mirrors/nix-darwin
1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2024-12-15 17:51:01 +00:00
Code Activity

Merge branch 'master' into kabir/one-sudo

Browse source
This commit is contained in:
Kabir Oberai 2024-11-09 22:54:58 -05:00
commit 6f391da544
28 changed files with 375 additions and 426 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
.github/workflows/build.yml vendored
View file

@ -1,18 +0,0 @@
name: "Build"
on:
# curl -fsSL -XPOST \
# -H "Accept: application/vnd.github.everest-preview+json" \
# -H "Authorization: token $GITHUB_TOKEN" \
# --data '{"event_type": "build", "client_payload": {"args": "-f channel:nixpkgs-unstable hello"}}' \
# https://api.github.com/repos/LnL7/nix-darwin/dispatches
repository_dispatch:
types:
- build
jobs:
build:
runs-on: macos-12
steps:
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@v22
- run: |
nix build ${{ github.event.client_payload.args }} -vL

23
.github/workflows/debug.yml vendored
View file

@ -1,23 +0,0 @@
name: "Debug"
on:
# curl -fsSL -XPOST \
# -H "Accept: application/vnd.github.everest-preview+json" \
# -H "Authorization: token $GITHUB_TOKEN" \
# --data '{"event_type": "debug"}' \
# https://api.github.com/repos/LnL7/nix-darwin/dispatches
repository_dispatch:
types:
- debug
jobs:
debug:
runs-on: macos-12
steps:
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@v22
- run: |
nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs
nix-channel --update
- run: |
nix-shell -A installer
nix-shell -A installer.check
- uses: mxschmitt/action-tmate@v3

47
.github/workflows/test.yml vendored
View file

@ -13,33 +13,29 @@ jobs:
runs-on: macos-13
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install nix corresponding to latest stable channel
uses: cachix/install-nix-action@v30
with:
install_url: https://releases.nixos.org/nix/nix-2.18.8/install
- run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A tests
- run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A manpages
- run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A examples.simple
- run: nix flake check --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
test-unstable:
runs-on: macos-13
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install nix from current unstable channel
uses: cachix/install-nix-action@v30
with:
install_url: https://releases.nixos.org/nix/nix-2.24.9/install
- run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A tests
- run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A manpages
- run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A examples.simple
- run: nix flake check --override-input nixpkgs nixpkgs/nixpkgs-unstable
install-against-stable:
runs-on: macos-13
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install nix corresponding to latest stable channel
uses: cachix/install-nix-action@v30
with:
@ -70,9 +66,12 @@ jobs:
darwin-rebuild switch -I darwin=.
- name: Test uninstallation of nix-darwin
run: |
export NIX_PATH=$HOME/.nix-defexpr/channels
nix-shell -A uninstaller
nix-shell -A uninstaller.check
nix run .#darwin-uninstaller \
--override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }} \
--extra-experimental-features "nix-command flakes"
nix run .#darwin-uninstaller.tests.uninstaller \
--override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }} \
--extra-experimental-features "nix-command flakes"
- name: Debugging tmate session
if: ${{ failure() }}
uses: mxschmitt/action-tmate@v3
@ -84,7 +83,7 @@ jobs:
runs-on: macos-13
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install nix from current unstable channel
uses: cachix/install-nix-action@v30
with:
@ -115,9 +114,13 @@ jobs:
darwin-rebuild switch -I darwin=.
- name: Test uninstallation of nix-darwin
run: |
export NIX_PATH=$HOME/.nix-defexpr/channels
nix-shell -A uninstaller
nix-shell -A uninstaller.check
# A regression in Nix 2.19 means we need to put `--extra-experimental-features` before `--override-input`
nix run .#darwin-uninstaller \
--extra-experimental-features "nix-command flakes" \
--override-input nixpkgs nixpkgs/nixpkgs-unstable
nix run .#darwin-uninstaller.tests.uninstaller \
--extra-experimental-features "nix-command flakes" \
--override-input nixpkgs nixpkgs/nixpkgs-unstable
- name: Debugging tmate session
if: ${{ failure() }}
uses: mxschmitt/action-tmate@v3
@ -129,7 +132,7 @@ jobs:
runs-on: macos-13
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install nix version corresponding to latest stable channel
uses: cachix/install-nix-action@v30
with:
@ -153,12 +156,16 @@ jobs:
run: |
. /etc/static/bashrc
darwin-rebuild build --flake ./modules/examples/flake#simple --override-input nix-darwin . --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
- name: Test uninstallation of nix-darwin
run: |
nix run .#darwin-uninstaller --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
nix run .#darwin-uninstaller.tests.uninstaller --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
install-flake-against-unstable:
runs-on: macos-13
timeout-minutes: 30
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install nix from current unstable channel
uses: cachix/install-nix-action@v30
with:
@ -182,3 +189,7 @@ jobs:
run: |
. /etc/static/bashrc
darwin-rebuild build --flake ./modules/examples/flake#simple --override-input nix-darwin . --override-input nixpkgs nixpkgs/nixpkgs-unstable
- name: Test uninstallation of nix-darwin
run: |
nix run .#darwin-uninstaller --override-input nixpkgs nixpkgs/nixpkgs-unstable
nix run .#darwin-uninstaller.tests.uninstaller --override-input nixpkgs nixpkgs/nixpkgs-unstable

6
.github/workflows/update-manual.yml vendored
View file

@ -3,15 +3,13 @@ on:
push:
branches:
- master
paths:
- '**.nix'
jobs:
update-manual:
runs-on: macos-13
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
# So that we fetch all branches, since we need to checkout the `gh-pages` branch later.
fetch-depth: 0
@ -21,7 +19,7 @@ jobs:
- name: Build manual
run: |
nix-build ./release.nix -I nixpkgs=channel:nixpkgs-24.05-darwin -I darwin=. -A manualHTML
nix build .#manualHTML
- name: Push update to manual
run: |

20
README.md
View file

@ -2,16 +2,23 @@
# nix-darwin
![Test](https://github.com/LnL7/nix-darwin/workflows/Test/badge.svg)
[![Test](https://github.com/LnL7/nix-darwin/actions/workflows/test.yml/badge.svg)](https://github.com/LnL7/nix-darwin/actions/workflows/test.yml)
Nix modules for darwin, `/etc/nixos/configuration.nix` for macOS.
This project aims to bring the convenience of a declarative system approach to macOS.
nix-darwin is built up around [Nixpkgs](https://github.com/NixOS/nixpkgs), quite similar to [NixOS](https://nixos.org/).
## Installing
## Prerequisites
To install nix-darwin, a working installation of [Nix](https://github.com/NixOS/nix#installation) is required.
The only prerequisite is a Nix implementation, both Nix and Lix are supported.
As the official Nix installer does not include an automated uninstaller, and manual uninstallation on macOS is a complex process, we recommend using one of the following installers instead:
- The [Nix installer from Determinate Systems](https://github.com/DeterminateSystems/nix-installer?tab=readme-ov-file#determinate-nix-installer) is only recommended for use with flake-based setups. **Make sure you use it without the `--determinate` flag**. The `--determinate` flag installs the Determinate Nix distribution which does not work out of the box with nix-darwin.
* The [Lix installer](https://lix.systems/install/#on-any-other-linuxmacos-system) supports both flake-based and channel-based setups.
## Installing
If you wish to use nix-darwin with flakes, please refer to the [flakes](#flakes) section.
@ -20,13 +27,6 @@ nix-build https://github.com/LnL7/nix-darwin/archive/master.tar.gz -A installer
./result/bin/darwin-installer
```
> NOTE: the system activation scripts don't overwrite existing etc files, so files like `/etc/bashrc` and `/etc/zshrc` won't be
> updated by default. If you didn't use the installer or skipped some of the options you'll have to take care of this yourself.
> Either modify the existing file to source/import the one from `/etc/static` or remove it. Some examples:
- `mv /etc/bashrc /etc/bashrc.before-nix-darwin`
- `echo 'if test -e /etc/static/bashrc; then . /etc/static/bashrc; fi' | sudo tee -a /etc/bashrc`
## Updating
The installer will configure a channel for this repository.

8
doc/manual/default.nix
View file

@ -118,18 +118,18 @@ in rec {
# TODO: get these parameterized in upstream nixos-render-docs
sed -i -e '
/^\.TH / s|NixOS|Darwin|g
/^\.TH / s|NixOS|nix-darwin|g
/^\.SH "NAME"$/ {
N
s|NixOS|Darwin|g
s|NixOS|nix-darwin|g
}
/^\.SH "DESCRIPTION"$/ {
N; N
s|/etc/nixos/configuration|configuration|g
s|NixOS|Darwin|g
s|nixos|darwin|g
s|NixOS|nix-darwin|g
s|nixos|nix-darwin|g
}
/\.SH "AUTHORS"$/ {

2
doc/manual/manual.md
View file

@ -1,4 +1,4 @@
# Darwin Configuration Options {#book-darwin-manual}
# nix-darwin Configuration Options {#book-darwin-manual}
## Version @DARWIN_VERSION@
```{=include=} options

33
flake.nix
View file

@ -1,9 +1,15 @@
{
# WARNING this is very much still experimental.
description = "A collection of darwin modules";
outputs = { self, nixpkgs }: let
forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-darwin" "x86_64-darwin" ];
forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-darwin" "x86_64-darwin" "aarch64-linux" "x86_64-linux" ];
forDarwinSystems = nixpkgs.lib.genAttrs [ "aarch64-darwin" "x86_64-darwin" ];
jobs = forAllSystems (system: import ./release.nix {
inherit nixpkgs system;
nix-darwin = self;
});
in {
lib = {
evalConfig = import ./eval-config.nix;
@ -48,7 +54,6 @@
darwinModules.hydra = ./modules/examples/hydra.nix;
darwinModules.lnl = ./modules/examples/lnl.nix;
darwinModules.ofborg = ./modules/examples/ofborg.nix;
darwinModules.simple = ./modules/examples/simple.nix;
templates.default = {
@ -56,23 +61,11 @@
description = "nix flake init -t nix-darwin";
};
checks = forAllSystems (system: let
simple = self.lib.darwinSystem {
modules = [
self.darwinModules.simple
{ nixpkgs.hostPlatform = system; }
];
};
in {
simple = simple.system;
checks = forDarwinSystems (system: jobs.${system}.tests // jobs.${system}.examples);
inherit (simple.config.system.build.manual)
optionsJSON
manualHTML
manpages;
});
packages = forAllSystems (system: let
packages = forAllSystems (system: {
inherit (jobs.${system}.docs) manualHTML manpages optionsJSON;
} // (nixpkgs.lib.optionalAttrs (nixpkgs.lib.hasSuffix "darwin" system) (let
pkgs = import nixpkgs {
inherit system;
overlays = [ self.overlays.default ];
@ -81,6 +74,6 @@
default = self.packages.${system}.darwin-rebuild;
inherit (pkgs) darwin-option darwin-rebuild darwin-version darwin-uninstaller;
});
})));
};
}

2
modules/examples/flake/flake.nix
View file

@ -1,5 +1,5 @@
{
description = "Example Darwin system flake";
description = "Example nix-darwin system flake";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";

17
modules/examples/hydra.nix
View file

@ -1,25 +1,16 @@
{ config, lib, pkgs, ... }:
with lib;
let
environment = concatStringsSep " "
environment = lib.concatStringsSep " "
[ "NIX_REMOTE=daemon"
"NIX_SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
];
in
{
# Create /etc/bashrc that loads the nix-darwin environment.
programs.bash.enable = true;
programs.bash.completion.enable = false;
# Recreate /run/current-system symlink after boot.
services.activate-system.enable = true;
services.nix-daemon.enable = true;
nix.settings.substituters = [ http://cache1 ];
nix.settings.substituters = [ "http://cache1" ];
nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ];
nix.settings.trusted-users = [ "@admin" "@hydra" ];
@ -31,7 +22,7 @@ in
nix.gc.automatic = true;
nix.gc.options = "--max-freed $((25 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | awk '{ print $4 }')))";
environment.etc."per-user/hydra/ssh/authorized_keys".text = concatStringsSep "\n"
environment.etc."per-user/hydra/ssh/authorized_keys".text = lib.concatStringsSep "\n"
[ "command=\"${environment} ${config.nix.package}/bin/nix-store --serve --write\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCVsc0pHGsskoayziMhA2e59bHPWe0bbKgusmqhuJFBGQ1BAk9UmPzKCWE3nCiV6CLD1+SygVkBjb06DYtc+94BnzviCa9qZtL0G4+2vhp6x8OvXh8xlf/eWw3k5MWlvu+kjJFpbW8wHWTiUqzH+uEeHklAosT0lFNjiIYd/Vs3JAezhUR62a6c7ZjWOd5F7ALGEKzOiwC4i37kSgGsIWNCbe0Ku7gyr718zhMGeyxax6saHhnkSpIB+7d6oHhKeiJSFMWctNmz1/qxXUPbxNaJvqgdKlVHhN+B7x/TIbkVr5pTC59Okx9LTcpflFIv79VT+Gf1K7VypZpSvJjG0xFRt8iDs1+ssWFBfvpo94vUbZ+ZwMDcBGR5iJeO41Gj5fYn5aaDl32RXfJ9Fkwael1L6pcXtkIc66jk+KQQpgoeNj8Y3Emntpqva/2AM41wDDvr5tKp5KhEKFLM95CoiWq+g88pZLcpqLK7wooDVqNkVUEbMaj9lBN0AzU9mcsIRGvTa6CmWAdBvwqS2fRZD97Oarqct9AWgb0X6mOUq9BJNi4i4xvjgnVkylLwtLUnibR/PeXMtkb9bv6BEZXNf5ACqxSjKXJyaIHI65I5TILCr5eEgaujgvmkREn6U3T1NZAUIeVe9aVYLqehYh79OHUBzggoHqidRrXBB/6zdg9UgQ=="
"command=\"${environment} ${config.nix.package}/bin/nix-store --serve --write\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCnubA1pRqlpoAXkZ1q5nwhqi1RY2z840wFLFDj7vAMSups9E2U8PNIVtuVYApZpkBWIpzD4GGbQTF5Itnu5uBpJswc2Yat9yGWO/guuVyXIaRoBIM0Pg1WBWcWsz+k4rNludu9UQ74FHqEiqZIuIuOcgV+RIZn8xQlGt2kUqN9TWboHhZz8Zhx7EtGSJH6MJRLn3mA/pPjOF6k1jiiFG1pVDuqBTZPANkelWYCWAJ46jCyhxXltWE/jkBYGc/XbB8yT7DFE1XC6TVsSEp68R9PhVG3yqxqY06sniEyduSoGt/TDr6ycERd93bvLElXFATes85YiFszeaUgayYSKwQPe0q7YeHMhIXL0UYJYaKVVgT9saFDiHDzde7kKe+NA+J4+TbIk7Y/Ywn0jepsYV13M7TyEqgqbu9fvVGF3JI9+4g0m1gAzHTa7n6iiAedtz+Pi79uCEpRD2hWSSoLWroyPlep8j1p2tygtFsrieePEukesoToCTwqg1Ejnjh+yKdtUbc6xpyRvl3hKeO8QbCpfaaVd27e4vE4lP2JMW6nOo8b0wlVXQIFe5K2zh52q1MSwhLAq6Kg8oPmgj0lru4IivmPc+/NVwd3Qj3E9ZB8LRfTesfbcxHrC8lF5dL/QpLMeLwebrwCxL19gI0kxmDIaUQuHSyP3B2z+EmBKcN/Xw=="
];
@ -53,4 +44,6 @@ in
chown hydra:hydra ~hydra ~hydra/.ssh ~hydra/.ssh/authorized_keys
echo "ok"
'';
system.stateVersion = 5;
}

13
modules/examples/lnl.nix
View file

@ -1,10 +1,6 @@
{ config, lib, inputs, pkgs, ... }:
{
# imports = [ ~/.config/nixpkgs/darwin/local-configuration.nix ];
# system.patches = [ ./pam.patch ];
system.defaults.NSGlobalDomain.AppleKeyboardUIMode = 3;
system.defaults.NSGlobalDomain.ApplePressAndHoldEnabled = false;
system.defaults.NSGlobalDomain.InitialKeyRepeat = 10;
@ -50,13 +46,10 @@
pkgs.gnupg
pkgs.htop
pkgs.jq
pkgs.mosh
pkgs.ripgrep
pkgs.shellcheck
pkgs.vault
pkgs.qes
pkgs.darwin-zsh-completions
];
services.yabai.enable = true;
@ -96,7 +89,7 @@
'';
nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ];
nix.settings.trusted-substituters = [ https://d3i7ezr9vxxsfy.cloudfront.net ];
nix.settings.trusted-substituters = [ "https://d3i7ezr9vxxsfy.cloudfront.net" ];
nix.settings.sandbox = true;
nix.settings.extra-sandbox-paths = [ "/private/tmp" "/private/var/tmp" "/usr/bin/env" ];
@ -302,8 +295,6 @@
fi
'';
# environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix";
nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [
@ -331,4 +322,6 @@
nix.configureBuildUsers = true;
nix.nrBuildUsers = 32;
system.stateVersion = 5;
}

29
modules/examples/ofborg.nix
View file

@ -1,29 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
{
# Logs are enabled by default.
# $ tail -f /var/log/ofborg.log
services.ofborg.enable = true;
# services.ofborg.configFile = "/var/lib/ofborg/config.json";
# $ nix-channel --add https://github.com/NixOS/ofborg/archive/released.tar.gz ofborg
# $ nix-channel --update
services.ofborg.package = (import <ofborg> {}).ofborg.rs;
# Keep nix-daemon updated.
services.nix-daemon.enable = true;
nix.gc.automatic = true;
nix.gc.options = "--max-freed $((25 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | awk '{ print $4 }')))";
# Manage user for ofborg, this enables creating/deleting users
# depending on what modules are enabled.
users.knownGroups = [ "ofborg" ];
users.knownUsers = [ "ofborg" ];
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = 5;
}

1
modules/networking/default.nix
View file

@ -118,6 +118,7 @@ in
echo "configuring networking..." >&2
${optionalString (cfg.computerName != null) ''
# shellcheck disable=SC1112
scutil --set ComputerName ${escapeShellArg cfg.computerName}
''}
${optionalString (cfg.hostName != null) ''

13
modules/nix/default.nix
View file

@ -527,8 +527,10 @@ in
description = ''
If set to true, Nix automatically detects files in the store that have
identical contents, and replaces them with hard links to a single copy.
This saves disk space. If set to false (the default), you can still run
nix-store --optimise to get rid of duplicate files.
This saves disk space. If set to false (the default), you can enable
{option}`nix.optimise.automatic` to run {command}`nix-store --optimise`
periodically to get rid of duplicate files. You can also run
{command}`nix-store --optimise` manually.
'';
};
@ -761,6 +763,13 @@ in
{ assertion = elem "nixbld" config.users.knownGroups -> elem "nixbld" createdGroups; message = "refusing to delete group nixbld in users.knownGroups, this would break nix"; }
{ assertion = elem "_nixbld1" config.users.knownGroups -> elem "_nixbld1" createdUsers; message = "refusing to delete user _nixbld1 in users.knownUsers, this would break nix"; }
{ assertion = config.users.groups ? "nixbld" -> config.users.groups.nixbld.members != []; message = "refusing to remove all members from nixbld group, this would break nix"; }
{
# Should be fixed in Lix by https://gerrit.lix.systems/c/lix/+/2100
# As `isNixAtLeast "2.92.0" "2.92.0-devpre20241107" == false`, we need to explicitly check if the user is running Lix 2.92.0
assertion = cfg.settings.auto-optimise-store -> (cfg.package.pname == "lix" && (isNixAtLeast "2.92.0-devpre20241107" || cfg.package.version == "2.92.0"));
message = "`nix.settings.auto-optimise-store` is known to corrupt the Nix Store, please use `nix.optimise.automatic` instead.";
}
];
# Not in NixOS module

17
modules/programs/zsh/default.nix
View file

@ -107,15 +107,24 @@ in
default = false;
description = "Enable zsh-syntax-highlighting.";
};
programs.zsh.enableFastSyntaxHighlighting = mkEnableOption "zsh-fast-syntax-highlighting";
};
config = mkIf cfg.enable {
assertions = [
{
assertion = !(cfg.enableSyntaxHighlighting && cfg.enableFastSyntaxHighlighting);
message = "zsh-syntax-highlighting and zsh-fast-syntax-highlighting are mutually exclusive, please disable one of them.";
}
];
environment.systemPackages =
[ # Include zsh package
pkgs.zsh
] ++ optional cfg.enableCompletion pkgs.nix-zsh-completions
++ optional cfg.enableSyntaxHighlighting pkgs.zsh-syntax-highlighting;
++ optional cfg.enableSyntaxHighlighting pkgs.zsh-syntax-highlighting
++ optional cfg.enableFastSyntaxHighlighting pkgs.zsh-fast-syntax-highlighting;
environment.pathsToLink = [ "/share/zsh" ];
@ -127,6 +136,7 @@ in
if [ -n "''${__ETC_ZSHENV_SOURCED-}" ]; then return; fi
__ETC_ZSHENV_SOURCED=1
if [[ -o rcs ]]; then
if [ -z "''${__NIX_DARWIN_SET_ENVIRONMENT_DONE-}" ]; then
. ${config.system.build.setEnvironment}
fi
@ -137,6 +147,7 @@ in
done
${cfg.shellInit}
fi
# Read system-wide modifications.
if test -f /etc/zshenv.local; then
@ -192,6 +203,10 @@ in
"source ${pkgs.zsh-syntax-highlighting}/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh"
}
${optionalString cfg.enableFastSyntaxHighlighting
"source ${pkgs.zsh-fast-syntax-highlighting}/share/zsh-fast-syntax-highlighting/zsh-fast-syntax-highlighting.zsh"
}
${optionalString cfg.enableFzfCompletion "source ${fzfCompletion}"}
${optionalString cfg.enableFzfGit "source ${fzfGit}"}
${optionalString cfg.enableFzfHistory "source ${fzfHistory}"}

2
modules/services/buildkite-agents.nix
View file

@ -237,7 +237,7 @@ in
tagStr = lib.concatStringsSep "," (lib.mapAttrsToList (name: value: "${name}=${value}") cfg.tags);
in
optionalString (cfg.privateSshKeyPath != null) ''
mkdir -m 0700 -p "${sshDir}"
mkdir -m 0700 "${sshDir}"
install -m600 "${toString cfg.privateSshKeyPath}" "${sshDir}/id_rsa"
'' + ''
cat > "${cfg.dataDir}/buildkite-agent.cfg" <<EOF

20
modules/services/github-runner/service.nix
View file

@ -48,14 +48,20 @@ in
text = mkBefore (''
echo >&2 "setting up GitHub Runner '${cfg.name}'..."
${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkStateDir cfg)}
(
umask -S u=rwx,g=rx,o=
${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkStateDir cfg)}
${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkStateDir cfg)}
${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkLogDir cfg)}
${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkLogDir cfg)}
${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkLogDir cfg)}
'' + optionalString (cfg.workDir == null) ''
${pkgs.coreutils}/bin/mkdir -p -m 0750 ${escapeShellArg (mkWorkDir cfg)}
${optionalString (cfg.workDir == null) ''
${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkWorkDir cfg)}
${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkWorkDir cfg)}
''}
)
'');
};
}));
@ -88,6 +94,10 @@ in
script =
let
# https://github.com/NixOS/nixpkgs/pull/333744 introduced an inconsistency with different
# versions of nixpkgs. Use the old version of escapeShellArg to make sure that labels
# are always escaped to avoid https://www.shellcheck.net/wiki/SC2054
escapeShellArgAlways = string: "'${replaceStrings ["'"] ["'\\''"] (toString string)}'";
configure = pkgs.writeShellApplication {
name = "configure-github-runner-${name}";
text = /*bash*/''
@ -98,7 +108,7 @@ in
--disableupdate
--work ${escapeShellArg workDir}
--url ${escapeShellArg cfg.url}
--labels "${escapeShellArg (concatStringsSep "," cfg.extraLabels)}"
--labels ${escapeShellArgAlways (concatStringsSep "," cfg.extraLabels)}
${optionalString (cfg.name != null ) "--name ${escapeShellArg cfg.name}"}
${optionalString cfg.replace "--replace"}
${optionalString (cfg.runnerGroup != null) "--runnergroup ${escapeShellArg cfg.runnerGroup}"}

10
modules/services/ofborg/default.nix
View file

@ -46,12 +46,6 @@ in
};
config = mkIf cfg.enable {
assertions = [
{ assertion = elem "ofborg" config.users.knownGroups; message = "set users.knownGroups to enable ofborg group"; }
{ assertion = elem "ofborg" config.users.knownUsers; message = "set users.knownUsers to enable ofborg user"; }
];
warnings = mkIf (isDerivation cfg.configFile) [
"services.ofborg.configFile is a derivation, credentials will be world readable"
];
@ -87,9 +81,13 @@ in
users.users.ofborg.shell = "/bin/bash";
users.users.ofborg.description = "OfBorg service user";
users.knownUsers = [ "ofborg" ];
users.groups.ofborg.gid = mkDefault 531;
users.groups.ofborg.description = "Nix group for OfBorg service";
users.knownGroups = [ "ofborg" ];
# FIXME: create logfiles automatically if defined.
system.activationScripts.preActivation.text = ''
mkdir -p '${user.home}'

40
modules/system/base.nix
View file

@ -2,22 +2,46 @@
{
system.activationScripts.createRun.text = ''
if ! test -L /run; then
if [[ ! -L /run ]]; then
# This file doesn't exist by default on macOS and is only supported after 10.15
# however every system with Nix installed should have this file otherwise `/nix`
# wouldn't exist.
if [[ -e /etc/synthetic.conf ]]; then
if ! grep -q '^run\b' /etc/synthetic.conf 2>/dev/null; then
echo "setting up /run via /etc/synthetic.conf..."
echo -e "run\tprivate/var/run" | sudo tee -a /etc/synthetic.conf >/dev/null
printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf >/dev/null
fi
# for Catalina (10.15)
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B &>/dev/null || true
# for Big Sur (11.0)
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t &>/dev/null || true
if ! test -L /run; then
echo "warning: apfs.util failed to symlink /run"
if [[ ! -L /run ]]; then
printf >&2 'error: apfs.util failed to symlink /run, aborting activation\n'
printf >&2 'To create a symlink from /run to /var/run, please run:\n'
printf >&2 '\n'
printf >&2 "$ printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf"
printf >&2 '$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B # For Catalina\n'
printf >&2 '$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t # For Big Sur and later\n' >&2
printf >&2 '\n'
printf >&2 'The current contents of /etc/synthetic.conf is:\n'
printf >&2 '\n'
sudo sed 's/^/ /' /etc/synthetic.conf >&2
printf >&2 '\n'
exit 1
fi
fi
if ! test -L /run; then
else
echo "setting up /run..."
sudo ln -sfn private/var/run /run
if [[ ! -L /run ]]; then
printf >&2 'error: failed to symlink /run, aborting activation\n'
printf >&2 'To create a symlink from /run to /var/run, please run:\n'
printf >&2 '\n'
printf >&2 '$ sudo ln -sfn private/var/link /run\n'
exit 1
fi
if ! test -L /run; then
echo "warning: failed to symlink /run"
fi
fi
'';

30
modules/system/checks.nix
View file

@ -22,25 +22,9 @@ let
'';
runLink = ''
if ! test -e /run; then
echo "error: Directory /run does not exist, aborting activation" >&2
echo "Create a symlink to /var/run with:" >&2
if test -e /etc/synthetic.conf; then
echo >&2
echo "$ printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf" >&2
echo "$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B # For Catalina" >&2
echo "$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t # For Big Sur and later" >&2
echo >&2
echo "The current contents of /etc/synthetic.conf is:" >&2
echo >&2
sed 's/^/ /' /etc/synthetic.conf >&2
echo >&2
else
echo >&2
echo "$ sudo ln -s private/var/run /run" >&2
echo >&2
fi
exit 2
if [[ ! -e /run ]]; then
printf >&2 'error: directory /run does not exist, aborting activation\n'
exit 1
fi
'';
@ -104,7 +88,7 @@ let
buildUsers = ''
buildUser=$(dscl . -read /Groups/nixbld GroupMembership 2>&1 | awk '/^GroupMembership: / {print $2}') || true
if [ -z $buildUser ]; then
if [[ -z "$buildUser" ]]; then
echo "error: Using the nix-daemon requires build users, aborting activation" >&2
echo "Create the build users or disable the daemon:" >&2
echo "$ darwin-install" >&2
@ -120,7 +104,7 @@ let
buildGroupID = ''
buildGroupID=$(dscl . -read /Groups/nixbld PrimaryGroupID | awk '{print $2}')
expectedBuildGroupID=${toString config.ids.gids.nixbld}
if [[ $buildGroupID != $expectedBuildGroupID ]]; then
if [[ $buildGroupID != "$expectedBuildGroupID" ]]; then
printf >&2 '\e[1;31merror: Build user group has mismatching GID, aborting activation\e[0m\n'
printf >&2 'The default Nix build user group ID was changed from 30000 to 350.\n'
printf >&2 'You are currently managing Nix build users with nix-darwin, but your\n'
@ -130,6 +114,7 @@ let
printf >&2 'Possible causes include setting up a new Nix installation with an\n'
printf >&2 'existing nix-darwin configuration, setting up a new nix-darwin\n'
printf >&2 'installation with an existing Nix installation, or manually increasing\n'
# shellcheck disable=SC2016
printf >&2 'your `system.stateVersion` setting.\n'
printf >&2 '\n'
printf >&2 'You can set the configured group ID to match the actual value:\n'
@ -282,6 +267,7 @@ let
if [[ -d /etc/ssh/authorized_keys.d ]]; then
printf >&2 '\e[1;31merror: /etc/ssh/authorized_keys.d exists, aborting activation\e[0m\n'
printf >&2 'SECURITY NOTICE: The previous implementation of the\n'
# shellcheck disable=SC2016
printf >&2 '`users.users.<name>.openssh.authorizedKeys.*` options would not delete\n'
printf >&2 'authorized keys files when the setting for a given user was removed.\n'
printf >&2 '\n'
@ -350,7 +336,7 @@ in
system.activationScripts.checks.text = ''
${cfg.text}
if test ''${checkActivation:-0} -eq 1; then
if [[ "''${checkActivation:-0}" -eq 1 ]]; then
echo "ok" >&2
exit 0
fi

4
modules/system/default.nix
View file

@ -92,6 +92,8 @@ in
name = "darwin-system-${cfg.darwinLabel}";
preferLocalBuild = true;
nativeBuildInputs = [ pkgs.shellcheck ];
activationScript = cfg.activationScripts.script.text;
activationUserScript = cfg.activationScripts.userScript.text;
inherit (cfg) darwinLabel;
@ -133,6 +135,8 @@ in
chmod u+x $out/activate-user
unset activationUserScript
shellcheck $out/activate $out/activate-user
echo -n "$systemConfig" > $out/systemConfig
echo -n "$darwinLabel" > $out/darwin-version

41
modules/system/launchd.nix
View file

@ -105,19 +105,29 @@ in
${concatMapStringsSep "\n" (attr: launchdActivation "LaunchAgents" attr.target) launchAgents}
${concatMapStringsSep "\n" (attr: launchdActivation "LaunchDaemons" attr.target) launchDaemons}
for f in $(ls /run/current-system/Library/LaunchAgents 2> /dev/null); do
if test ! -e "${cfg.build.launchd}/Library/LaunchAgents/$f"; then
echo "removing service $(basename $f .plist)" >&2
for f in /run/current-system/Library/LaunchAgents/*; do
[[ -e "$f" ]] || break # handle when directory is empty
f=''${f#/run/current-system/Library/LaunchAgents/}
if [[ ! -e "${cfg.build.launchd}/Library/LaunchAgents/$f" ]]; then
echo "removing service $(basename "$f" .plist)" >&2
launchctl unload "/Library/LaunchAgents/$f" || true
if test -e "/Library/LaunchAgents/$f"; then rm -f "/Library/LaunchAgents/$f"; fi
if [[ -e "/Library/LaunchAgents/$f" ]]; then
rm -f "/Library/LaunchAgents/$f"
fi
fi
done
for f in $(ls /run/current-system/Library/LaunchDaemons 2> /dev/null); do
if test ! -e "${cfg.build.launchd}/Library/LaunchDaemons/$f"; then
echo "removing service $(basename $f .plist)" >&2
for f in /run/current-system/Library/LaunchDaemons/*; do
[[ -e "$f" ]] || break # handle when directory is empty
f=''${f#/run/current-system/Library/LaunchDaemons/}
if [[ ! -e "${cfg.build.launchd}/Library/LaunchDaemons/$f" ]]; then
echo "removing service $(basename "$f" .plist)" >&2
launchctl unload "/Library/LaunchDaemons/$f" || true
if test -e "/Library/LaunchDaemons/$f"; then rm -f "/Library/LaunchDaemons/$f"; fi
if [[ -e "/Library/LaunchDaemons/$f" ]]; then
rm -f "/Library/LaunchDaemons/$f"
fi
fi
done
'';
@ -133,11 +143,16 @@ in
''}
${concatMapStringsSep "\n" (attr: userLaunchdActivation attr.target) userLaunchAgents}
for f in $(ls /run/current-system/user/Library/LaunchAgents 2> /dev/null); do
if test ! -e "${cfg.build.launchd}/user/Library/LaunchAgents/$f"; then
echo "removing user service $(basename $f .plist)" >&2
launchctl unload ~/Library/LaunchAgents/$f || true
if test -e ~/Library/LaunchAgents/$f; then rm -f ~/Library/LaunchAgents/$f; fi
for f in /run/current-system/user/Library/LaunchAgents/*; do
[[ -e "$f" ]] || break # handle when directory is empty
f=''${f#/run/current-system/user/Library/LaunchAgents/}
if [[ ! -e "${cfg.build.launchd}/user/Library/LaunchAgents/$f" ]]; then
echo "removing user service $(basename "$f" .plist)" >&2
launchctl unload ~/Library/LaunchAgents/"$f" || true
if [[ -e ~/Library/LaunchAgents/"$f" ]]; then
rm -f ~/Library/LaunchAgents/"$f"
fi
fi
done
'';

7
modules/system/patches.nix
View file

@ -56,8 +56,11 @@ in
# Applying patches to /.
echo "applying patches..." >&2
for f in $(ls /run/current-system/patches 2> /dev/null); do
if test ! -e "${config.system.build.patches}/patches/$f"; then
for f in /run/current-system/patches/*; do
[[ -e "$f" ]] || break # handle when directory is empty
f=''${f#/run/current-system/patches/}
if [[ ! -e "${config.system.build.patches}/patches/$f" ]]; then
patch --force --reverse --backup -d / -p1 < "/run/current-system/patches/$f" || true
fi
done

19
modules/users/default.nix
View file

@ -99,6 +99,10 @@ in
assertion = cfg.users ? root -> (cfg.users.root.home == null || cfg.users.root.home == "/var/root");
message = "`users.users.root.home` must be set to either `null` or `/var/root`.";
}
{
assertion = !builtins.elem "root" deletedUsers;
message = "Remove `root` from `users.knownUsers` if you no longer want nix-darwin to manage it.";
}
];
users.gids = mkMerge gids;
@ -107,7 +111,7 @@ in
# NOTE: We put this in `system.checks` as we want this to run first to avoid partial activations
# however currently that runs at user level activation as that runs before system level activation
# TODO: replace `$USER` with `$SUDO_USER` when system.checks runs from system level
system.checks.text = lib.mkAfter ''
system.checks.text = lib.mkIf (builtins.length (createdUsers ++ deletedUsers) > 0) (lib.mkAfter ''
ensurePerms() {
homeDirectory=$(dscl . -read /Users/nobody NFSHomeDirectory)
homeDirectory=''${homeDirectory#NFSHomeDirectory: }
@ -115,6 +119,7 @@ in
if ! sudo dscl . -change /Users/nobody NFSHomeDirectory "$homeDirectory" "$homeDirectory" &> /dev/null; then
if [[ -n "$SSH_CONNECTION" ]]; then
printf >&2 '\e[1;31merror: users cannot be %s over SSH without Full Disk Access, aborting activation\e[0m\n' "$2"
# shellcheck disable=SC2016
printf >&2 'The user %s could not be %s as `darwin-rebuild` was not executed with Full Disk Access over SSH.\n' "$1" "$2"
printf >&2 'You can either:\n'
printf >&2 '\n'
@ -122,6 +127,7 @@ in
printf >&2 '\n'
printf >&2 'or\n'
printf >&2 '\n'
# shellcheck disable=SC2016
printf >&2 ' run `darwin-rebuild` in a graphical session.\n'
printf >&2 '\n'
printf >&2 'The option "Allow full disk access for remote users" can be found by\n'
@ -135,9 +141,11 @@ in
if ! sudo dscl . -change /Users/nobody NFSHomeDirectory "$homeDirectory" "$homeDirectory" &> /dev/null; then
printf >&2 '\e[1;31merror: permission denied when trying to %s user %s, aborting activation\e[0m\n' "$2" "$1"
printf >&2 '`darwin-rebuild` requires permissions to administrate your computer,\n' "$1" "$2"
# shellcheck disable=SC2016
printf >&2 '`darwin-rebuild` requires permissions to administrate your computer,\n'
printf >&2 'please accept the dialog that pops up.\n'
printf >&2 '\n'
# shellcheck disable=SC2016
printf >&2 'If you do not wish to be prompted every time `darwin-rebuild updates your users,\n'
printf >&2 'you can grant Full Disk Access to your terminal emulator in System Settings.\n'
printf >&2 '\n'
@ -149,7 +157,6 @@ in
fi
}
${concatMapStringsSep "\n" (v: let
name = lib.escapeShellArg v.name;
dsclUser = lib.escapeShellArg "/Users/${v.name}";
@ -187,18 +194,16 @@ in
if [ "$u" -gt 501 ]; then
# TODO: add `darwin.primaryUser` as well
if [[ ${name} == "$USER" ]]; then
# shellcheck disable=SC2016
printf >&2 '\e[1;31merror: refusing to delete the user calling `darwin-rebuild` (%s), aborting activation\e[0m\n', ${name}
exit 1
elif [[ ${name} == "root" ]]; then
printf >&2 '\e[1;31merror: refusing to delete `root`, aborting activation\e[0m\n'
exit 1
fi
ensurePerms ${name} delete
fi
fi
'') deletedUsers}
'';
'');
system.activationScripts.groups.text = mkIf (cfg.knownGroups != []) ''
echo "setting up groups..." >&2

2
pkgs/darwin-installer/default.nix
View file

@ -95,7 +95,7 @@ stdenv.mkDerivation {
echo >&2 " Open '$config' to get started."
echo >&2 " See the README for more information: https://github.com/LnL7/nix-darwin/blob/master/README.md"
echo >&2
echo >&2 " Don't forget to start a new shell or source /etc/static/bashrc."
echo >&2 " Please log out and log in again to make sure nix-darwin is properly loaded."
echo >&2
exit
'';

40
pkgs/darwin-uninstaller/configuration.nix
View file

@ -1,4 +1,4 @@
{ lib, ... }:
{ lib, pkgs, ... }:
with lib;
@ -7,46 +7,46 @@ with lib;
assertions = mkForce [];
system.activationScripts.checks.text = mkForce "";
# Disable etc, launchd, ...
environment.etc = mkForce {};
launchd.agents = mkForce {};
launchd.daemons = mkForce {};
launchd.user.agents = mkForce {};
system.activationScripts.postUserActivation.text = mkAfter ''
if test -L ~/.nix-defexpr/channels/darwin; then
if [[ -L ~/.nix-defexpr/channels/darwin ]]; then
nix-channel --remove darwin || true
fi
'';
system.activationScripts.postActivation.text = mkAfter ''
if test -L /Applications/Nix\ Apps; then
if [[ -L /Applications/Nix\ Apps ]]; then
rm /Applications/Nix\ Apps
fi
if test -L /etc/static; then
if [[ -L /etc/static ]]; then
rm /etc/static
fi
if test -O /nix/store; then
if ! test -e /Library/LaunchDaemons/org.nixos.nix-daemon.plist; then
sudo rm /Library/LaunchDaemons/org.nixos.nix-daemon.plist || true
sudo launchctl remove org.nixos.nix-daemon 2> /dev/null || true
# If the Nix Store is owned by root then we're on a multi-user system
if [[ -O /nix/store ]]; then
if [[ -e /nix/var/nix/profiles/default/Library/LaunchDaemons/org.nixos.nix-daemon.plist ]]; then
sudo cp /nix/var/nix/profiles/default/Library/LaunchDaemons/org.nixos.nix-daemon.plist /Library/LaunchDaemons/org.nixos.nix-daemon.plist
sudo launchctl load -w /Library/LaunchDaemons/org.nixos.nix-daemon.plist
fi
fi
if ! grep -q etc/profile.d/nix-daemon.sh /etc/bashrc; then
echo >&2 "Found no nix-daemon.sh reference in /etc/bashrc"
echo >&2 "add this snippet back to /etc/bashrc:"
echo >&2
echo >&2 " # Nix"
echo >&2 " if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then"
echo >&2 " . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'"
echo >&2 " fi"
echo >&2 " # End Nix"
echo >&2
fi
# grep will return 1 when no lines matched which makes this line fail with `set -eo pipefail`
dscl . -list /Users UserShell | { grep "\s/run/" || true; } | awk '{print $1}' | while read -r user; do
shell=$(dscl . -read /Users/"$user" UserShell)
if [[ "$shell" != */bin/zsh ]]; then
echo >&2 "warning: changing $user's shell from $shell to /bin/zsh"
fi
dscl . -create /Users/"$user" UserShell /bin/zsh
done
while IFS= read -r -d "" file; do
mv "$file" "''${file%.*}"
done < <(find /etc -name '*.before-nix-darwin' -follow -print0)
'';
}

70
pkgs/darwin-uninstaller/default.nix
View file

@ -1,4 +1,4 @@
{ stdenv, lib, pkgs }:
{ lib, path, stdenv, writeShellApplication }:
let
uninstallSystem = import ../../eval-config.nix {
@ -6,31 +6,15 @@ let
modules = [
./configuration.nix
{
nixpkgs.source = pkgs.path;
nixpkgs.hostPlatform = pkgs.stdenv.hostPlatform.system;
nixpkgs.source = path;
nixpkgs.hostPlatform = stdenv.hostPlatform.system;
system.includeUninstaller = false;
}
];
};
in
stdenv.mkDerivation {
in writeShellApplication {
name = "darwin-uninstaller";
preferLocalBuild = true;
unpackPhase = ":";
installPhase = ''
mkdir -p $out/bin
echo "$shellHook" > $out/bin/darwin-uninstaller
chmod +x $out/bin/darwin-uninstaller
'';
shellHook = ''
#!${stdenv.shell}
set -e
action=switch
text = ''
while [ "$#" -gt 0 ]; do
i="$1"; shift 1
case "$i" in
@ -50,8 +34,8 @@ stdenv.mkDerivation {
echo >&2 " - restore daemon service from nix installer (only when this is a multi-user install)"
echo >&2
if test -t 0; then
read -p "Proceed? [y/n] " i
if [[ -t 0 ]]; then
read -r -p "Proceed? [y/n] " i
case "$i" in
y|Y)
;;
@ -63,38 +47,48 @@ stdenv.mkDerivation {
${uninstallSystem.system}/sw/bin/darwin-rebuild activate
if test -L /run/current-system; then
if [[ -L /run/current-system ]]; then
sudo rm /run/current-system
fi
if [[ -L /run ]]; then
if [[ -e /etc/synthetic.conf ]]; then
sudo sed -i -E '/^run[[:space:]]/d' /etc/synthetic.conf
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B &>/dev/null || true
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t &>/dev/null || true
echo >&2 "NOTE: the /run symlink will be removed on reboot"
else
sudo rm /run
fi
fi
echo >&2
echo >&2 "NOTE: The /nix/var/nix/profiles/system* profiles still exist and won't be garbage collected."
echo >&2
echo >&2 "Done!"
echo >&2
exit
'';
passthru.check = stdenv.mkDerivation {
name = "run-darwin-test";
shellHook = ''
set -e
derivationArgs.passthru.tests.uninstaller = writeShellApplication {
name = "post-uninstall-test";
text = ''
echo >&2 "running uninstaller tests..."
echo >&2
echo >&2 "checking darwin channel"
! test -e ~/.nix-defexpr/channels/darwin
test -e ~/.nix-defexpr/channels/darwin && exit 1
echo >&2 "checking /etc"
! test -e /etc/static
test -e /etc/static && exit 1
echo >&2 "checking /run/current-system"
! test -e /run/current-system
echo >&2 "checking nix-daemon service (assuming a multi-user install)"
sudo launchctl list | grep org.nixos.nix-daemon || echo "FIXME? sudo launchctl list | grep org.nixos.nix-daemon"
pgrep -l nix-daemon || echo "FIXME? pgrep -l nix-daemon"
readlink /Library/LaunchDaemons/org.nixos.nix-daemon.plist || echo "FIXME? readlink /Library/LaunchDaemons/org.nixos.nix-daemon.plist"
grep /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt /Library/LaunchDaemons/org.nixos.nix-daemon.plist || echo "FIXME? grep /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt /Library/LaunchDaemons/org.nixos.nix-daemon.plist"
test -e /run/current-system && exit 1
if [[ $(stat -f '%Su' /nix/store) == "root" ]]; then
echo >&2 "checking nix-daemon service"
launchctl print system/org.nixos.nix-daemon
pgrep -l nix-daemon
test -e /Library/LaunchDaemons/org.nixos.nix-daemon.plist
[[ "$(shasum -a 256 /Library/LaunchDaemons/org.nixos.nix-daemon.plist | awk '{print $1}')" == "$(shasum -a 256 /Library/LaunchDaemons/org.nixos.nix-daemon.plist | awk '{print $1}')" ]]
echo >&2 ok
exit
fi
'';
};
}

67
release.nix
View file

@ -1,21 +1,16 @@
{ nixpkgs ? <nixpkgs>
, supportedSystems ? [ "x86_64-darwin" ]
# Adapted from https://github.com/NixOS/nixpkgs/blob/e818264fe227ad8861e0598166cf1417297fdf54/pkgs/top-level/release.nix#L11
, nix-darwin ? { }
, system ? builtins.currentSystem
, supportedSystems ? [ "x86_64-darwin" "aarch64-darwin" ]
, scrubJobs ? true
}:
let
inherit (release) mapTestOn packagePlatforms pkgs all linux darwin;
system = "x86_64-darwin";
mapPlatforms = systems: pkgs.lib.mapAttrs (n: v: systems);
buildFromConfig = configuration: sel: sel
(import ./. { inherit nixpkgs configuration system; }).config;
makeSystem = configuration: pkgs.lib.genAttrs [ system ] (system:
buildFromConfig configuration (config: config.system.build.toplevel)
);
makeSystem = configuration: buildFromConfig configuration (config: config.system.build.toplevel);
makeTest = test:
let
@ -61,47 +56,24 @@ let
in
buildFromConfig configuration (config: config.system.build.run-test);
release = import (nixpkgs + "/pkgs/top-level/release-lib.nix") {
inherit supportedSystems scrubJobs;
packageSet = import nixpkgs;
};
packageSet = {
inherit (pkgs)
stdenv bash zsh nix
tmux reattach-to-user-namespace
nano emacs vim;
};
manual = buildFromConfig ({ lib, config, ... }: {
system.stateVersion = lib.mkDefault config.system.maxStateVersion;
system.darwinVersionSuffix = let
shortRev = nix-darwin.shortRev or nix-darwin.dirtyShortRev or null;
in
lib.mkIf (shortRev != null) ".${shortRev}";
system.darwinRevision = let
rev = nix-darwin.rev or nix-darwin.dirtyRev or null;
in
lib.mkIf (rev != null) rev;
}) (config: config.system.build.manual);
jobs = {
unstable = pkgs.releaseTools.aggregate {
name = "darwin-${pkgs.lib.nixpkgsVersion}";
constituents =
[ jobs.stdenv.x86_64-darwin
jobs.bash.x86_64-darwin
jobs.zsh.x86_64-darwin
jobs.nix.x86_64-darwin
jobs.reattach-to-user-namespace.x86_64-darwin
jobs.tmux.x86_64-darwin
jobs.nano.x86_64-darwin
jobs.vim.x86_64-darwin
jobs.emacs.x86_64-darwin
jobs.examples.hydra.x86_64-darwin
jobs.examples.lnl.x86_64-darwin
jobs.examples.simple.x86_64-darwin
];
meta.description = "Release-critical builds for the darwin channel";
in {
docs = {
inherit (manual) manualHTML manpages optionsJSON;
};
manualHTML = manual.manualHTML;
manpages = manual.manpages;
options = manual.optionsJSON;
examples.hydra = makeSystem ./modules/examples/hydra.nix;
examples.lnl = makeSystem ./modules/examples/lnl.nix;
examples.simple = makeSystem ./modules/examples/simple.nix;
@ -156,9 +128,4 @@ let
tests.users-groups = makeTest ./tests/users-groups.nix;
tests.users-packages = makeTest ./tests/users-packages.nix;
tests.fonts = makeTest ./tests/fonts.nix;
}
// (mapTestOn (packagePlatforms packageSet));
in
jobs