pages` branch later.
fetch-depth: 0 fetch-depth: 0
@ -21,7 +19,7 @@ jobs:
- name: Build manual - name: Build manual
run: | run: |
nix-build ./release.nix -I nixpkgs=channel:nixpkgs-24.05-darwin -I darwin=. -A manualHTML nix build .#manualHTML
- name: Push update to manual - name: Push update to manual
run: | run: |

20
README.md
View file

@ -2,16 +2,23 @@
# nix-darwin # nix-darwin
![Test](https://github.com/LnL7/nix-darwin/workflows/Test/badge.svg) [![Test](https://github.com/LnL7/nix-darwin/actions/workflows/test.yml/badge.svg)](https://github.com/LnL7/nix-darwin/actions/workflows/test.yml)
Nix modules for darwin, `/etc/nixos/configuration.nix` for macOS. Nix modules for darwin, `/etc/nixos/configuration.nix` for macOS.
This project aims to bring the convenience of a declarative system approach to macOS. This project aims to bring the convenience of a declarative system approach to macOS.
nix-darwin is built up around [Nixpkgs](https://github.com/NixOS/nixpkgs), quite similar to [NixOS](https://nixos.org/). nix-darwin is built up around [Nixpkgs](https://github.com/NixOS/nixpkgs), quite similar to [NixOS](https://nixos.org/).
## Installing ## Prerequisites
To install nix-darwin, a working installation of [Nix](https://github.com/NixOS/nix#installation) is required. The only prerequisite is a Nix implementation, both Nix and Lix are supported.
As the official Nix installer does not include an automated uninstaller, and manual uninstallation on macOS is a complex process, we recommend using one of the following installers instead:
- The [Nix installer from Determinate Systems](https://github.com/DeterminateSystems/nix-installer?tab=readme-ov-file#determinate-nix-installer) is only recommended for use with flake-based setups. **Make sure you use it without the `--determinate` flag**. The `--determinate` flag installs the Determinate Nix distribution which does not work out of the box with nix-darwin.
* The [Lix installer](https://lix.systems/install/#on-any-other-linuxmacos-system) supports both flake-based and channel-based setups.
## Installing
If you wish to use nix-darwin with flakes, please refer to the [flakes](#flakes) section. If you wish to use nix-darwin with flakes, please refer to the [flakes](#flakes) section.
@ -20,13 +27,6 @@ nix-build https://github.com/LnL7/nix-darwin/archive/master.tar.gz -A installer
./result/bin/darwin-installer ./result/bin/darwin-installer
``` ```
> NOTE: the system activation scripts don't overwrite existing etc files, so files like `/etc/bashrc` and `/etc/zshrc` won't be
> updated by default. If you didn't use the installer or skipped some of the options you'll have to take care of this yourself.
> Either modify the existing file to source/import the one from `/etc/static` or remove it. Some examples:
- `mv /etc/bashrc /etc/bashrc.before-nix-darwin`
- `echo 'if test -e /etc/static/bashrc; then . /etc/static/bashrc; fi' | sudo tee -a /etc/bashrc`
## Updating ## Updating
The installer will configure a channel for this repository. The installer will configure a channel for this repository.

8
doc/manual/default.nix
View file

@ -118,18 +118,18 @@ in rec {
# TODO: get these parameterized in upstream nixos-render-docs # TODO: get these parameterized in upstream nixos-render-docs
sed -i -e ' sed -i -e '
/^\.TH / s|NixOS|Darwin|g /^\.TH / s|NixOS|nix-darwin|g
/^\.SH "NAME"$/ { /^\.SH "NAME"$/ {
N N
s|NixOS|Darwin|g s|NixOS|nix-darwin|g
} }
/^\.SH "DESCRIPTION"$/ { /^\.SH "DESCRIPTION"$/ {
N; N N; N
s|/etc/nixos/configuration|configuration|g s|/etc/nixos/configuration|configuration|g
s|NixOS|Darwin|g s|NixOS|nix-darwin|g
s|nixos|darwin|g s|nixos|nix-darwin|g
} }
/\.SH "AUTHORS"$/ { /\.SH "AUTHORS"$/ {

2
doc/manual/manual.md
View file

@ -1,4 +1,4 @@
# Darwin Configuration Options {#book-darwin-manual} # nix-darwin Configuration Options {#book-darwin-manual}
## Version @DARWIN_VERSION@ ## Version @DARWIN_VERSION@
```{=include=} options ```{=include=} options

33
flake.nix
View file

@ -1,9 +1,15 @@
{ {
# WARNING this is very much still experimental.
description = "A collection of darwin modules"; description = "A collection of darwin modules";
outputs = { self, nixpkgs }: let outputs = { self, nixpkgs }: let
forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-darwin" "x86_64-darwin" ]; forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-darwin" "x86_64-darwin" "aarch64-linux" "x86_64-linux" ];
forDarwinSystems = nixpkgs.lib.genAttrs [ "aarch64-darwin" "x86_64-darwin" ];
jobs = forAllSystems (system: import ./release.nix {
inherit nixpkgs system;
nix-darwin = self;
});
in { in {
lib = { lib = {
evalConfig = import ./eval-config.nix; evalConfig = import ./eval-config.nix;
@ -48,7 +54,6 @@
darwinModules.hydra = ./modules/examples/hydra.nix; darwinModules.hydra = ./modules/examples/hydra.nix;
darwinModules.lnl = ./modules/examples/lnl.nix; darwinModules.lnl = ./modules/examples/lnl.nix;
darwinModules.ofborg = ./modules/examples/ofborg.nix;
darwinModules.simple = ./modules/examples/simple.nix; darwinModules.simple = ./modules/examples/simple.nix;
templates.default = { templates.default = {
@ -56,23 +61,11 @@
description = "nix flake init -t nix-darwin"; description = "nix flake init -t nix-darwin";
}; };
checks = forAllSystems (system: let checks = forDarwinSystems (system: jobs.${system}.tests // jobs.${system}.examples);
simple = self.lib.darwinSystem {
modules = [
self.darwinModules.simple
{ nixpkgs.hostPlatform = system; }
];
};
in {
simple = simple.system;
inherit (simple.config.system.build.manual) packages = forAllSystems (system: {
optionsJSON inherit (jobs.${system}.docs) manualHTML manpages optionsJSON;
manualHTML } // (nixpkgs.lib.optionalAttrs (nixpkgs.lib.hasSuffix "darwin" system) (let
manpages;
});
packages = forAllSystems (system: let
pkgs = import nixpkgs { pkgs = import nixpkgs {
inherit system; inherit system;
overlays = [ self.overlays.default ]; overlays = [ self.overlays.default ];
@ -81,6 +74,6 @@
default = self.packages.${system}.darwin-rebuild; default = self.packages.${system}.darwin-rebuild;
inherit (pkgs) darwin-option darwin-rebuild darwin-version darwin-uninstaller; inherit (pkgs) darwin-option darwin-rebuild darwin-version darwin-uninstaller;
}); })));
}; };
} }

2
modules/examples/flake/flake.nix
View file

@ -1,5 +1,5 @@
{ {
description = "Example Darwin system flake"; description = "Example nix-darwin system flake";
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";

17
modules/examples/hydra.nix
View file

@ -1,25 +1,16 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
environment = concatStringsSep " " environment = lib.concatStringsSep " "
[ "NIX_REMOTE=daemon" [ "NIX_REMOTE=daemon"
"NIX_SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" "NIX_SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
]; ];
in in
{ {
# Create /etc/bashrc that loads the nix-darwin environment.
programs.bash.enable = true;
programs.bash.completion.enable = false;
# Recreate /run/current-system symlink after boot.
services.activate-system.enable = true;
services.nix-daemon.enable = true; services.nix-daemon.enable = true;
nix.settings.substituters = [ http://cache1 ]; nix.settings.substituters = [ "http://cache1" ];
nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ]; nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ];
nix.settings.trusted-users = [ "@admin" "@hydra" ]; nix.settings.trusted-users = [ "@admin" "@hydra" ];
@ -31,7 +22,7 @@ in
nix.gc.automatic = true; nix.gc.automatic = true;
nix.gc.options = "--max-freed $((25 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | awk '{ print $4 }')))"; nix.gc.options = "--max-freed $((25 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | awk '{ print $4 }')))";
environment.etc."per-user/hydra/ssh/authorized_keys".text = concatStringsSep "\n" environment.etc."per-user/hydra/ssh/authorized_keys".text = lib.concatStringsSep "\n"
[ "command=\"${environment} ${config.nix.package}/bin/nix-store --serve --write\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCVsc0pHGsskoayziMhA2e59bHPWe0bbKgusmqhuJFBGQ1BAk9UmPzKCWE3nCiV6CLD1+SygVkBjb06DYtc+94BnzviCa9qZtL0G4+2vhp6x8OvXh8xlf/eWw3k5MWlvu+kjJFpbW8wHWTiUqzH+uEeHklAosT0lFNjiIYd/Vs3JAezhUR62a6c7ZjWOd5F7ALGEKzOiwC4i37kSgGsIWNCbe0Ku7gyr718zhMGeyxax6saHhnkSpIB+7d6oHhKeiJSFMWctNmz1/qxXUPbxNaJvqgdKlVHhN+B7x/TIbkVr5pTC59Okx9LTcpflFIv79VT+Gf1K7VypZpSvJjG0xFRt8iDs1+ssWFBfvpo94vUbZ+ZwMDcBGR5iJeO41Gj5fYn5aaDl32RXfJ9Fkwael1L6pcXtkIc66jk+KQQpgoeNj8Y3Emntpqva/2AM41wDDvr5tKp5KhEKFLM95CoiWq+g88pZLcpqLK7wooDVqNkVUEbMaj9lBN0AzU9mcsIRGvTa6CmWAdBvwqS2fRZD97Oarqct9AWgb0X6mOUq9BJNi4i4xvjgnVkylLwtLUnibR/PeXMtkb9bv6BEZXNf5ACqxSjKXJyaIHI65I5TILCr5eEgaujgvmkREn6U3T1NZAUIeVe9aVYLqehYh79OHUBzggoHqidRrXBB/6zdg9UgQ==" [ "command=\"${environment} ${config.nix.package}/bin/nix-store --serve --write\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCVsc0pHGsskoayziMhA2e59bHPWe0bbKgusmqhuJFBGQ1BAk9UmPzKCWE3nCiV6CLD1+SygVkBjb06DYtc+94BnzviCa9qZtL0G4+2vhp6x8OvXh8xlf/eWw3k5MWlvu+kjJFpbW8wHWTiUqzH+uEeHklAosT0lFNjiIYd/Vs3JAezhUR62a6c7ZjWOd5F7ALGEKzOiwC4i37kSgGsIWNCbe0Ku7gyr718zhMGeyxax6saHhnkSpIB+7d6oHhKeiJSFMWctNmz1/qxXUPbxNaJvqgdKlVHhN+B7x/TIbkVr5pTC59Okx9LTcpflFIv79VT+Gf1K7VypZpSvJjG0xFRt8iDs1+ssWFBfvpo94vUbZ+ZwMDcBGR5iJeO41Gj5fYn5aaDl32RXfJ9Fkwael1L6pcXtkIc66jk+KQQpgoeNj8Y3Emntpqva/2AM41wDDvr5tKp5KhEKFLM95CoiWq+g88pZLcpqLK7wooDVqNkVUEbMaj9lBN0AzU9mcsIRGvTa6CmWAdBvwqS2fRZD97Oarqct9AWgb0X6mOUq9BJNi4i4xvjgnVkylLwtLUnibR/PeXMtkb9bv6BEZXNf5ACqxSjKXJyaIHI65I5TILCr5eEgaujgvmkREn6U3T1NZAUIeVe9aVYLqehYh79OHUBzggoHqidRrXBB/6zdg9UgQ=="
"command=\"${environment} ${config.nix.package}/bin/nix-store --serve --write\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCnubA1pRqlpoAXkZ1q5nwhqi1RY2z840wFLFDj7vAMSups9E2U8PNIVtuVYApZpkBWIpzD4GGbQTF5Itnu5uBpJswc2Yat9yGWO/guuVyXIaRoBIM0Pg1WBWcWsz+k4rNludu9UQ74FHqEiqZIuIuOcgV+RIZn8xQlGt2kUqN9TWboHhZz8Zhx7EtGSJH6MJRLn3mA/pPjOF6k1jiiFG1pVDuqBTZPANkelWYCWAJ46jCyhxXltWE/jkBYGc/XbB8yT7DFE1XC6TVsSEp68R9PhVG3yqxqY06sniEyduSoGt/TDr6ycERd93bvLElXFATes85YiFszeaUgayYSKwQPe0q7YeHMhIXL0UYJYaKVVgT9saFDiHDzde7kKe+NA+J4+TbIk7Y/Ywn0jepsYV13M7TyEqgqbu9fvVGF3JI9+4g0m1gAzHTa7n6iiAedtz+Pi79uCEpRD2hWSSoLWroyPlep8j1p2tygtFsrieePEukesoToCTwqg1Ejnjh+yKdtUbc6xpyRvl3hKeO8QbCpfaaVd27e4vE4lP2JMW6nOo8b0wlVXQIFe5K2zh52q1MSwhLAq6Kg8oPmgj0lru4IivmPc+/NVwd3Qj3E9ZB8LRfTesfbcxHrC8lF5dL/QpLMeLwebrwCxL19gI0kxmDIaUQuHSyP3B2z+EmBKcN/Xw==" "command=\"${environment} ${config.nix.package}/bin/nix-store --serve --write\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCnubA1pRqlpoAXkZ1q5nwhqi1RY2z840wFLFDj7vAMSups9E2U8PNIVtuVYApZpkBWIpzD4GGbQTF5Itnu5uBpJswc2Yat9yGWO/guuVyXIaRoBIM0Pg1WBWcWsz+k4rNludu9UQ74FHqEiqZIuIuOcgV+RIZn8xQlGt2kUqN9TWboHhZz8Zhx7EtGSJH6MJRLn3mA/pPjOF6k1jiiFG1pVDuqBTZPANkelWYCWAJ46jCyhxXltWE/jkBYGc/XbB8yT7DFE1XC6TVsSEp68R9PhVG3yqxqY06sniEyduSoGt/TDr6ycERd93bvLElXFATes85YiFszeaUgayYSKwQPe0q7YeHMhIXL0UYJYaKVVgT9saFDiHDzde7kKe+NA+J4+TbIk7Y/Ywn0jepsYV13M7TyEqgqbu9fvVGF3JI9+4g0m1gAzHTa7n6iiAedtz+Pi79uCEpRD2hWSSoLWroyPlep8j1p2tygtFsrieePEukesoToCTwqg1Ejnjh+yKdtUbc6xpyRvl3hKeO8QbCpfaaVd27e4vE4lP2JMW6nOo8b0wlVXQIFe5K2zh52q1MSwhLAq6Kg8oPmgj0lru4IivmPc+/NVwd3Qj3E9ZB8LRfTesfbcxHrC8lF5dL/QpLMeLwebrwCxL19gI0kxmDIaUQuHSyP3B2z+EmBKcN/Xw=="
]; ];
@ -53,4 +44,6 @@ in
chown hydra:hydra ~hydra ~hydra/.ssh ~hydra/.ssh/authorized_keys chown hydra:hydra ~hydra ~hydra/.ssh ~hydra/.ssh/authorized_keys
echo "ok" echo "ok"
''; '';
system.stateVersion = 5;
} }

13
modules/examples/lnl.nix
View file

@ -1,10 +1,6 @@
{ config, lib, inputs, pkgs, ... }: { config, lib, inputs, pkgs, ... }:
{ {
# imports = [ ~/.config/nixpkgs/darwin/local-configuration.nix ];
# system.patches = [ ./pam.patch ];
system.defaults.NSGlobalDomain.AppleKeyboardUIMode = 3; system.defaults.NSGlobalDomain.AppleKeyboardUIMode = 3;
system.defaults.NSGlobalDomain.ApplePressAndHoldEnabled = false; system.defaults.NSGlobalDomain.ApplePressAndHoldEnabled = false;
system.defaults.NSGlobalDomain.InitialKeyRepeat = 10; system.defaults.NSGlobalDomain.InitialKeyRepeat = 10;
@ -50,13 +46,10 @@
pkgs.gnupg pkgs.gnupg
pkgs.htop pkgs.htop
pkgs.jq pkgs.jq
pkgs.mosh
pkgs.ripgrep pkgs.ripgrep
pkgs.shellcheck pkgs.shellcheck
pkgs.vault
pkgs.qes pkgs.qes
pkgs.darwin-zsh-completions
]; ];
services.yabai.enable = true; services.yabai.enable = true;
@ -96,7 +89,7 @@
''; '';
nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ]; nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ];
nix.settings.trusted-substituters = [ https://d3i7ezr9vxxsfy.cloudfront.net ]; nix.settings.trusted-substituters = [ "https://d3i7ezr9vxxsfy.cloudfront.net" ];
nix.settings.sandbox = true; nix.settings.sandbox = true;
nix.settings.extra-sandbox-paths = [ "/private/tmp" "/private/var/tmp" "/usr/bin/env" ]; nix.settings.extra-sandbox-paths = [ "/private/tmp" "/private/var/tmp" "/usr/bin/env" ];
@ -302,8 +295,6 @@
fi fi
''; '';
# environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix";
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [ nixpkgs.overlays = [
@ -331,4 +322,6 @@
nix.configureBuildUsers = true; nix.configureBuildUsers = true;
nix.nrBuildUsers = 32; nix.nrBuildUsers = 32;
system.stateVersion = 5;
} }

29
modules/examples/ofborg.nix
View file

@ -1,29 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
{
# Logs are enabled by default.
# $ tail -f /var/log/ofborg.log
services.ofborg.enable = true;
# services.ofborg.configFile = "/var/lib/ofborg/config.json";
# $ nix-channel --add https://github.com/NixOS/ofborg/archive/released.tar.gz ofborg
# $ nix-channel --update
services.ofborg.package = (import <ofborg> {}).ofborg.rs;
# Keep nix-daemon updated.
services.nix-daemon.enable = true;
nix.gc.automatic = true;
nix.gc.options = "--max-freed $((25 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | awk '{ print $4 }')))";
# Manage user for ofborg, this enables creating/deleting users
# depending on what modules are enabled.
users.knownGroups = [ "ofborg" ];
users.knownUsers = [ "ofborg" ];
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = 5;
}

1
modules/networking/default.nix
View file

@ -118,6 +118,7 @@ in
echo "configuring networking..." >&2 echo "configuring networking..." >&2
${optionalString (cfg.computerName != null) '' ${optionalString (cfg.computerName != null) ''
# shellcheck disable=SC1112
scutil --set ComputerName ${escapeShellArg cfg.computerName} scutil --set ComputerName ${escapeShellArg cfg.computerName}
''} ''}
${optionalString (cfg.hostName != null) '' ${optionalString (cfg.hostName != null) ''

15
modules/nix/default.nix
View file

@ -404,7 +404,7 @@ in
{ darwin-config = "${config.environment.darwinConfig}"; } { darwin-config = "${config.environment.darwinConfig}"; }
"/nix/var/nix/profiles/per-user/root/channels" "/nix/var/nix/profiles/per-user/root/channels"
]; ];
defaultText = lib.literalExpression '' defaultText = lib.literalExpression ''
lib.optionals cfg.channel.enable [ lib.optionals cfg.channel.enable [
# Include default path <darwin-config>. # Include default path <darwin-config>.
@ -527,8 +527,10 @@ in
description = '' description = ''
If set to true, Nix automatically detects files in the store that have If set to true, Nix automatically detects files in the store that have
identical contents, and replaces them with hard links to a single copy. identical contents, and replaces them with hard links to a single copy.
This saves disk space. If set to false (the default), you can still run This saves disk space. If set to false (the default), you can enable
nix-store --optimise to get rid of duplicate files. {option}`nix.optimise.automatic` to run {command}`nix-store --optimise`
periodically to get rid of duplicate files. You can also run
{command}`nix-store --optimise` manually.
''; '';
}; };
@ -761,6 +763,13 @@ in
{ assertion = elem "nixbld" config.users.knownGroups -> elem "nixbld" createdGroups; message = "refusing to delete group nixbld in users.knownGroups, this would break nix"; } { assertion = elem "nixbld" config.users.knownGroups -> elem "nixbld" createdGroups; message = "refusing to delete group nixbld in users.knownGroups, this would break nix"; }
{ assertion = elem "_nixbld1" config.users.knownGroups -> elem "_nixbld1" createdUsers; message = "refusing to delete user _nixbld1 in users.knownUsers, this would break nix"; } { assertion = elem "_nixbld1" config.users.knownGroups -> elem "_nixbld1" createdUsers; message = "refusing to delete user _nixbld1 in users.knownUsers, this would break nix"; }
{ assertion = config.users.groups ? "nixbld" -> config.users.groups.nixbld.members != []; message = "refusing to remove all members from nixbld group, this would break nix"; } { assertion = config.users.groups ? "nixbld" -> config.users.groups.nixbld.members != []; message = "refusing to remove all members from nixbld group, this would break nix"; }
{
# Should be fixed in Lix by https://gerrit.lix.systems/c/lix/+/2100
# As `isNixAtLeast "2.92.0" "2.92.0-devpre20241107" == false`, we need to explicitly check if the user is running Lix 2.92.0
assertion = cfg.settings.auto-optimise-store -> (cfg.package.pname == "lix" && (isNixAtLeast "2.92.0-devpre20241107" || cfg.package.version == "2.92.0"));
message = "`nix.settings.auto-optimise-store` is known to corrupt the Nix Store, please use `nix.optimise.automatic` instead.";
}
]; ];
# Not in NixOS module # Not in NixOS module

35
modules/programs/zsh/default.nix
View file

@ -107,15 +107,24 @@ in
default = false; default = false;
description = "Enable zsh-syntax-highlighting."; description = "Enable zsh-syntax-highlighting.";
}; };
programs.zsh.enableFastSyntaxHighlighting = mkEnableOption "zsh-fast-syntax-highlighting";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [
{
assertion = !(cfg.enableSyntaxHighlighting && cfg.enableFastSyntaxHighlighting);
message = "zsh-syntax-highlighting and zsh-fast-syntax-highlighting are mutually exclusive, please disable one of them.";
}
];
environment.systemPackages = environment.systemPackages =
[ # Include zsh package [ # Include zsh package
pkgs.zsh pkgs.zsh
] ++ optional cfg.enableCompletion pkgs.nix-zsh-completions ] ++ optional cfg.enableCompletion pkgs.nix-zsh-completions
++ optional cfg.enableSyntaxHighlighting pkgs.zsh-syntax-highlighting; ++ optional cfg.enableSyntaxHighlighting pkgs.zsh-syntax-highlighting
++ optional cfg.enableFastSyntaxHighlighting pkgs.zsh-fast-syntax-highlighting;
environment.pathsToLink = [ "/share/zsh" ]; environment.pathsToLink = [ "/share/zsh" ];
@ -127,17 +136,19 @@ in
if [ -n "''${__ETC_ZSHENV_SOURCED-}" ]; then return; fi if [ -n "''${__ETC_ZSHENV_SOURCED-}" ]; then return; fi
__ETC_ZSHENV_SOURCED=1 __ETC_ZSHENV_SOURCED=1
if [ -z "''${__NIX_DARWIN_SET_ENVIRONMENT_DONE-}" ]; then if [[ -o rcs ]]; then
. ${config.system.build.setEnvironment} if [ -z "''${__NIX_DARWIN_SET_ENVIRONMENT_DONE-}" ]; then
. ${config.system.build.setEnvironment}
fi
# Tell zsh how to find installed completions
for p in ''${(z)NIX_PROFILES}; do
fpath=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions $fpath)
done
${cfg.shellInit}
fi fi
# Tell zsh how to find installed completions
for p in ''${(z)NIX_PROFILES}; do
fpath=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions $fpath)
done
${cfg.shellInit}
# Read system-wide modifications. # Read system-wide modifications.
if test -f /etc/zshenv.local; then if test -f /etc/zshenv.local; then
source /etc/zshenv.local source /etc/zshenv.local
@ -192,6 +203,10 @@ in
"source ${pkgs.zsh-syntax-highlighting}/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh" "source ${pkgs.zsh-syntax-highlighting}/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh"
} }
${optionalString cfg.enableFastSyntaxHighlighting
"source ${pkgs.zsh-fast-syntax-highlighting}/share/zsh-fast-syntax-highlighting/zsh-fast-syntax-highlighting.zsh"
}
${optionalString cfg.enableFzfCompletion "source ${fzfCompletion}"} ${optionalString cfg.enableFzfCompletion "source ${fzfCompletion}"}
${optionalString cfg.enableFzfGit "source ${fzfGit}"} ${optionalString cfg.enableFzfGit "source ${fzfGit}"}
${optionalString cfg.enableFzfHistory "source ${fzfHistory}"} ${optionalString cfg.enableFzfHistory "source ${fzfHistory}"}

2
modules/services/buildkite-agents.nix
View file

@ -237,7 +237,7 @@ in
tagStr = lib.concatStringsSep "," (lib.mapAttrsToList (name: value: "${name}=${value}") cfg.tags); tagStr = lib.concatStringsSep "," (lib.mapAttrsToList (name: value: "${name}=${value}") cfg.tags);
in in
optionalString (cfg.privateSshKeyPath != null) '' optionalString (cfg.privateSshKeyPath != null) ''
mkdir -m 0700 -p "${sshDir}" mkdir -m 0700 "${sshDir}"
install -m600 "${toString cfg.privateSshKeyPath}" "${sshDir}/id_rsa" install -m600 "${toString cfg.privateSshKeyPath}" "${sshDir}/id_rsa"
'' + '' '' + ''
cat > "${cfg.dataDir}/buildkite-agent.cfg" <<EOF cat > "${cfg.dataDir}/buildkite-agent.cfg" <<EOF

26
modules/services/github-runner/service.nix
View file

@ -48,14 +48,20 @@ in
text = mkBefore ('' text = mkBefore (''
echo >&2 "setting up GitHub Runner '${cfg.name}'..." echo >&2 "setting up GitHub Runner '${cfg.name}'..."
${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkStateDir cfg)} (
${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkStateDir cfg)} umask -S u=rwx,g=rx,o=
${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkLogDir cfg)} ${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkStateDir cfg)}
${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkLogDir cfg)} ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkStateDir cfg)}
'' + optionalString (cfg.workDir == null) ''
${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkWorkDir cfg)} ${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkLogDir cfg)}
${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkWorkDir cfg)} ${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkLogDir cfg)}
${optionalString (cfg.workDir == null) ''
${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkWorkDir cfg)}
${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkWorkDir cfg)}
''}
)
''); '');
}; };
})); }));
@ -88,6 +94,10 @@ in
script = script =
let let
# https://github.com/NixOS/nixpkgs/pull/333744 introduced an inconsistency with different
# versions of nixpkgs. Use the old version of escapeShellArg to make sure that labels
# are always escaped to avoid https://www.shellcheck.net/wiki/SC2054
escapeShellArgAlways = string: "'${replaceStrings ["'"] ["'\\''"] (toString string)}'";
configure = pkgs.writeShellApplication { configure = pkgs.writeShellApplication {
name = "configure-github-runner-${name}"; name = "configure-github-runner-${name}";
text = /*bash*/'' text = /*bash*/''
@ -98,7 +108,7 @@ in
--disableupdate --disableupdate
--work ${escapeShellArg workDir} --work ${escapeShellArg workDir}
--url ${escapeShellArg cfg.url} --url ${escapeShellArg cfg.url}
--labels "${escapeShellArg (concatStringsSep "," cfg.extraLabels)}" --labels ${escapeShellArgAlways (concatStringsSep "," cfg.extraLabels)}
${optionalString (cfg.name != null ) "--name ${escapeShellArg cfg.name}"} ${optionalString (cfg.name != null ) "--name ${escapeShellArg cfg.name}"}
${optionalString cfg.replace "--replace"} ${optionalString cfg.replace "--replace"}
${optionalString (cfg.runnerGroup != null) "--runnergroup ${escapeShellArg cfg.runnerGroup}"} ${optionalString (cfg.runnerGroup != null) "--runnergroup ${escapeShellArg cfg.runnerGroup}"}

10
modules/services/ofborg/default.nix
View file

@ -46,12 +46,6 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [
{ assertion = elem "ofborg" config.users.knownGroups; message = "set users.knownGroups to enable ofborg group"; }
{ assertion = elem "ofborg" config.users.knownUsers; message = "set users.knownUsers to enable ofborg user"; }
];
warnings = mkIf (isDerivation cfg.configFile) [ warnings = mkIf (isDerivation cfg.configFile) [
"services.ofborg.configFile is a derivation, credentials will be world readable" "services.ofborg.configFile is a derivation, credentials will be world readable"
]; ];
@ -87,9 +81,13 @@ in
users.users.ofborg.shell = "/bin/bash"; users.users.ofborg.shell = "/bin/bash";
users.users.ofborg.description = "OfBorg service user"; users.users.ofborg.description = "OfBorg service user";
users.knownUsers = [ "ofborg" ];
users.groups.ofborg.gid = mkDefault 531; users.groups.ofborg.gid = mkDefault 531;
users.groups.ofborg.description = "Nix group for OfBorg service"; users.groups.ofborg.description = "Nix group for OfBorg service";
users.knownGroups = [ "ofborg" ];
# FIXME: create logfiles automatically if defined. # FIXME: create logfiles automatically if defined.
system.activationScripts.preActivation.text = '' system.activationScripts.preActivation.text = ''
mkdir -p '${user.home}' mkdir -p '${user.home}'

54
modules/system/base.nix
View file

@ -2,22 +2,46 @@
{ {
system.activationScripts.createRun.text = '' system.activationScripts.createRun.text = ''
if ! test -L /run; then if [[ ! -L /run ]]; then
if ! grep -q '^run\b' /etc/synthetic.conf 2>/dev/null; then # This file doesn't exist by default on macOS and is only supported after 10.15
# however every system with Nix installed should have this file otherwise `/nix`
# wouldn't exist.
if [[ -e /etc/synthetic.conf ]]; then
if ! grep -q '^run\b' /etc/synthetic.conf 2>/dev/null; then
echo "setting up /run via /etc/synthetic.conf..." echo "setting up /run via /etc/synthetic.conf..."
echo -e "run\tprivate/var/run" | sudo tee -a /etc/synthetic.conf >/dev/null printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf >/dev/null
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B &>/dev/null || true fi
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t &>/dev/null || true
if ! test -L /run; then # for Catalina (10.15)
echo "warning: apfs.util failed to symlink /run" sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B &>/dev/null || true
fi # for Big Sur (11.0)
fi sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t &>/dev/null || true
if ! test -L /run; then
echo "setting up /run..." if [[ ! -L /run ]]; then
sudo ln -sfn private/var/run /run printf >&2 'error: apfs.util failed to symlink /run, aborting activation\n'
fi printf >&2 'To create a symlink from /run to /var/run, please run:\n'
if ! test -L /run; then printf >&2 '\n'
echo "warning: failed to symlink /run" printf >&2 "$ printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf"
printf >&2 '$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B # For Catalina\n'
printf >&2 '$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t # For Big Sur and later\n' >&2
printf >&2 '\n'
printf >&2 'The current contents of /etc/synthetic.conf is:\n'
printf >&2 '\n'
sudo sed 's/^/ /' /etc/synthetic.conf >&2
printf >&2 '\n'
exit 1
fi
else
echo "setting up /run..."
sudo ln -sfn private/var/run /run
if [[ ! -L /run ]]; then
printf >&2 'error: failed to symlink /run, aborting activation\n'
printf >&2 'To create a symlink from /run to /var/run, please run:\n'
printf >&2 '\n'
printf >&2 '$ sudo ln -sfn private/var/link /run\n'
exit 1
fi
fi fi
fi fi
''; '';

32
modules/system/checks.nix
View file

@ -22,25 +22,9 @@ let
''; '';
runLink = '' runLink = ''
if ! test -e /run; then if [[ ! -e /run ]]; then
echo "error: Directory /run does not exist, aborting activation" >&2 printf >&2 'error: directory /run does not exist, aborting activation\n'
echo "Create a symlink to /var/run with:" >&2 exit 1
if test -e /etc/synthetic.conf; then
echo >&2
echo "$ printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf" >&2
echo "$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B # For Catalina" >&2
echo "$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t # For Big Sur and later" >&2
echo >&2
echo "The current contents of /etc/synthetic.conf is:" >&2
echo >&2
sed 's/^/ /' /etc/synthetic.conf >&2
echo >&2
else
echo >&2
echo "$ sudo ln -s private/var/run /run" >&2
echo >&2
fi
exit 2
fi fi
''; '';
@ -59,7 +43,7 @@ let
exit 2 exit 2
fi fi
''; '';
preSequoiaBuildUsers = '' preSequoiaBuildUsers = ''
${lib.optionalString config.nix.configureBuildUsers '' ${lib.optionalString config.nix.configureBuildUsers ''
# Dont complain when were about to migrate oldstyle build users… # Dont complain when were about to migrate oldstyle build users…
@ -104,7 +88,7 @@ let
buildUsers = '' buildUsers = ''
buildUser=$(dscl . -read /Groups/nixbld GroupMembership 2>&1 | awk '/^GroupMembership: / {print $2}') || true buildUser=$(dscl . -read /Groups/nixbld GroupMembership 2>&1 | awk '/^GroupMembership: / {print $2}') || true
if [ -z $buildUser ]; then if [[ -z "$buildUser" ]]; then
echo "error: Using the nix-daemon requires build users, aborting activation" >&2 echo "error: Using the nix-daemon requires build users, aborting activation" >&2
echo "Create the build users or disable the daemon:" >&2 echo "Create the build users or disable the daemon:" >&2
echo "$ darwin-install" >&2 echo "$ darwin-install" >&2
@ -120,7 +104,7 @@ let
buildGroupID = '' buildGroupID = ''
buildGroupID=$(dscl . -read /Groups/nixbld PrimaryGroupID | awk '{print $2}') buildGroupID=$(dscl . -read /Groups/nixbld PrimaryGroupID | awk '{print $2}')
expectedBuildGroupID=${toString config.ids.gids.nixbld} expectedBuildGroupID=${toString config.ids.gids.nixbld}
if [[ $buildGroupID != $expectedBuildGroupID ]]; then if [[ $buildGroupID != "$expectedBuildGroupID" ]]; then
printf >&2 '\e[1;31merror: Build user group has mismatching GID, aborting activation\e[0m\n' printf >&2 '\e[1;31merror: Build user group has mismatching GID, aborting activation\e[0m\n'
printf >&2 'The default Nix build user group ID was changed from 30000 to 350.\n' printf >&2 'The default Nix build user group ID was changed from 30000 to 350.\n'
printf >&2 'You are currently managing Nix build users with nix-darwin, but your\n' printf >&2 'You are currently managing Nix build users with nix-darwin, but your\n'
@ -130,6 +114,7 @@ let
printf >&2 'Possible causes include setting up a new Nix installation with an\n' printf >&2 'Possible causes include setting up a new Nix installation with an\n'
printf >&2 'existing nix-darwin configuration, setting up a new nix-darwin\n' printf >&2 'existing nix-darwin configuration, setting up a new nix-darwin\n'
printf >&2 'installation with an existing Nix installation, or manually increasing\n' printf >&2 'installation with an existing Nix installation, or manually increasing\n'
# shellcheck disable=SC2016
printf >&2 'your `system.stateVersion` setting.\n' printf >&2 'your `system.stateVersion` setting.\n'
printf >&2 '\n' printf >&2 '\n'
printf >&2 'You can set the configured group ID to match the actual value:\n' printf >&2 'You can set the configured group ID to match the actual value:\n'
@ -282,6 +267,7 @@ let
if [[ -d /etc/ssh/authorized_keys.d ]]; then if [[ -d /etc/ssh/authorized_keys.d ]]; then
printf >&2 '\e[1;31merror: /etc/ssh/authorized_keys.d exists, aborting activation\e[0m\n' printf >&2 '\e[1;31merror: /etc/ssh/authorized_keys.d exists, aborting activation\e[0m\n'
printf >&2 'SECURITY NOTICE: The previous implementation of the\n' printf >&2 'SECURITY NOTICE: The previous implementation of the\n'
# shellcheck disable=SC2016
printf >&2 '`users.users.<name>.openssh.authorizedKeys.*` options would not delete\n' printf >&2 '`users.users.<name>.openssh.authorizedKeys.*` options would not delete\n'
printf >&2 'authorized keys files when the setting for a given user was removed.\n' printf >&2 'authorized keys files when the setting for a given user was removed.\n'
printf >&2 '\n' printf >&2 '\n'
@ -350,7 +336,7 @@ in
system.activationScripts.checks.text = '' system.activationScripts.checks.text = ''
${cfg.text} ${cfg.text}
if test ''${checkActivation:-0} -eq 1; then if [[ "''${checkActivation:-0}" -eq 1 ]]; then
echo "ok" >&2 echo "ok" >&2
exit 0 exit 0
fi fi

4
modules/system/default.nix
View file

@ -92,6 +92,8 @@ in
name = "darwin-system-${cfg.darwinLabel}"; name = "darwin-system-${cfg.darwinLabel}";
preferLocalBuild = true; preferLocalBuild = true;
nativeBuildInputs = [ pkgs.shellcheck ];
activationScript = cfg.activationScripts.script.text; activationScript = cfg.activationScripts.script.text;
activationUserScript = cfg.activationScripts.userScript.text; activationUserScript = cfg.activationScripts.userScript.text;
inherit (cfg) darwinLabel; inherit (cfg) darwinLabel;
@ -133,6 +135,8 @@ in
chmod u+x $out/activate-user chmod u+x $out/activate-user
unset activationUserScript unset activationUserScript
shellcheck $out/activate $out/activate-user
echo -n "$systemConfig" > $out/systemConfig echo -n "$systemConfig" > $out/systemConfig
echo -n "$darwinLabel" > $out/darwin-version echo -n "$darwinLabel" > $out/darwin-version

41
modules/system/launchd.nix
View file

@ -105,19 +105,29 @@ in
${concatMapStringsSep "\n" (attr: launchdActivation "LaunchAgents" attr.target) launchAgents} ${concatMapStringsSep "\n" (attr: launchdActivation "LaunchAgents" attr.target) launchAgents}
${concatMapStringsSep "\n" (attr: launchdActivation "LaunchDaemons" attr.target) launchDaemons} ${concatMapStringsSep "\n" (attr: launchdActivation "LaunchDaemons" attr.target) launchDaemons}
for f in $(ls /run/current-system/Library/LaunchAgents 2> /dev/null); do for f in /run/current-system/Library/LaunchAgents/*; do
if test ! -e "${cfg.build.launchd}/Library/LaunchAgents/$f"; then [[ -e "$f" ]] || break # handle when directory is empty
echo "removing service $(basename $f .plist)" >&2 f=''${f#/run/current-system/Library/LaunchAgents/}
if [[ ! -e "${cfg.build.launchd}/Library/LaunchAgents/$f" ]]; then
echo "removing service $(basename "$f" .plist)" >&2
launchctl unload "/Library/LaunchAgents/$f" || true launchctl unload "/Library/LaunchAgents/$f" || true
if test -e "/Library/LaunchAgents/$f"; then rm -f "/Library/LaunchAgents/$f"; fi if [[ -e "/Library/LaunchAgents/$f" ]]; then
rm -f "/Library/LaunchAgents/$f"
fi
fi fi
done done
for f in $(ls /run/current-system/Library/LaunchDaemons 2> /dev/null); do for f in /run/current-system/Library/LaunchDaemons/*; do
if test ! -e "${cfg.build.launchd}/Library/LaunchDaemons/$f"; then [[ -e "$f" ]] || break # handle when directory is empty
echo "removing service $(basename $f .plist)" >&2 f=''${f#/run/current-system/Library/LaunchDaemons/}
if [[ ! -e "${cfg.build.launchd}/Library/LaunchDaemons/$f" ]]; then
echo "removing service $(basename "$f" .plist)" >&2
launchctl unload "/Library/LaunchDaemons/$f" || true launchctl unload "/Library/LaunchDaemons/$f" || true
if test -e "/Library/LaunchDaemons/$f"; then rm -f "/Library/LaunchDaemons/$f"; fi if [[ -e "/Library/LaunchDaemons/$f" ]]; then
rm -f "/Library/LaunchDaemons/$f"
fi
fi fi
done done
''; '';
@ -133,11 +143,16 @@ in
''} ''}
${concatMapStringsSep "\n" (attr: userLaunchdActivation attr.target) userLaunchAgents} ${concatMapStringsSep "\n" (attr: userLaunchdActivation attr.target) userLaunchAgents}
for f in $(ls /run/current-system/user/Library/LaunchAgents 2> /dev/null); do for f in /run/current-system/user/Library/LaunchAgents/*; do
if test ! -e "${cfg.build.launchd}/user/Library/LaunchAgents/$f"; then [[ -e "$f" ]] || break # handle when directory is empty
echo "removing user service $(basename $f .plist)" >&2 f=''${f#/run/current-system/user/Library/LaunchAgents/}
launchctl unload ~/Library/LaunchAgents/$f || true
if test -e ~/Library/LaunchAgents/$f; then rm -f ~/Library/LaunchAgents/$f; fi if [[ ! -e "${cfg.build.launchd}/user/Library/LaunchAgents/$f" ]]; then
echo "removing user service $(basename "$f" .plist)" >&2
launchctl unload ~/Library/LaunchAgents/"$f" || true
if [[ -e ~/Library/LaunchAgents/"$f" ]]; then
rm -f ~/Library/LaunchAgents/"$f"
fi
fi fi
done done
''; '';

15
modules/system/patches.nix
View file

@ -30,9 +30,9 @@ in
Set of patches to apply to {file}`/`. Set of patches to apply to {file}`/`.
::: {.warning} ::: {.warning}
This can modify everything so use with caution. This can modify everything so use with caution.
::: :::
Useful for safely changing system files. Unlike the etc module this Useful for safely changing system files. Unlike the etc module this
@ -56,10 +56,13 @@ in
# Applying patches to /. # Applying patches to /.
echo "applying patches..." >&2 echo "applying patches..." >&2
for f in $(ls /run/current-system/patches 2> /dev/null); do for f in /run/current-system/patches/*; do
if test ! -e "${config.system.build.patches}/patches/$f"; then [[ -e "$f" ]] || break # handle when directory is empty
patch --force --reverse --backup -d / -p1 < "/run/current-system/patches/$f" || true f=''${f#/run/current-system/patches/}
fi
if [[ ! -e "${config.system.build.patches}/patches/$f" ]]; then
patch --force --reverse --backup -d / -p1 < "/run/current-system/patches/$f" || true
fi
done done
${concatMapStringsSep "\n" (f: '' ${concatMapStringsSep "\n" (f: ''

19
modules/users/default.nix
View file

@ -99,6 +99,10 @@ in
assertion = cfg.users ? root -> (cfg.users.root.home == null || cfg.users.root.home == "/var/root"); assertion = cfg.users ? root -> (cfg.users.root.home == null || cfg.users.root.home == "/var/root");
message = "`users.users.root.home` must be set to either `null` or `/var/root`."; message = "`users.users.root.home` must be set to either `null` or `/var/root`.";
} }
{
assertion = !builtins.elem "root" deletedUsers;
message = "Remove `root` from `users.knownUsers` if you no longer want nix-darwin to manage it.";
}
]; ];
users.gids = mkMerge gids; users.gids = mkMerge gids;
@ -107,7 +111,7 @@ in
# NOTE: We put this in `system.checks` as we want this to run first to avoid partial activations # NOTE: We put this in `system.checks` as we want this to run first to avoid partial activations
# however currently that runs at user level activation as that runs before system level activation # however currently that runs at user level activation as that runs before system level activation
# TODO: replace `$USER` with `$SUDO_USER` when system.checks runs from system level # TODO: replace `$USER` with `$SUDO_USER` when system.checks runs from system level
system.checks.text = lib.mkAfter '' system.checks.text = lib.mkIf (builtins.length (createdUsers ++ deletedUsers) > 0) (lib.mkAfter ''
ensurePerms() { ensurePerms() {
homeDirectory=$(dscl . -read /Users/nobody NFSHomeDirectory) homeDirectory=$(dscl . -read /Users/nobody NFSHomeDirectory)
homeDirectory=''${homeDirectory#NFSHomeDirectory: } homeDirectory=''${homeDirectory#NFSHomeDirectory: }
@ -115,6 +119,7 @@ in
if ! sudo dscl . -change /Users/nobody NFSHomeDirectory "$homeDirectory" "$homeDirectory" &> /dev/null; then if ! sudo dscl . -change /Users/nobody NFSHomeDirectory "$homeDirectory" "$homeDirectory" &> /dev/null; then
if [[ -n "$SSH_CONNECTION" ]]; then if [[ -n "$SSH_CONNECTION" ]]; then
printf >&2 '\e[1;31merror: users cannot be %s over SSH without Full Disk Access, aborting activation\e[0m\n' "$2" printf >&2 '\e[1;31merror: users cannot be %s over SSH without Full Disk Access, aborting activation\e[0m\n' "$2"
# shellcheck disable=SC2016
printf >&2 'The user %s could not be %s as `darwin-rebuild` was not executed with Full Disk Access over SSH.\n' "$1" "$2" printf >&2 'The user %s could not be %s as `darwin-rebuild` was not executed with Full Disk Access over SSH.\n' "$1" "$2"
printf >&2 'You can either:\n' printf >&2 'You can either:\n'
printf >&2 '\n' printf >&2 '\n'
@ -122,6 +127,7 @@ in
printf >&2 '\n' printf >&2 '\n'
printf >&2 'or\n' printf >&2 'or\n'
printf >&2 '\n' printf >&2 '\n'
# shellcheck disable=SC2016
printf >&2 ' run `darwin-rebuild` in a graphical session.\n' printf >&2 ' run `darwin-rebuild` in a graphical session.\n'
printf >&2 '\n' printf >&2 '\n'
printf >&2 'The option "Allow full disk access for remote users" can be found by\n' printf >&2 'The option "Allow full disk access for remote users" can be found by\n'
@ -135,9 +141,11 @@ in
if ! sudo dscl . -change /Users/nobody NFSHomeDirectory "$homeDirectory" "$homeDirectory" &> /dev/null; then if ! sudo dscl . -change /Users/nobody NFSHomeDirectory "$homeDirectory" "$homeDirectory" &> /dev/null; then
printf >&2 '\e[1;31merror: permission denied when trying to %s user %s, aborting activation\e[0m\n' "$2" "$1" printf >&2 '\e[1;31merror: permission denied when trying to %s user %s, aborting activation\e[0m\n' "$2" "$1"
printf >&2 '`darwin-rebuild` requires permissions to administrate your computer,\n' "$1" "$2" # shellcheck disable=SC2016
printf >&2 '`darwin-rebuild` requires permissions to administrate your computer,\n'
printf >&2 'please accept the dialog that pops up.\n' printf >&2 'please accept the dialog that pops up.\n'
printf >&2 '\n' printf >&2 '\n'
# shellcheck disable=SC2016
printf >&2 'If you do not wish to be prompted every time `darwin-rebuild updates your users,\n' printf >&2 'If you do not wish to be prompted every time `darwin-rebuild updates your users,\n'
printf >&2 'you can grant Full Disk Access to your terminal emulator in System Settings.\n' printf >&2 'you can grant Full Disk Access to your terminal emulator in System Settings.\n'
printf >&2 '\n' printf >&2 '\n'
@ -149,7 +157,6 @@ in
fi fi
} }
${concatMapStringsSep "\n" (v: let ${concatMapStringsSep "\n" (v: let
name = lib.escapeShellArg v.name; name = lib.escapeShellArg v.name;
dsclUser = lib.escapeShellArg "/Users/${v.name}"; dsclUser = lib.escapeShellArg "/Users/${v.name}";
@ -187,18 +194,16 @@ in
if [ "$u" -gt 501 ]; then if [ "$u" -gt 501 ]; then
# TODO: add `darwin.primaryUser` as well # TODO: add `darwin.primaryUser` as well
if [[ ${name} == "$USER" ]]; then if [[ ${name} == "$USER" ]]; then
# shellcheck disable=SC2016
printf >&2 '\e[1;31merror: refusing to delete the user calling `darwin-rebuild` (%s), aborting activation\e[0m\n', ${name} printf >&2 '\e[1;31merror: refusing to delete the user calling `darwin-rebuild` (%s), aborting activation\e[0m\n', ${name}
exit 1 exit 1
elif [[ ${name} == "root" ]]; then
printf >&2 '\e[1;31merror: refusing to delete `root`, aborting activation\e[0m\n'
exit 1
fi fi
ensurePerms ${name} delete ensurePerms ${name} delete
fi fi
fi fi
'') deletedUsers} '') deletedUsers}
''; '');
system.activationScripts.groups.text = mkIf (cfg.knownGroups != []) '' system.activationScripts.groups.text = mkIf (cfg.knownGroups != []) ''
echo "setting up groups..." >&2 echo "setting up groups..." >&2

2
pkgs/darwin-installer/default.nix
View file

@ -95,7 +95,7 @@ stdenv.mkDerivation {
echo >&2 " Open '$config' to get started." echo >&2 " Open '$config' to get started."
echo >&2 " See the README for more information: https://github.com/LnL7/nix-darwin/blob/master/README.md" echo >&2 " See the README for more information: https://github.com/LnL7/nix-darwin/blob/master/README.md"
echo >&2 echo >&2
echo >&2 " Don't forget to start a new shell or source /etc/static/bashrc." echo >&2 " Please log out and log in again to make sure nix-darwin is properly loaded."
echo >&2 echo >&2
exit exit
''; '';

42
pkgs/darwin-uninstaller/configuration.nix
View file

@ -1,4 +1,4 @@
{ lib, ... }: { lib, pkgs, ... }:
with lib; with lib;
@ -7,46 +7,46 @@ with lib;
assertions = mkForce []; assertions = mkForce [];
system.activationScripts.checks.text = mkForce ""; system.activationScripts.checks.text = mkForce "";
# Disable etc, launchd, ...
environment.etc = mkForce {}; environment.etc = mkForce {};
launchd.agents = mkForce {}; launchd.agents = mkForce {};
launchd.daemons = mkForce {}; launchd.daemons = mkForce {};
launchd.user.agents = mkForce {}; launchd.user.agents = mkForce {};
system.activationScripts.postUserActivation.text = mkAfter '' system.activationScripts.postUserActivation.text = mkAfter ''
if test -L ~/.nix-defexpr/channels/darwin; then if [[ -L ~/.nix-defexpr/channels/darwin ]]; then
nix-channel --remove darwin || true nix-channel --remove darwin || true
fi fi
''; '';
system.activationScripts.postActivation.text = mkAfter '' system.activationScripts.postActivation.text = mkAfter ''
if test -L /Applications/Nix\ Apps; then if [[ -L /Applications/Nix\ Apps ]]; then
rm /Applications/Nix\ Apps rm /Applications/Nix\ Apps
fi fi
if test -L /etc/static; then if [[ -L /etc/static ]]; then
rm /etc/static rm /etc/static
fi fi
if test -O /nix/store; then # If the Nix Store is owned by root then we're on a multi-user system
if ! test -e /Library/LaunchDaemons/org.nixos.nix-daemon.plist; then if [[ -O /nix/store ]]; then
sudo rm /Library/LaunchDaemons/org.nixos.nix-daemon.plist || true if [[ -e /nix/var/nix/profiles/default/Library/LaunchDaemons/org.nixos.nix-daemon.plist ]]; then
sudo launchctl remove org.nixos.nix-daemon 2> /dev/null || true
sudo cp /nix/var/nix/profiles/default/Library/LaunchDaemons/org.nixos.nix-daemon.plist /Library/LaunchDaemons/org.nixos.nix-daemon.plist sudo cp /nix/var/nix/profiles/default/Library/LaunchDaemons/org.nixos.nix-daemon.plist /Library/LaunchDaemons/org.nixos.nix-daemon.plist
sudo launchctl load -w /Library/LaunchDaemons/org.nixos.nix-daemon.plist sudo launchctl load -w /Library/LaunchDaemons/org.nixos.nix-daemon.plist
fi fi
if ! grep -q etc/profile.d/nix-daemon.sh /etc/bashrc; then
echo >&2 "Found no nix-daemon.sh reference in /etc/bashrc"
echo >&2 "add this snippet back to /etc/bashrc:"
echo >&2
echo >&2 " # Nix"
echo >&2 " if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then"
echo >&2 " . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'"
echo >&2 " fi"
echo >&2 " # End Nix"
echo >&2
fi
fi fi
# grep will return 1 when no lines matched which makes this line fail with `set -eo pipefail`
dscl . -list /Users UserShell | { grep "\s/run/" || true; } | awk '{print $1}' | while read -r user; do
shell=$(dscl . -read /Users/"$user" UserShell)
if [[ "$shell" != */bin/zsh ]]; then
echo >&2 "warning: changing $user's shell from $shell to /bin/zsh"
fi
dscl . -create /Users/"$user" UserShell /bin/zsh
done
while IFS= read -r -d "" file; do
mv "$file" "''${file%.*}"
done < <(find /etc -name '*.before-nix-darwin' -follow -print0)
''; '';
} }

108
pkgs/darwin-uninstaller/default.nix
View file

@ -1,4 +1,4 @@
{ stdenv, lib, pkgs }: { lib, path, stdenv, writeShellApplication }:
let let
uninstallSystem = import ../../eval-config.nix { uninstallSystem = import ../../eval-config.nix {
@ -6,39 +6,23 @@ let
modules = [ modules = [
./configuration.nix ./configuration.nix
{ {
nixpkgs.source = pkgs.path; nixpkgs.source = path;
nixpkgs.hostPlatform = pkgs.stdenv.hostPlatform.system; nixpkgs.hostPlatform = stdenv.hostPlatform.system;
system.includeUninstaller = false; system.includeUninstaller = false;
} }
]; ];
}; };
in in writeShellApplication {
stdenv.mkDerivation {
name = "darwin-uninstaller"; name = "darwin-uninstaller";
preferLocalBuild = true; text = ''
unpackPhase = ":";
installPhase = ''
mkdir -p $out/bin
echo "$shellHook" > $out/bin/darwin-uninstaller
chmod +x $out/bin/darwin-uninstaller
'';
shellHook = ''
#!${stdenv.shell}
set -e
action=switch
while [ "$#" -gt 0 ]; do while [ "$#" -gt 0 ]; do
i="$1"; shift 1 i="$1"; shift 1
case "$i" in case "$i" in
--help) --help)
echo "darwin-uninstaller: [--help]" echo "darwin-uninstaller: [--help]"
exit exit
;; ;;
esac esac
done done
echo >&2 echo >&2
@ -50,51 +34,61 @@ stdenv.mkDerivation {
echo >&2 " - restore daemon service from nix installer (only when this is a multi-user install)" echo >&2 " - restore daemon service from nix installer (only when this is a multi-user install)"
echo >&2 echo >&2
if test -t 0; then if [[ -t 0 ]]; then
read -p "Proceed? [y/n] " i read -r -p "Proceed? [y/n] " i
case "$i" in case "$i" in
y|Y) y|Y)
;; ;;
*) *)
exit 3 exit 3
;; ;;
esac esac
fi fi
${uninstallSystem.system}/sw/bin/darwin-rebuild activate ${uninstallSystem.system}/sw/bin/darwin-rebuild activate
if test -L /run/current-system; then if [[ -L /run/current-system ]]; then
sudo rm /run/current-system sudo rm /run/current-system
fi fi
if [[ -L /run ]]; then
if [[ -e /etc/synthetic.conf ]]; then
sudo sed -i -E '/^run[[:space:]]/d' /etc/synthetic.conf
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B &>/dev/null || true
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t &>/dev/null || true
echo >&2 "NOTE: the /run symlink will be removed on reboot"
else
sudo rm /run
fi
fi
echo >&2 echo >&2
echo >&2 "NOTE: The /nix/var/nix/profiles/system* profiles still exist and won't be garbage collected." echo >&2 "NOTE: The /nix/var/nix/profiles/system* profiles still exist and won't be garbage collected."
echo >&2 echo >&2
echo >&2 "Done!" echo >&2 "Done!"
echo >&2 echo >&2
exit
''; '';
passthru.check = stdenv.mkDerivation { derivationArgs.passthru.tests.uninstaller = writeShellApplication {
name = "run-darwin-test"; name = "post-uninstall-test";
shellHook = '' text = ''
set -e echo >&2 "running uninstaller tests..."
echo >&2 "running uninstaller tests..." echo >&2
echo >&2
echo >&2 "checking darwin channel" echo >&2 "checking darwin channel"
! test -e ~/.nix-defexpr/channels/darwin test -e ~/.nix-defexpr/channels/darwin && exit 1
echo >&2 "checking /etc" echo >&2 "checking /etc"
! test -e /etc/static test -e /etc/static && exit 1
echo >&2 "checking /run/current-system" echo >&2 "checking /run/current-system"
! test -e /run/current-system test -e /run/current-system && exit 1
echo >&2 "checking nix-daemon service (assuming a multi-user install)" if [[ $(stat -f '%Su' /nix/store) == "root" ]]; then
sudo launchctl list | grep org.nixos.nix-daemon || echo "FIXME? sudo launchctl list | grep org.nixos.nix-daemon" echo >&2 "checking nix-daemon service"
pgrep -l nix-daemon || echo "FIXME? pgrep -l nix-daemon" launchctl print system/org.nixos.nix-daemon
readlink /Library/LaunchDaemons/org.nixos.nix-daemon.plist || echo "FIXME? readlink /Library/LaunchDaemons/org.nixos.nix-daemon.plist" pgrep -l nix-daemon
grep /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt /Library/LaunchDaemons/org.nixos.nix-daemon.plist || echo "FIXME? grep /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt /Library/LaunchDaemons/org.nixos.nix-daemon.plist" test -e /Library/LaunchDaemons/org.nixos.nix-daemon.plist
[[ "$(shasum -a 256 /Library/LaunchDaemons/org.nixos.nix-daemon.plist | awk '{print $1}')" == "$(shasum -a 256 /Library/LaunchDaemons/org.nixos.nix-daemon.plist | awk '{print $1}')" ]]
echo >&2 ok echo >&2 ok
exit fi
''; '';
}; };
} }

177
release.nix
View file

@ -1,21 +1,16 @@
{ nixpkgs ? <nixpkgs> { nixpkgs ? <nixpkgs>
, supportedSystems ? [ "x86_64-darwin" ] # Adapted from https://github.com/NixOS/nixpkgs/blob/e818264fe227ad8861e0598166cf1417297fdf54/pkgs/top-level/release.nix#L11
, nix-darwin ? { }
, system ? builtins.currentSystem
, supportedSystems ? [ "x86_64-darwin" "aarch64-darwin" ]
, scrubJobs ? true , scrubJobs ? true
}: }:
let let
inherit (release) mapTestOn packagePlatforms pkgs all linux darwin;
system = "x86_64-darwin";
mapPlatforms = systems: pkgs.lib.mapAttrs (n: v: systems);
buildFromConfig = configuration: sel: sel buildFromConfig = configuration: sel: sel
(import ./. { inherit nixpkgs configuration system; }).config; (import ./. { inherit nixpkgs configuration system; }).config;
makeSystem = configuration: pkgs.lib.genAttrs [ system ] (system: makeSystem = configuration: buildFromConfig configuration (config: config.system.build.toplevel);
buildFromConfig configuration (config: config.system.build.toplevel)
);
makeTest = test: makeTest = test:
let let
@ -61,104 +56,76 @@ let
in in
buildFromConfig configuration (config: config.system.build.run-test); buildFromConfig configuration (config: config.system.build.run-test);
release = import (nixpkgs + "/pkgs/top-level/release-lib.nix") {
inherit supportedSystems scrubJobs;
packageSet = import nixpkgs;
};
packageSet = {
inherit (pkgs)
stdenv bash zsh nix
tmux reattach-to-user-namespace
nano emacs vim;
};
manual = buildFromConfig ({ lib, config, ... }: { manual = buildFromConfig ({ lib, config, ... }: {
system.stateVersion = lib.mkDefault config.system.maxStateVersion; system.stateVersion = lib.mkDefault config.system.maxStateVersion;
system.darwinVersionSuffix = let
shortRev = nix-darwin.shortRev or nix-darwin.dirtyShortRev or null;
in
lib.mkIf (shortRev != null) ".${shortRev}";
system.darwinRevision = let
rev = nix-darwin.rev or nix-darwin.dirtyRev or null;
in
lib.mkIf (rev != null) rev;
}) (config: config.system.build.manual); }) (config: config.system.build.manual);
jobs = { in {
docs = {
inherit (manual) manualHTML manpages optionsJSON;
};
unstable = pkgs.releaseTools.aggregate { examples.hydra = makeSystem ./modules/examples/hydra.nix;
name = "darwin-${pkgs.lib.nixpkgsVersion}"; examples.lnl = makeSystem ./modules/examples/lnl.nix;
constituents = examples.simple = makeSystem ./modules/examples/simple.nix;
[ jobs.stdenv.x86_64-darwin
jobs.bash.x86_64-darwin
jobs.zsh.x86_64-darwin
jobs.nix.x86_64-darwin
jobs.reattach-to-user-namespace.x86_64-darwin
jobs.tmux.x86_64-darwin
jobs.nano.x86_64-darwin
jobs.vim.x86_64-darwin
jobs.emacs.x86_64-darwin
jobs.examples.hydra.x86_64-darwin
jobs.examples.lnl.x86_64-darwin
jobs.examples.simple.x86_64-darwin
];
meta.description = "Release-critical builds for the darwin channel";
};
manualHTML = manual.manualHTML; tests.activation-scripts = makeTest ./tests/activation-scripts.nix;
manpages = manual.manpages; tests.autossh = makeTest ./tests/autossh.nix;
options = manual.optionsJSON; tests.checks-nix-gc = makeTest ./tests/checks-nix-gc.nix;
tests.environment-path = makeTest ./tests/environment-path.nix;
examples.hydra = makeSystem ./modules/examples/hydra.nix; tests.environment-terminfo = makeTest ./tests/environment-terminfo.nix;
examples.lnl = makeSystem ./modules/examples/lnl.nix; tests.homebrew = makeTest ./tests/homebrew.nix;
examples.simple = makeSystem ./modules/examples/simple.nix; tests.launchd-daemons = makeTest ./tests/launchd-daemons.nix;
tests.launchd-setenv = makeTest ./tests/launchd-setenv.nix;
tests.activation-scripts = makeTest ./tests/activation-scripts.nix; tests.networking-hostname = makeTest ./tests/networking-hostname.nix;
tests.autossh = makeTest ./tests/autossh.nix; tests.networking-networkservices = makeTest ./tests/networking-networkservices.nix;
tests.checks-nix-gc = makeTest ./tests/checks-nix-gc.nix; tests.nixpkgs-overlays = makeTest ./tests/nixpkgs-overlays.nix;
tests.environment-path = makeTest ./tests/environment-path.nix; tests.programs-ssh = makeTest ./tests/programs-ssh.nix;
tests.environment-terminfo = makeTest ./tests/environment-terminfo.nix; tests.programs-tmux = makeTest ./tests/programs-tmux.nix;
tests.homebrew = makeTest ./tests/homebrew.nix; tests.programs-zsh = makeTest ./tests/programs-zsh.nix;
tests.launchd-daemons = makeTest ./tests/launchd-daemons.nix; tests.programs-ssh-empty-known-hosts = makeTest ./tests/programs-ssh-empty-known-hosts.nix;
tests.launchd-setenv = makeTest ./tests/launchd-setenv.nix; tests.security-pki = makeTest ./tests/security-pki.nix;
tests.networking-hostname = makeTest ./tests/networking-hostname.nix; tests.services-activate-system = makeTest ./tests/services-activate-system.nix;
tests.networking-networkservices = makeTest ./tests/networking-networkservices.nix; tests.services-activate-system-changed-label-prefix = makeTest ./tests/services-activate-system-changed-label-prefix.nix;
tests.nixpkgs-overlays = makeTest ./tests/nixpkgs-overlays.nix; tests.services-buildkite-agent = makeTest ./tests/services-buildkite-agent.nix;
tests.programs-ssh = makeTest ./tests/programs-ssh.nix; tests.services-github-runners = makeTest ./tests/services-github-runners.nix;
tests.programs-tmux = makeTest ./tests/programs-tmux.nix; tests.services-lorri = makeTest ./tests/services-lorri.nix;
tests.programs-zsh = makeTest ./tests/programs-zsh.nix; tests.services-nix-daemon = makeTest ./tests/services-nix-daemon.nix;
tests.programs-ssh-empty-known-hosts = makeTest ./tests/programs-ssh-empty-known-hosts.nix; tests.sockets-nix-daemon = makeTest ./tests/sockets-nix-daemon.nix;
tests.security-pki = makeTest ./tests/security-pki.nix; tests.services-aerospace = makeTest ./tests/services-aerospace.nix;
tests.services-activate-system = makeTest ./tests/services-activate-system.nix; tests.services-dnsmasq = makeTest ./tests/services-dnsmasq.nix;
tests.services-activate-system-changed-label-prefix = makeTest ./tests/services-activate-system-changed-label-prefix.nix; tests.services-eternal-terminal = makeTest ./tests/services-eternal-terminal.nix;
tests.services-buildkite-agent = makeTest ./tests/services-buildkite-agent.nix; tests.services-nix-gc = makeTest ./tests/services-nix-gc.nix;
tests.services-github-runners = makeTest ./tests/services-github-runners.nix; tests.services-nix-optimise = makeTest ./tests/services-nix-optimise.nix;
tests.services-lorri = makeTest ./tests/services-lorri.nix; tests.services-nextdns = makeTest ./tests/services-nextdns.nix;
tests.services-nix-daemon = makeTest ./tests/services-nix-daemon.nix; tests.services-netdata = makeTest ./tests/services-netdata.nix;
tests.sockets-nix-daemon = makeTest ./tests/sockets-nix-daemon.nix; tests.services-ofborg = makeTest ./tests/services-ofborg.nix;
tests.services-aerospace = makeTest ./tests/services-aerospace.nix; tests.services-offlineimap = makeTest ./tests/services-offlineimap.nix;
tests.services-dnsmasq = makeTest ./tests/services-dnsmasq.nix; tests.services-privoxy = makeTest ./tests/services-privoxy.nix;
tests.services-eternal-terminal = makeTest ./tests/services-eternal-terminal.nix; tests.services-redis = makeTest ./tests/services-redis.nix;
tests.services-nix-gc = makeTest ./tests/services-nix-gc.nix; tests.services-skhd = makeTest ./tests/services-skhd.nix;
tests.services-nix-optimise = makeTest ./tests/services-nix-optimise.nix; tests.services-spacebar = makeTest ./tests/services-spacebar.nix;
tests.services-nextdns = makeTest ./tests/services-nextdns.nix; tests.services-spotifyd = makeTest ./tests/services-spotifyd.nix;
tests.services-netdata = makeTest ./tests/services-netdata.nix; tests.services-synapse-bt = makeTest ./tests/services-synapse-bt.nix;
tests.services-ofborg = makeTest ./tests/services-ofborg.nix; tests.services-synergy = makeTest ./tests/services-synergy.nix;
tests.services-offlineimap = makeTest ./tests/services-offlineimap.nix; tests.services-yabai = makeTest ./tests/services-yabai.nix;
tests.services-privoxy = makeTest ./tests/services-privoxy.nix; tests.services-jankyborders = makeTest ./tests/services-jankyborders.nix;
tests.services-redis = makeTest ./tests/services-redis.nix; tests.system-defaults-write = makeTest ./tests/system-defaults-write.nix;
tests.services-skhd = makeTest ./tests/services-skhd.nix; tests.system-environment = makeTest ./tests/system-environment.nix;
tests.services-spacebar = makeTest ./tests/services-spacebar.nix; tests.system-keyboard-mapping = makeTest ./tests/system-keyboard-mapping.nix;
tests.services-spotifyd = makeTest ./tests/services-spotifyd.nix; tests.system-packages = makeTest ./tests/system-packages.nix;
tests.services-synapse-bt = makeTest ./tests/services-synapse-bt.nix; tests.system-path = makeTest ./tests/system-path.nix;
tests.services-synergy = makeTest ./tests/services-synergy.nix; tests.system-shells = makeTest ./tests/system-shells.nix;
tests.services-yabai = makeTest ./tests/services-yabai.nix; tests.users-groups = makeTest ./tests/users-groups.nix;
tests.services-jankyborders = makeTest ./tests/services-jankyborders.nix; tests.users-packages = makeTest ./tests/users-packages.nix;
tests.system-defaults-write = makeTest ./tests/system-defaults-write.nix; tests.fonts = makeTest ./tests/fonts.nix;
tests.system-environment = makeTest ./tests/system-environment.nix; }
tests.system-keyboard-mapping = makeTest ./tests/system-keyboard-mapping.nix;
tests.system-packages = makeTest ./tests/system-packages.nix;
tests.system-path = makeTest ./tests/system-path.nix;
tests.system-shells = makeTest ./tests/system-shells.nix;
tests.users-groups = makeTest ./tests/users-groups.nix;
tests.users-packages = makeTest ./tests/users-packages.nix;
tests.fonts = makeTest ./tests/fonts.nix;
}
// (mapTestOn (packagePlatforms packageSet));
in
jobs