mirrors/nix-darwin
mirrors/nix-darwin
1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2025-03-31 04:04:45 +00:00
Code Activity

Merge branch 'LnL7:master' into keyboard-shortcuts-update

Browse source
This commit is contained in:
Jun Matsushita 2025-02-06 10:22:40 +03:00 committed by GitHub
commit c223736d53
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
54 changed files with 895 additions and 450 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.git-blame-ignore-revs Normal file
View file

@ -0,0 +1,2 @@
# nixpkgs: format with `nixfmt`
dc1c716ded39758062ed7e6bc410ad274119de9f

206
.github/workflows/test.yml vendored
View file

@ -6,67 +6,73 @@ on:
- master
env:
CURRENT_STABLE_CHANNEL: nixpkgs-24.05-darwin
NIXPKGS_BRANCH: nixpkgs-unstable
NIX_VERSION: 2.24.11
jobs:
# The `test-stable` and `install-against-stable` job names are
# loadbearing, despite their inaccuracy on the unstable branch, as
# they are set as required checks in the repository configuration,
# which only repository admins can change.
#
# TODO: Change them once the repository configuration is updated.
test-stable:
runs-on: macos-13
steps:
- uses: actions/checkout@v4
- name: Install nix corresponding to latest stable channel
- name: Install Nix
uses: cachix/install-nix-action@v30
with:
install_url: https://releases.nixos.org/nix/nix-2.18.8/install
- run: nix flake check --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
test-unstable:
runs-on: macos-13
steps:
- uses: actions/checkout@v4
- name: Install nix from current unstable channel
uses: cachix/install-nix-action@v30
with:
install_url: https://releases.nixos.org/nix/nix-2.24.9/install
- run: nix flake check --override-input nixpkgs nixpkgs/nixpkgs-unstable
install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install
- run: nix flake check --override-input nixpkgs nixpkgs/${{ env.NIXPKGS_BRANCH }}
install-against-stable:
runs-on: macos-13
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- name: Install nix corresponding to latest stable channel
- name: Install Nix
uses: cachix/install-nix-action@v30
with:
install_url: https://releases.nixos.org/nix/nix-2.18.8/install
nix_path: nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }}
install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install
nix_path: nixpkgs=channel:${{ env.NIXPKGS_BRANCH }}
- name: Install channels
run: |
nix-channel --add https://github.com/LnL7/nix-darwin/archive/master.tar.gz darwin
nix-channel --add https://nixos.org/channels/${{ env.CURRENT_STABLE_CHANNEL }} nixpkgs
nix-channel --add https://nixos.org/channels/${{ env.NIXPKGS_BRANCH }} nixpkgs
nix-channel --update
- name: Install nix-darwin
run: |
export NIX_PATH=$HOME/.nix-defexpr/channels
mkdir -p ~/.config/nix-darwin
cp modules/examples/simple.nix ~/.config/nix-darwin/configuration.nix
sudo mkdir -p /etc/nix-darwin
sudo cp modules/examples/simple.nix /etc/nix-darwin/configuration.nix
nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1)
/usr/bin/sed -i.bak \
"s/# programs.fish.enable = true;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \
~/.config/nix-darwin/configuration.nix
sudo /usr/bin/sed -i.bak \
"s/# programs.fish.enable = true;/ \
imports = [ \
({ options, ... }: { \
nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; \
environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ]; \
nix.nixPath = \
[ { darwin = \"${PWD////\/}\"; } ] \
++ options.nix.nixPath.default; \
}) \
]; \
/" \
/etc/nix-darwin/configuration.nix
nix run .#darwin-rebuild \
-- switch \
-I darwin-config=$HOME/.config/nix-darwin/configuration.nix
nix run .#darwin-rebuild -- switch \
-I darwin=. \
-I darwin-config=/etc/nix-darwin/configuration.nix
- name: Switch to new configuration
run: |
. /etc/bashrc
/usr/bin/sed -i.bak \
sudo /usr/bin/sed -i.bak \
"s/pkgs.vim/pkgs.hello/" \
~/.config/nix-darwin/configuration.nix
/etc/nix-darwin/configuration.nix
darwin-rebuild switch -I darwin=.
darwin-rebuild switch
hello
- name: Test uninstallation of nix-darwin
@ -75,148 +81,54 @@ jobs:
# `cachix/install-nix-action` but not by our default config above
nix run .#darwin-uninstaller \
--extra-experimental-features "nix-command flakes" \
--override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
--override-input nixpkgs nixpkgs/${{ env.NIXPKGS_BRANCH }}
nix run .#darwin-uninstaller.tests.uninstaller \
--extra-experimental-features "nix-command flakes" \
--override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
--override-input nixpkgs nixpkgs/${{ env.NIXPKGS_BRANCH }}
install-against-unstable:
install-flake:
runs-on: macos-13
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- name: Install nix from current unstable channel
- name: Install Nix
uses: cachix/install-nix-action@v30
with:
install_url: https://releases.nixos.org/nix/nix-2.24.9/install
nix_path: nixpkgs=channel:nixpkgs-unstable
- name: Install channels
run: |
nix-channel --add https://github.com/LnL7/nix-darwin/archive/master.tar.gz darwin
nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs
nix-channel --update
install_url: https://releases.nixos.org/nix/nix-${{ env.NIX_VERSION }}/install
- name: Install nix-darwin
run: |
export NIX_PATH=$HOME/.nix-defexpr/channels
mkdir -p ~/.config/nix-darwin
cp modules/examples/simple.nix ~/.config/nix-darwin/configuration.nix
nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1)
/usr/bin/sed -i.bak \
"s/# programs.fish.enable = true;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \
~/.config/nix-darwin/configuration.nix
nix run .#darwin-rebuild \
-- switch \
-I darwin-config=$HOME/.config/nix-darwin/configuration.nix
- name: Switch to new configuration
run: |
. /etc/bashrc
/usr/bin/sed -i.bak \
"s/pkgs.vim/pkgs.hello/" \
~/.config/nix-darwin/configuration.nix
darwin-rebuild switch -I darwin=.
hello
- name: Test uninstallation of nix-darwin
run: |
# We need to specify `--extra-experimental-features` because `experimental-features` is set by
# `cachix/install-nix-action` but not by our default config above
nix run .#darwin-uninstaller \
--extra-experimental-features "nix-command flakes" \
--override-input nixpkgs nixpkgs/nixpkgs-unstable
nix run .#darwin-uninstaller.tests.uninstaller \
--extra-experimental-features "nix-command flakes" \
--override-input nixpkgs nixpkgs/nixpkgs-unstable
install-flake-against-stable:
runs-on: macos-13
steps:
- uses: actions/checkout@v4
- name: Install nix version corresponding to latest stable channel
uses: cachix/install-nix-action@v30
with:
install_url: https://releases.nixos.org/nix/nix-2.18.8/install
- name: Install nix-darwin
run: |
mkdir -p ~/.config/nix-darwin
sudo mkdir -p /etc/nix-darwin
darwin=$(pwd)
pushd ~/.config/nix-darwin
nix flake init -t $darwin
pushd /etc/nix-darwin
sudo nix flake init -t $darwin
nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1)
/usr/bin/sed -i.bak \
sudo /usr/bin/sed -i.bak \
"s/# programs.fish.enable = true;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \
flake.nix
/usr/bin/sed -i.bak \
sudo /usr/bin/sed -i.bak \
's/darwinConfigurations."simple"/darwinConfigurations."'$(scutil --get LocalHostName)'"/g' \
flake.nix
sudo /usr/bin/sed -i.bak \
's/nixpkgs.hostPlatform = "aarch64-darwin";/nixpkgs.hostPlatform = "'$(nix eval --expr builtins.currentSystem --impure --raw)'";/' \
flake.nix
popd
nix run .#darwin-rebuild -- \
switch --flake ~/.config/nix-darwin#simple \
nix run .#darwin-rebuild -- switch \
--override-input nix-darwin . \
--override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
--override-input nixpkgs nixpkgs/${{ env.NIXPKGS_BRANCH }}
- name: Switch to new configuration
run: |
. /etc/bashrc
/usr/bin/sed -i.bak \
sudo /usr/bin/sed -i.bak \
"s/pkgs.vim/pkgs.hello/" \
~/.config/nix-darwin/flake.nix
/etc/nix-darwin/flake.nix
darwin-rebuild switch --flake ~/.config/nix-darwin#simple \
darwin-rebuild switch \
--override-input nix-darwin . \
--override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
--override-input nixpkgs nixpkgs/${{ env.NIXPKGS_BRANCH }}
hello
- name: Test uninstallation of nix-darwin
run: |
nix run .#darwin-uninstaller --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
nix run .#darwin-uninstaller.tests.uninstaller --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
install-flake-against-unstable:
runs-on: macos-13
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- name: Install nix from current unstable channel
uses: cachix/install-nix-action@v30
with:
install_url: https://releases.nixos.org/nix/nix-2.24.9/install
- name: Install nix-darwin
run: |
mkdir -p ~/.config/nix-darwin
darwin=$(pwd)
pushd ~/.config/nix-darwin
nix flake init -t $darwin
nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1)
/usr/bin/sed -i.bak \
"s/# programs.fish.enable = true;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \
flake.nix
/usr/bin/sed -i.bak \
's/nixpkgs.hostPlatform = "aarch64-darwin";/nixpkgs.hostPlatform = "'$(nix eval --expr builtins.currentSystem --impure --raw)'";/' \
flake.nix
popd
nix run .#darwin-rebuild -- \
switch --flake ~/.config/nix-darwin#simple \
--override-input nix-darwin . \
--override-input nixpkgs nixpkgs/nixpkgs-unstable
- name: Switch to new configuration
run: |
. /etc/bashrc
/usr/bin/sed -i.bak \
"s/pkgs.vim/pkgs.hello/" \
~/.config/nix-darwin/flake.nix
darwin-rebuild switch --flake ~/.config/nix-darwin#simple \
--override-input nix-darwin . \
--override-input nixpkgs nixpkgs/nixpkgs-unstable
hello
- name: Test uninstallation of nix-darwin
run: |
nix run .#darwin-uninstaller --override-input nixpkgs nixpkgs/nixpkgs-unstable
nix run .#darwin-uninstaller.tests.uninstaller --override-input nixpkgs nixpkgs/nixpkgs-unstable
nix run .#darwin-uninstaller --override-input nixpkgs nixpkgs/${{ env.NIXPKGS_BRANCH }}
nix run .#darwin-uninstaller.tests.uninstaller --override-input nixpkgs nixpkgs/${{ env.NIXPKGS_BRANCH }}

8
CHANGELOG
View file

@ -1,3 +1,11 @@
2025-01-18
- The default configuration path for all new installations
is `/etc/nix-darwin`. This was already the undocumented
default for `darwin-rebuild switch` when using flakes. This
is implemented by setting `environment.darwinConfig` to
`"/etc/nix-darwin/configuration.nix"` by default when
`system.stateVersion` ≥ 6.
2024-09-10
- The default Nix build user group ID is now set to 350 when
`system.stateVersion` ≥ 5, to reflect the default for new Nix

45
README.md
View file

@ -33,12 +33,18 @@ Despite being an experimental feature in Nix currently, nix-darwin recommends th
<summary>Getting started from scratch</summary>
<p></p>
If you don't have an existing `configuration.nix`, you can run the following commands to generate a basic `flake.nix` inside `~/.config/nix-darwin`:
If you don't have an existing `configuration.nix`, you can run the following commands to generate a basic `flake.nix` inside `/etc/nix-darwin`:
```bash
mkdir -p ~/.config/nix-darwin
cd ~/.config/nix-darwin
nix flake init -t nix-darwin
sudo mkdir -p /etc/nix-darwin
sudo chown $(id -nu):$(id -ng) /etc/nix-darwin
cd /etc/nix-darwin
# To use Nixpkgs unstable:
nix flake init -t nix-darwin/master
# To use Nixpkgs 24.11:
nix flake init -t nix-darwin/nix-darwin-24.11
sed -i '' "s/simple/$(scutil --get LocalHostName)/" flake.nix
```
@ -57,8 +63,10 @@ Add the following to `flake.nix` in the same folder as `configuration.nix`:
description = "John's darwin system";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-24.05-darwin";
nix-darwin.url = "github:LnL7/nix-darwin";
# Use `github:NixOS/nixpkgs/nixpkgs-24.11-darwin` to use Nixpkgs 24.11.
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
# Use `github:LnL7/nix-darwin/nix-darwin-24.11` to use Nixpkgs 24.11.
nix-darwin.url = "github:LnL7/nix-darwin/master";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
};
@ -81,7 +89,10 @@ Make sure to set `nixpkgs.hostPlatform` in your `configuration.nix` to either `x
Unlike NixOS, `nix-darwin` does not have an installer, you can just run `darwin-rebuild switch` to install nix-darwin. As `darwin-rebuild` won't be installed in your `PATH` yet, you can use the following command:
```bash
nix run nix-darwin -- switch --flake ~/.config/nix-darwin
# To use Nixpkgs unstable:
nix run nix-darwin/master#darwin-rebuild -- switch
# To use Nixpkgs 24.11:
nix run nix-darwin/nix-darwin-24.11#darwin-rebuild -- switch
```
### Step 3. Using `nix-darwin`
@ -89,7 +100,7 @@ nix run nix-darwin -- switch --flake ~/.config/nix-darwin
After installing, you can run `darwin-rebuild` to apply changes to your system:
```bash
darwin-rebuild switch --flake ~/.config/nix-darwin
darwin-rebuild switch
```
#### Using flake inputs
@ -117,13 +128,17 @@ nix-darwin.lib.darwinSystem {
### Step 1. Creating `configuration.nix`
Copy the [simple](./modules/examples/simple.nix) example to `~/.config/nix-darwin/configuration.nix`.
Copy the [simple](./modules/examples/simple.nix) example to `/etc/nix-darwin/configuration.nix`.
### Step 2. Adding `nix-darwin` channel
```bash
nix-channel --add https://github.com/LnL7/nix-darwin/archive/master.tar.gz darwin
nix-channel --update
# If you use Nixpkgs unstable (the default):
sudo nix-channel --add https://github.com/LnL7/nix-darwin/archive/master.tar.gz darwin
# If you use Nixpkgs 24.11:
sudo nix-channel --add https://github.com/LnL7/nix-darwin/archive/nix-darwin-24.11.tar.gz darwin
sudo nix-channel --update
```
### Step 3. Installing `nix-darwin`
@ -131,8 +146,8 @@ nix-channel --update
To install `nix-darwin`, you can just run `darwin-rebuild switch` to install nix-darwin. As `darwin-rebuild` won't be installed in your `PATH` yet, you can use the following command:
```bash
nix-build https://github.com/LnL7/nix-darwin/archive/master.tar.gz -A darwin-rebuild
./result/bin/darwin-rebuild switch -I darwin-config=$HOME/.config/nix-darwin/configuration.nix
nix-build '<darwin>' -A darwin-rebuild
./result/bin/darwin-rebuild switch -I darwin-config=/etc/nix-darwin/configuration.nix
```
### Step 4. Using `nix-darwin`
@ -145,10 +160,10 @@ darwin-rebuild switch
### Step 5. Updating `nix-darwin`
You can update `nix-darwin` using the following command:
You can update Nixpkgs and `nix-darwin` using the following command:
```bash
nix-channel --update darwin
sudo nix-channel --update
```
</details>

3
doc/known-files/3bd68ef979a42070a44f8d82c205cfd8e8cca425d91253ec2c10a88179bb34aa Normal file
View file

@ -0,0 +1,3 @@
# Written by https://github.com/DeterminateSystems/nix-installer.
# The contents below are based on options specified at installation time.

14
doc/known-files/53712b4335030e2dbfb46bb235f8cffcac83fea404bd32dc99417ac89e2dd7c5 Normal file
View file

@ -0,0 +1,14 @@
# Generated by https://github.com/DeterminateSystems/nix-installer.
# See `/nix/nix-installer --version` for the version details.
!include nix.custom.conf
experimental-features = nix-command flakes
always-allow-substitutes = true
extra-trusted-substituters = https://cache.flakehub.com
extra-trusted-public-keys = cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM= cache.flakehub.com-4:Asi8qIv291s0aYLyH6IOnr5Kf6+OF14WVjkE6t3xMio= cache.flakehub.com-5:zB96CRlL7tiPtzA9/WKyPkp3A2vqxqgdgyTVNGShPDU= cache.flakehub.com-6:W4EGFwAGgBj3he7c5fNh9NkOXw0PUVaxygCVKeuvaqU= cache.flakehub.com-7:mvxJ2DZVHn/kRxlIaxYNMuDG1OvMckZu32um1TadOR8= cache.flakehub.com-8:moO+OVS0mnTjBTcOUh2kYLQEd59ExzyoW1QgQ8XAARQ= cache.flakehub.com-9:wChaSeTI6TeCuV/Sg2513ZIM9i0qJaYsF+lZCXg0J6o= cache.flakehub.com-10:2GqeNlIp6AKp4EF2MVbE1kBOp9iBSyo0UPR9KoR0o1Y=
bash-prompt-prefix = (nix:$name)\040
max-jobs = auto
extra-nix-path = nixpkgs=flake:nixpkgs
upgrade-nix-store-path-url = https://install.determinate.systems/nix-upgrade/stable/universal

4
doc/known-files/6787fade1cf934f82db554e78e1fc788705c2c5257fddf9b59bdd963ca6fec63 Normal file
View file

@ -0,0 +1,4 @@
# Written by https://github.com/DeterminateSystems/nix-installer.
# The contents below are based on options specified at installation time.

13
doc/known-files/6bb8d6b0dd16b44ee793a9b8382dac76c926e4c16ffb8ddd2bb4884d1ca3f811 Normal file
View file

@ -0,0 +1,13 @@
# Generated by https://github.com/DeterminateSystems/nix-installer.
# See `/nix/nix-installer --version` for the version details.
extra-experimental-features = nix-command flakes
always-allow-substitutes = true
extra-trusted-substituters = https://cache.flakehub.com
extra-trusted-public-keys = cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM= cache.flakehub.com-4:Asi8qIv291s0aYLyH6IOnr5Kf6+OF14WVjkE6t3xMio= cache.flakehub.com-5:zB96CRlL7tiPtzA9/WKyPkp3A2vqxqgdgyTVNGShPDU= cache.flakehub.com-6:W4EGFwAGgBj3he7c5fNh9NkOXw0PUVaxygCVKeuvaqU= cache.flakehub.com-7:mvxJ2DZVHn/kRxlIaxYNMuDG1OvMckZu32um1TadOR8= cache.flakehub.com-8:moO+OVS0mnTjBTcOUh2kYLQEd59ExzyoW1QgQ8XAARQ= cache.flakehub.com-9:wChaSeTI6TeCuV/Sg2513ZIM9i0qJaYsF+lZCXg0J6o= cache.flakehub.com-10:2GqeNlIp6AKp4EF2MVbE1kBOp9iBSyo0UPR9KoR0o1Y=
bash-prompt-prefix = (nix:$name)\040
max-jobs = auto
extra-nix-path = nixpkgs=flake:nixpkgs
upgrade-nix-store-path-url = https://install.determinate.systems/nix-upgrade/stable/universal
!include nix.custom.conf

6
doc/manual/default.nix
View file

@ -53,7 +53,7 @@ in rec {
substitute \
${optionsDoc.optionsJSON}/nix-support/hydra-build-products \
$out/nix-support/hydra-build-products \
--replace \
--replace-fail \
'${optionsDoc.optionsJSON}/share/doc/nixos' \
"$out/share/doc/darwin"
'';
@ -74,8 +74,8 @@ in rec {
cp -r ${pkgs.documentation-highlighter} $dst/highlightjs
substitute ${./manual.md} manual.md \
--replace '@DARWIN_VERSION@' "${version}" \
--replace \
--replace-fail '@DARWIN_VERSION@' "${version}" \
--replace-fail \
'@DARWIN_OPTIONS_JSON@' \
${optionsJSON}/share/doc/darwin/options.json

64
eval-config.nix
View file

@ -1,10 +1,72 @@
let
nixDarwinVersion = builtins.fromJSON (builtins.readFile ./version.json);
checkRelease = lib:
# Avoid breaking configurations when the unstable Nixpkgs version
# rolls over.
#
# TODO: Something more refined than this would be ideal, as this
# still means you could be using unstable nix-darwin 25.05 with
# Nixpkgs 26.05, which would be unfortunate.
if nixDarwinVersion.isReleaseBranch then
lib.trivial.release == nixDarwinVersion.release
else
lib.versionAtLeast lib.trivial.release nixDarwinVersion.release;
in
{ lib
, modules
, baseModules ? import ./modules/module-list.nix
, specialArgs ? { }
, check ? true
, enableNixpkgsReleaseCheck ? true
}@args:
assert enableNixpkgsReleaseCheck -> checkRelease lib || throw ''
nix-darwin now uses release branches that correspond to Nixpkgs releases.
The nix-darwin and Nixpkgs branches in use must match, but you are currently
using nix-darwin ${nixDarwinVersion.release} with Nixpkgs ${lib.trivial.release}.
On macOS, you should use either the `nixpkgs-unstable` or
`nixpkgs-YY.MM-darwin` branches of Nixpkgs. These correspond to the
`master` and `nix-darwin-YY.MM` branches of nix-darwin, respectively. Check
<https://status.nixos.org/> for the currently supported Nixpkgs releases.
If youre using flakes, make sure your inputs look like this:
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/NIXPKGS-BRANCH";
nix-darwin.url = "github:LnL7/nix-darwin/NIX-DARWIN-BRANCH";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
# …
};
If youre using channels, you can check your current channels with:
$ sudo nix-channel --list
nixpkgs https://nixos.org/channels/NIXPKGS-BRANCH
darwin https://github.com/LnL7/nix-darwin/archive/NIX-DARWIN-BRANCH.tar.gz
$ nix-channel --list
If `darwin` or `nixpkgs` are present in `nix-channel --list` (without
`sudo`), you should delete them with `nix-channel --remove NAME`. These can
contribute to version mismatch problems.
You can then fix your channels like this:
$ sudo nix-channel --add https://nixos.org/channels/NIXPKGS-BRANCH nixpkgs
$ sudo nix-channel --add https://github.com/LnL7/nix-darwin/archive/NIX-DARWIN-BRANCH.tar.gz darwin
$ sudo nix-channel --update
After that, activating your system again should work correctly. If it
doesnt, please open an issue at
<https://github.com/LnL7/nix-darwin/issues/new> and include as much
information as possible.
'';
let
argsModule = {
_file = ./eval-config.nix;
@ -15,7 +77,7 @@ let
};
};
eval = lib.evalModules (builtins.removeAttrs args [ "lib" ] // {
eval = lib.evalModules (builtins.removeAttrs args [ "lib" "enableNixpkgsReleaseCheck" ] // {
class = "darwin";
modules = modules ++ [ argsModule ] ++ baseModules;
specialArgs = { modulesPath = builtins.toString ./modules; } // specialArgs;

12
flake.lock generated
View file

@ -2,16 +2,18 @@
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1718149104,
"narHash": "sha256-Ds1QpobBX2yoUDx9ZruqVGJ/uQPgcXoYuobBguyKEh8=",
"lastModified": 1736241350,
"narHash": "sha256-CHd7yhaDigUuJyDeX0SADbTM9FXfiWaeNyY34FL1wQU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e913ae340076bbb73d9f4d3d065c2bca7caafb16",
"rev": "8c9fd3e564728e90829ee7dbac6edc972971cd0f",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {

4
flake.nix
View file

@ -1,6 +1,10 @@
{
description = "A collection of darwin modules";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
};
outputs = { self, nixpkgs }: let
forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-darwin" "x86_64-darwin" "aarch64-linux" "x86_64-linux" ];
forDarwinSystems = nixpkgs.lib.genAttrs [ "aarch64-darwin" "x86_64-darwin" ];

22
modules/environment/default.nix
View file

@ -67,8 +67,24 @@ in
};
environment.darwinConfig = mkOption {
type = types.either types.path types.str;
default = "$HOME/.nixpkgs/darwin-configuration.nix";
type = types.nullOr (types.either types.path types.str);
default =
if config.nixpkgs.flake.setNixPath then
# Dont set this for flakebased systems.
null
else if config.system.stateVersion >= 6 then
"/etc/nix-darwin/configuration.nix"
else
"$HOME/.nixpkgs/darwin-configuration.nix";
defaultText = literalExpression ''
if config.nixpkgs.flake.setNixPath then
# Dont set this for flakebased systems.
null
else if config.system.stateVersion >= 6 then
"/etc/nix-darwin/configuration.nix"
else
"$HOME/.nixpkgs/darwin-configuration.nix"
'';
description = ''
The path of the darwin configuration.nix used to configure the system,
this updates the default darwin-config entry in NIX_PATH. Since this
@ -161,7 +177,7 @@ in
environment.systemPath = mkMerge [
[ (makeBinPath cfg.profiles) ]
(mkOrder 1200 [ "/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin" ])
(mkOrder 1200 [ "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin" ])
];
# Use user, default and system profiles.

4
modules/examples/flake/flake.nix
View file

@ -3,7 +3,7 @@
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nix-darwin.url = "github:LnL7/nix-darwin";
nix-darwin.url = "github:LnL7/nix-darwin/master";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
};
@ -27,7 +27,7 @@
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = 5;
system.stateVersion = 6;
# The platform the configuration will be used on.
nixpkgs.hostPlatform = "aarch64-darwin";

2
modules/examples/hydra.nix
View file

@ -43,5 +43,5 @@ in
echo "ok"
'';
system.stateVersion = 5;
system.stateVersion = 6;
}

4
modules/examples/lnl.nix
View file

@ -199,7 +199,7 @@
programs.zsh.enableFzfGit = true;
programs.zsh.enableFzfHistory = true;
programs.zsh.variables.cfg = "$HOME/.config/nixpkgs/darwin/configuration.nix";
programs.zsh.variables.cfg = "/etc/nix-darwin/configuration.nix";
programs.zsh.variables.darwin = "$HOME/.nix-defexpr/darwin";
programs.zsh.variables.nixpkgs = "$HOME/.nix-defexpr/nixpkgs";
@ -322,5 +322,5 @@
nix.configureBuildUsers = true;
nix.nrBuildUsers = 32;
system.stateVersion = 5;
system.stateVersion = 6;
}

5
modules/examples/simple.nix
View file

@ -7,13 +7,10 @@
[ pkgs.vim
];
# Use custom location for configuration.nix.
environment.darwinConfig = "$HOME/.config/nix-darwin/configuration.nix";
# Enable alternative shell support in nix-darwin.
# programs.fish.enable = true;
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = 5;
system.stateVersion = 6;
}

3
modules/homebrew.nix
View file

@ -396,6 +396,9 @@ let
no_binaries = mkNullOrBoolOption {
description = "Whether to disable linking of helper executables.";
};
ignore_dependencies = mkNullOrBoolOption {
description = "Ignore casks dependencies in case you manage them extrenally";
};
brewfileLine = mkInternalOption { type = types.nullOr types.str; };
};

1
modules/module-list.nix
View file

@ -83,6 +83,7 @@
./services/nix-gc
./services/nix-optimise
./services/ofborg
./services/openssh.nix
./services/postgresql
./services/privoxy
./services/redis

1
modules/networking/default.nix
View file

@ -118,7 +118,6 @@ in
echo "configuring networking..." >&2
${optionalString (cfg.computerName != null) ''
# shellcheck disable=SC1112
scutil --set ComputerName ${escapeShellArg cfg.computerName}
''}
${optionalString (cfg.hostName != null) ''

59
modules/nix/default.nix
View file

@ -617,7 +617,6 @@ in
trusted-users = mkOption {
type = types.listOf types.str;
default = [ "root" ];
example = [ "root" "alice" "@admin" ];
description = ''
A list of names of users that have additional rights when
@ -703,6 +702,8 @@ in
"5d23e6d7015756c6f300f8cd558ec4d9234ca61deefd4f2478e91a49760b0747" # DeterminateSystems Nix installer 0.16.0
"e4974acb79c56148cb8e92137fa4f2de9b7356e897b332fc4e6769e8c0b83e18" # DeterminateSystems Nix installer 0.20.0
"966d22ef5bb9b56d481e8e0d5f7ca2deaf4d24c0f0fc969b2eeaa7ae0aa42907" # DeterminateSystems Nix installer 0.22.0
"53712b4335030e2dbfb46bb235f8cffcac83fea404bd32dc99417ac89e2dd7c5" # DeterminateSystems Nix installer 0.33.0
"6bb8d6b0dd16b44ee793a9b8382dac76c926e4c16ffb8ddd2bb4884d1ca3f811" # DeterminateSystems Nix installer 0.34.0
"24797ac05542ff8b52910efc77870faa5f9e3275097227ea4e50c430a5f72916" # lix-installer 0.17.1 with flakes
"b027b5cad320b5b8123d9d0db9f815c3f3921596c26dc3c471457098e4d3cc40" # lix-installer 0.17.1 without flakes
];
@ -763,8 +764,8 @@ in
{
# Should be fixed in Lix by https://gerrit.lix.systems/c/lix/+/2100
# As `isNixAtLeast "2.92.0" "2.92.0-devpre20241107" == false`, we need to explicitly check if the user is running Lix 2.92.0
assertion = cfg.settings.auto-optimise-store -> (cfg.package.pname == "lix" && (isNixAtLeast "2.92.0-devpre20241107" || cfg.package.version == "2.92.0"));
# Lix 2.92.0 will set `VERSION_SUFFIX` to `""`; `lib.versionAtLeast "" "pre20241107"` will return `true`.
assertion = cfg.settings.auto-optimise-store -> (cfg.package.pname == "lix" && (isNixAtLeast "2.92.0" && versionAtLeast (strings.removePrefix "-" cfg.package.VERSION_SUFFIX) "pre20241107"));
message = "`nix.settings.auto-optimise-store` is known to corrupt the Nix Store, please use `nix.optimise.automatic` instead.";
}
];
@ -823,8 +824,56 @@ in
]);
users.knownGroups = mkIf cfg.configureBuildUsers [ "nixbld" ];
# The Determinate Systems installer puts userspecified settings in
# `/etc/nix/nix.custom.conf` since v0.33.0. Supplement the
# `/etc/nix/nix.conf` hash check so that we dont accidentally
# clobber user configuration.
#
# TODO: Maybe this could use a more general file placement mechanism
# to express that we want it deleted and know only one hash?
system.activationScripts.etcChecks.text = mkAfter ''
nixCustomConfKnownSha256Hashes=(
# v0.33.0
6787fade1cf934f82db554e78e1fc788705c2c5257fddf9b59bdd963ca6fec63
# v0.34.0
3bd68ef979a42070a44f8d82c205cfd8e8cca425d91253ec2c10a88179bb34aa
)
if [[ -e /etc/nix/nix.custom.conf ]]; then
nixCustomConfSha256Output=$(shasum -a 256 /etc/nix/nix.custom.conf)
nixCustomConfSha256Hash=''${nixCustomConfSha256Output%% *}
nixCustomConfIsKnown=
for nixCustomConfKnownSha256Hash
in "''${nixCustomConfKnownSha256Hashes[@]}"
do
if
[[ $nixCustomConfSha256Hash == "$nixCustomConfKnownSha256Hash" ]]
then
nixCustomConfIsKnown=1
break
fi
done
if [[ ! $nixCustomConfIsKnown ]]; then
printf >&2 '\e[1;31merror: custom settings in `/etc/nix/nix.custom.conf`, aborting activation\e[0m\n'
printf >&2 'You will need to migrate these to nix-darwin `nix.*` settings if you\n'
printf >&2 'wish to keep them. Check the manual for the appropriate settings and\n'
printf >&2 'add them to your system configuration, then run:\n'
printf >&2 '\n'
printf >&2 ' $ sudo mv /etc/nix/nix.custom.conf{,.before-nix-darwin}\n'
printf >&2 '\n'
printf >&2 'and activate your system again.\n'
exit 2
fi
fi
'';
# Unrelated to use in NixOS module
system.activationScripts.nix-daemon.text = mkIf cfg.useDaemon ''
system.activationScripts.nix-daemon.text = ''
# Follow up on the `/etc/nix/nix.custom.conf` check.
# TODO: Use a more generalized file placement mechanism for this.
if [[ -e /etc/nix/nix.custom.conf ]]; then
mv /etc/nix/nix.custom.conf{,.before-nix-darwin}
fi
'' + optionalString cfg.useDaemon ''
if ! diff /etc/nix/nix.conf /run/current-system/etc/nix/nix.conf &> /dev/null || ! diff /etc/nix/machines /run/current-system/etc/nix/machines &> /dev/null; then
echo "reloading nix-daemon..." >&2
launchctl kill HUP system/org.nixos.nix-daemon
@ -835,10 +884,10 @@ in
done
'';
# Legacy configuration conversion.
nix.settings = mkMerge [
{
trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
trusted-users = [ "root" ];
substituters = mkAfter [ "https://cache.nixos.org/" ];
# Not implemented yet

11
modules/nix/linux-builder.nix
View file

@ -61,9 +61,16 @@ in
maxJobs = mkOption {
type = types.ints.positive;
default = 1;
example = 4;
default = cfg.package.nixosConfig.virtualisation.cores;
defaultText = ''
The `virtualisation.cores` of the build machine's final NixOS configuration.
'';
example = 2;
description = ''
Instead of setting this directly, you should set
{option}`nix.linux-builder.config.virtualisation.cores` to configure
the amount of cores the Linux builder should have.
The number of concurrent jobs the Linux builder machine supports. The
build machine will enforce its own limits, but this allows hydra
to schedule better since there is no work-stealing between build

2
modules/nix/nix-darwin.nix
View file

@ -4,7 +4,7 @@ let
nix-tools = pkgs.callPackage ../../pkgs/nix-tools {
inherit (config.system) profile;
inherit (config.environment) systemPath;
nixPackage = config.nix.package;
nixPath = lib.concatStringsSep ":" config.nix.nixPath;
};
darwin-uninstaller = pkgs.callPackage ../../pkgs/darwin-uninstaller { };

248
modules/nix/nixpkgs.nix
View file

@ -1,89 +1,99 @@
{ config, options, lib, pkgs, ... }:
with lib;
{
config,
options,
lib,
pkgs,
...
}:
let
cfg = config.nixpkgs;
opt = options.nixpkgs;
isConfig = x:
builtins.isAttrs x || lib.isFunction x;
isConfig = x: builtins.isAttrs x || lib.isFunction x;
optCall = f: x:
if lib.isFunction f
then f x
else f;
optCall = f: x: if lib.isFunction f then f x else f;
mergeConfig = lhs_: rhs_:
mergeConfig =
lhs_: rhs_:
let
lhs = optCall lhs_ { inherit pkgs; };
rhs = optCall rhs_ { inherit pkgs; };
in
recursiveUpdate lhs rhs //
optionalAttrs (lhs ? packageOverrides) {
packageOverrides = pkgs:
optCall lhs.packageOverrides pkgs //
optCall (attrByPath [ "packageOverrides" ] { } rhs) pkgs;
} //
optionalAttrs (lhs ? perlPackageOverrides) {
perlPackageOverrides = pkgs:
optCall lhs.perlPackageOverrides pkgs //
optCall (attrByPath [ "perlPackageOverrides" ] { } rhs) pkgs;
lib.recursiveUpdate lhs rhs
// lib.optionalAttrs (lhs ? packageOverrides) {
packageOverrides =
pkgs:
optCall lhs.packageOverrides pkgs // optCall (lib.attrByPath [ "packageOverrides" ] { } rhs) pkgs;
}
// lib.optionalAttrs (lhs ? perlPackageOverrides) {
perlPackageOverrides =
pkgs:
optCall lhs.perlPackageOverrides pkgs
// optCall (lib.attrByPath [ "perlPackageOverrides" ] { } rhs) pkgs;
};
configType = mkOptionType {
configType = lib.mkOptionType {
name = "nixpkgs-config";
description = "nixpkgs config";
check = x:
let traceXIfNot = c:
if c x then true
else lib.traceSeqN 1 x false;
in traceXIfNot isConfig;
merge = args: foldr (def: mergeConfig def.value) {};
check =
x:
let
traceXIfNot = c: if c x then true else lib.traceSeqN 1 x false;
in
traceXIfNot isConfig;
merge = args: lib.foldr (def: mergeConfig def.value) { };
};
overlayType = mkOptionType {
overlayType = lib.mkOptionType {
name = "nixpkgs-overlay";
description = "nixpkgs overlay";
check = lib.isFunction;
merge = lib.mergeOneOption;
};
pkgsType = types.pkgs // {
pkgsType = lib.types.pkgs // {
# This type is only used by itself, so let's elaborate the description a bit
# for the purpose of documentation.
description = "An evaluation of Nixpkgs; the top level attribute set of packages";
};
hasBuildPlatform = opt.buildPlatform.highestPrio < (mkOptionDefault {}).priority;
hasBuildPlatform = opt.buildPlatform.highestPrio < (lib.mkOptionDefault { }).priority;
hasHostPlatform = opt.hostPlatform.isDefined;
hasPlatform = hasHostPlatform || hasBuildPlatform;
# Context for messages
hostPlatformLine = optionalString hasHostPlatform "${showOptionWithDefLocs opt.hostPlatform}";
buildPlatformLine = optionalString hasBuildPlatform "${showOptionWithDefLocs opt.buildPlatform}";
hostPlatformLine = lib.optionalString hasHostPlatform "${lib.showOptionWithDefLocs opt.hostPlatform}";
buildPlatformLine = lib.optionalString hasBuildPlatform "${lib.showOptionWithDefLocs opt.buildPlatform}";
legacyOptionsDefined =
optional (opt.system.highestPrio < (mkDefault {}).priority) opt.system
;
legacyOptionsDefined = lib.optional (
opt.system.highestPrio < (lib.mkDefault { }).priority
) opt.system;
defaultPkgs =
if opt.hostPlatform.isDefined
then
let isCross = cfg.buildPlatform != cfg.hostPlatform;
systemArgs =
if isCross
then {
if opt.hostPlatform.isDefined then
let
isCross =
!(lib.systems.equals (lib.systems.elaborate cfg.buildPlatform) (
lib.systems.elaborate cfg.hostPlatform
));
systemArgs =
if isCross then
{
localSystem = cfg.buildPlatform;
crossSystem = cfg.hostPlatform;
}
else {
else
{
localSystem = cfg.hostPlatform;
};
in
import cfg.source ({
inherit (cfg) config overlays;
} // systemArgs)
import cfg.source (
{
inherit (cfg) config overlays;
}
// systemArgs
)
else
import cfg.source {
inherit (cfg) config overlays;
@ -96,9 +106,9 @@ in
{
options.nixpkgs = {
pkgs = mkOption {
pkgs = lib.mkOption {
type = pkgsType;
example = literalExpression "import <nixpkgs> {}";
example = lib.literalExpression "import <nixpkgs> {}";
description = ''
If set, the pkgs argument to all nix-darwin modules is the value of
this option, extended with `nixpkgs.overlays`, if
@ -120,56 +130,48 @@ in
'';
};
config = mkOption {
default = {};
example = literalExpression
''
{ allowBroken = true; allowUnfree = true; }
'';
config = lib.mkOption {
default = { };
example = lib.literalExpression ''
{ allowBroken = true; allowUnfree = true; }
'';
type = configType;
description = ''
The configuration of the Nix Packages collection. (For
details, see the Nixpkgs documentation.) It allows you to set
package configuration options.
Global configuration for Nixpkgs.
The complete list of [Nixpkgs configuration options](https://nixos.org/manual/nixpkgs/unstable/#sec-config-options-reference) is in the [Nixpkgs manual section on global configuration](https://nixos.org/manual/nixpkgs/unstable/#chap-packageconfig).
Ignored when `nixpkgs.pkgs` is set.
Ignored when {option}`nixpkgs.pkgs` is set.
'';
};
overlays = mkOption {
default = [];
example = literalExpression
''
[
(self: super: {
openssh = super.openssh.override {
hpnSupport = true;
kerberos = self.libkrb5;
};
})
]
'';
type = types.listOf overlayType;
overlays = lib.mkOption {
default = [ ];
example = lib.literalExpression ''
[
(self: super: {
openssh = super.openssh.override {
hpnSupport = true;
kerberos = self.libkrb5;
};
})
]
'';
type = lib.types.listOf overlayType;
description = ''
List of overlays to use with the Nix Packages collection.
(For details, see the Nixpkgs documentation.) It allows
you to override packages globally. Each function in the list
takes as an argument the *original* Nixpkgs.
The first argument should be used for finding dependencies, and
the second should be used for overriding recipes.
List of overlays to apply to Nixpkgs.
This option allows modifying the Nixpkgs package set accessed through the `pkgs` module argument.
If `nixpkgs.pkgs` is set, overlays specified here
will be applied after the overlays that were already present
in `nixpkgs.pkgs`.
For details, see the [Overlays chapter in the Nixpkgs manual](https://nixos.org/manual/nixpkgs/stable/#chap-overlays).
If the {option}`nixpkgs.pkgs` option is set, overlays specified using `nixpkgs.overlays` will be applied after the overlays that were already included in `nixpkgs.pkgs`.
'';
};
hostPlatform = mkOption {
type = types.either types.str types.attrs; # TODO utilize lib.systems.parsedPlatform
example = { system = "aarch64-darwin"; config = "aarch64-apple-darwin"; };
# Make sure that the final value has all fields for sake of other modules
# referring to this. TODO make `lib.systems` itself use the module system.
apply = lib.systems.elaborate;
hostPlatform = lib.mkOption {
type = lib.types.either lib.types.str lib.types.attrs;
example = {
system = "aarch64-darwin";
};
description = ''
Specifies the platform where the nix-darwin configuration will run.
@ -179,15 +181,15 @@ in
'';
};
buildPlatform = mkOption {
type = types.either types.str types.attrs; # TODO utilize lib.systems.parsedPlatform
buildPlatform = lib.mkOption {
type = lib.types.either lib.types.str lib.types.attrs;
default = cfg.hostPlatform;
example = { system = "x86_64-darwin"; config = "x86_64-apple-darwin"; };
example = {
system = "x86_64-darwin";
};
# Make sure that the final value has all fields for sake of other modules
# referring to this.
apply = lib.systems.elaborate;
defaultText = literalExpression
''config.nixpkgs.hostPlatform'';
defaultText = lib.literalExpression ''config.nixpkgs.hostPlatform'';
description = ''
Specifies the platform on which nix-darwin should be built.
By default, nix-darwin is built on the system where it runs, but you can
@ -202,12 +204,11 @@ in
'';
};
system = mkOption {
type = types.str;
system = lib.mkOption {
type = lib.types.str;
example = "x86_64-darwin";
default =
if opt.hostPlatform.isDefined
then
if opt.hostPlatform.isDefined then
throw ''
Neither ${opt.system} nor any other option in nixpkgs.* is meant
to be read by modules and configurations.
@ -232,9 +233,9 @@ in
# nix-darwin only
source = mkOption {
type = types.path;
defaultText = literalMD ''
source = lib.mkOption {
type = lib.types.path;
defaultText = lib.literalMD ''
`<nixpkgs>` or nix-darwin's `nixpkgs` flake input
'';
description = ''
@ -247,8 +248,8 @@ in
'';
};
constructedByUs = mkOption {
type = types.bool;
constructedByUs = lib.mkOption {
type = lib.types.bool;
internal = true;
description = ''
Whether `pkgs` was constructed by this module. This is false when any of
@ -266,40 +267,61 @@ in
# which is somewhat costly for Nixpkgs. With an explicit priority, we only
# evaluate the wrapper to find out that the priority is lower, and then we
# don't need to evaluate `finalPkgs`.
lib.mkOverride lib.modules.defaultOverridePriority
finalPkgs.__splicedPackages;
lib.mkOverride lib.modules.defaultOverridePriority finalPkgs.__splicedPackages;
};
nixpkgs.constructedByUs =
# We set it with default priority and it can not be merged, so if the
# pkgs module argument has that priority, it's from us.
(lib.modules.mergeAttrDefinitionsWithPrio options._module.args).pkgs.highestPrio
== lib.modules.defaultOverridePriority
== lib.modules.defaultOverridePriority
# Although, if nixpkgs.pkgs is set, we did forward it, but we did not construct it.
&& !opt.pkgs.isDefined;
&& !opt.pkgs.isDefined;
assertions = [
(
let
pkgsSystem = finalPkgs.stdenv.targetPlatform.system;
in {
in
{
assertion = cfg.constructedByUs -> !hasPlatform -> cfg.system == pkgsSystem;
message = "The nix-darwin nixpkgs.pkgs option was set to a Nixpkgs invocation that compiles to target system ${pkgsSystem} but nix-darwin was configured for system ${darwinExpectedSystem} via nix-darwin option nixpkgs.system. The nix-darwin system settings must match the Nixpkgs target system.";
message = "The nix-darwin nixpkgs.pkgs option was set to a Nixpkgs invocation that compiles to target system ${pkgsSystem} but nix-darwin was configured for system ${config.nixpkgs.system} via nix-darwin option nixpkgs.system. The nix-darwin system settings must match the Nixpkgs target system.";
}
)
{
assertion = cfg.constructedByUs -> hasPlatform -> legacyOptionsDefined == [];
assertion = cfg.constructedByUs -> hasPlatform -> legacyOptionsDefined == [ ];
message = ''
Your system configures nixpkgs with the platform parameter${optionalString hasBuildPlatform "s"}:
${hostPlatformLine
}${buildPlatformLine
}
Your system configures nixpkgs with the platform parameter${lib.optionalString hasBuildPlatform "s"}:
${hostPlatformLine}${buildPlatformLine}
However, it also defines the legacy options:
${concatMapStrings showOptionWithDefLocs legacyOptionsDefined}
${lib.concatMapStrings lib.showOptionWithDefLocs legacyOptionsDefined}
For a future proof system configuration, we recommend to remove
the legacy definitions.
'';
}
{
assertion = opt.pkgs.isDefined -> cfg.config == { };
message = ''
Your system configures nixpkgs with an externally created instance.
`nixpkgs.config` options should be passed when creating the instance instead.
Current value:
${lib.generators.toPretty { multiline = true; } cfg.config}
Defined in:
${lib.concatMapStringsSep "\n" (file: " - ${file}") opt.config.files}
'';
}
{
assertion =
(opt.hostPlatform.isDefined -> builtins.isAttrs cfg.buildPlatform -> !(cfg.buildPlatform ? parsed))
&& (opt.hostPlatform.isDefined -> builtins.isAttrs cfg.hostPlatform -> !(cfg.hostPlatform ? parsed));
message = ''
Passing fully elaborated systems to `nixpkgs.localSystem`, `nixpkgs.crossSystem`, `nixpkgs.buildPlatform`
or `nixpkgs.hostPlatform` will break composability of package sets in nixpkgs. For example, pkgs.pkgsStatic
would not work in modules anymore.
'';
}
];
};
}

2
modules/power/default.nix
View file

@ -15,6 +15,8 @@ in
default = null;
description = ''
Whether to restart the computer after a power failure.
Option is not supported on all devices.
'';
};

4
modules/programs/fish.nix
View file

@ -57,6 +57,8 @@ in
type = types.bool;
};
package = lib.mkPackageOption pkgs "fish" { };
useBabelfish = mkOption {
type = types.bool;
default = false;
@ -238,7 +240,7 @@ in
++ optional cfg.vendor.functions.enable "/share/fish/vendor_functions.d";
}
{ systemPackages = [ pkgs.fish ]; }
{ systemPackages = [ cfg.package ]; }
];
};

10
modules/programs/ssh/default.nix
View file

@ -114,6 +114,15 @@ in
type = with types; attrsOf (submodule userOptions);
};
programs.ssh.extraConfig = lib.mkOption {
type = lib.types.lines;
default = "";
description = ''
Extra configuration text loaded in {file}`ssh_config`.
See {manpage}`ssh_config(5)` for help.
'';
};
programs.ssh.knownHosts = mkOption {
default = {};
type = types.attrsOf (types.submodule host);
@ -151,6 +160,7 @@ in
+ (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
)) + "\n";
};
"ssh/ssh_config.d/100-nix-darwin.conf".text = config.programs.ssh.extraConfig;
"ssh/sshd_config.d/101-authorized-keys.conf" = {
text = ''
# sshd doesn't like reading from symbolic links, so we cat

2
modules/programs/zsh/default.nix
View file

@ -204,7 +204,7 @@ in
}
${optionalString cfg.enableFastSyntaxHighlighting
"source ${pkgs.zsh-fast-syntax-highlighting}/share/zsh-fast-syntax-highlighting/zsh-fast-syntax-highlighting.zsh"
"source ${pkgs.zsh-fast-syntax-highlighting}/share/zsh/site-functions/fast-syntax-highlighting.plugin.zsh"
}
${optionalString cfg.enableFzfCompletion "source ${fzfCompletion}"}

1
modules/services/activate-system/default.nix
View file

@ -28,7 +28,6 @@
${config.system.activationScripts.keyboard.text}
'';
serviceConfig.RunAtLoad = true;
serviceConfig.KeepAlive.SuccessfulExit = false;
};
};
}

112
modules/services/aerospace/default.nix
View file

@ -9,7 +9,31 @@ let
cfg = config.services.aerospace;
format = pkgs.formats.toml { };
configFile = format.generate "aerospace.toml" cfg.settings;
filterAttrsRecursive = pred: set:
lib.listToAttrs (
lib.concatMap (
name: let
v = set.${name};
in
if pred v
then [
(lib.nameValuePair name (
if lib.isAttrs v
then filterAttrsRecursive pred v
else if lib.isList v
then
(map (i:
if lib.isAttrs i
then filterAttrsRecursive pred i
else i) (lib.filter pred v))
else v
))
]
else []
) (lib.attrNames set)
);
filterNulls = filterAttrsRecursive (v: v != null);
configFile = format.generate "aerospace.toml" (filterNulls cfg.settings);
in
{
@ -36,7 +60,8 @@ in
after-startup-command = lib.mkOption {
type = listOf str;
default = [ ];
description = "Do not use AeroSpace to run commands after startup. (Managed by launchd instead)";
description = "Add commands that run after AeroSpace startup";
example = [ "layout tiles" ];
};
enable-normalization-flatten-containers = lib.mkOption {
type = bool;
@ -71,9 +96,84 @@ in
description = "Default orientation for the root container.";
};
on-window-detected = lib.mkOption {
type = listOf str;
type = listOf (submodule {
options = {
"if" = lib.mkOption {
type = submodule {
options = {
app-id = lib.mkOption {
type = nullOr str;
default = null;
description = "The application ID to match (optional).";
};
workspace = lib.mkOption {
type = nullOr str;
default = null;
description = "The workspace name to match (optional).";
};
window-title-regex-substring = lib.mkOption {
type = nullOr str;
default = null;
description = "Substring to match in the window title (optional).";
};
app-name-regex-substring = lib.mkOption {
type = nullOr str;
default = null;
description = "Regex substring to match the app name (optional).";
};
during-aerospace-startup = lib.mkOption {
type = nullOr bool;
default = null;
description = "Whether to match during aerospace startup (optional).";
};
};
};
default = { };
description = "Conditions for detecting a window.";
};
check-further-callbacks = lib.mkOption {
type = nullOr bool;
default = null;
description = "Whether to check further callbacks after this rule (optional).";
};
run = lib.mkOption {
type = oneOf [str (listOf str)];
example = ["move-node-to-workspace m" "resize-node"];
description = "Commands to execute when the conditions match (required).";
};
};
});
default = [ ];
description = "Commands to run every time a new window is detected.";
example = [
{
"if" = {
app-id = "Another.Cool.App";
workspace = "cool-workspace";
window-title-regex-substring = "Title";
app-name-regex-substring = "CoolApp";
during-aerospace-startup = false;
};
check-further-callbacks = false;
run = ["move-node-to-workspace m" "resize-node"];
}
];
description = "Commands to run every time a new window is detected with optional conditions.";
};
workspace-to-monitor-force-assignment = lib.mkOption {
type = attrsOf (oneOf [int str (listOf str)]);
default = { };
description = ''
Map workspaces to specific monitors.
Left-hand side is the workspace name, and right-hand side is the monitor pattern.
'';
example = {
"1" = 1; # First monitor from left to right.
"2" = "main"; # Main monitor.
"3" = "secondary"; # Secondary monitor (non-main).
"4" = "built-in"; # Built-in display.
"5" = "^built-in retina display$"; # Regex for the built-in retina display.
"6" = ["secondary" "dell"]; # Match first pattern in the list.
};
};
on-focus-changed = lib.mkOption {
type = listOf str;
@ -142,10 +242,6 @@ in
assertion = cfg.settings.after-login-command == [ ];
message = "AeroSpace will not run these commands as it does not start itself.";
}
{
assertion = cfg.settings.after-startup-command == [ ];
message = "AeroSpace will not run these commands as it does not start itself.";
}
];
environment.systemPackages = [ cfg.package ];

7
modules/services/github-runner/options.nix
View file

@ -3,7 +3,9 @@
, ...
}:
with lib;
let
inherit (lib) literalExpression mkOption mkPackageOption types;
in
{
options.services.github-runners = mkOption {
description = ''
@ -88,6 +90,9 @@ with lib;
Changing this option or the `tokenFile`s content triggers a new runner registration.
You can also manually trigger a new runner registration by deleting
{file}`/var/lib/github-runners/<name>/.runner` and restarting the service.
We suggest using the fine-grained PATs. A runner registration token is valid
only for 1 hour after creation, so the next time the runner configuration changes
this will give you hard-to-debug HTTP 404 errors in the configure step.

28
modules/services/github-runner/service.nix
View file

@ -1,6 +1,10 @@
{ config, lib, pkgs, ... }:
with lib;
let
inherit (lib) any attrValues boolToString concatStringsSep escapeShellArg
flatten flip getExe getExe' hasAttr hasPrefix mapAttrsToList mapAttrs' mkBefore
mkDefault mkIf mkMerge nameValuePair optionalAttrs optionalString replaceStrings;
mkSvcName = name: "github-runner-${name}";
mkStateDir = cfg: "/var/lib/github-runners/${cfg.name}";
mkLogDir = cfg: "/var/log/github-runners/${cfg.name}";
@ -51,15 +55,17 @@ in
(
umask -S u=rwx,g=rx,o= > /dev/null
${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkStateDir cfg)}
${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkStateDir cfg)}
${getExe' pkgs.coreutils "mkdir"} -p ${escapeShellArg (mkStateDir cfg)}
${getExe' pkgs.coreutils "chown"} ${user}:${group} ${escapeShellArg (mkStateDir cfg)}
${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkLogDir cfg)}
${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkLogDir cfg)}
${getExe' pkgs.coreutils "mkdir"} -p ${escapeShellArg (mkLogDir cfg)}
# launchd will fail to start the service if the outer direction doesn't have sufficient permissions
${getExe' pkgs.coreutils "chmod"} o+rx ${escapeShellArg (mkLogDir { name = ""; })}
${getExe' pkgs.coreutils "chown"} ${user}:${group} ${escapeShellArg (mkLogDir cfg)}
${optionalString (cfg.workDir == null) ''
${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg (mkWorkDir cfg)}
${pkgs.coreutils}/bin/chown ${user}:${group} ${escapeShellArg (mkWorkDir cfg)}
${getExe' pkgs.coreutils "mkdir"} -p ${escapeShellArg (mkWorkDir cfg)}
${getExe' pkgs.coreutils "chown"} ${user}:${group} ${escapeShellArg (mkWorkDir cfg)}
''}
)
'');
@ -123,7 +129,7 @@ in
else
args+=(--token "$token")
fi
${package}/bin/config.sh "''${args[@]}"
${getExe' package "config.sh"} "''${args[@]}"
'';
};
in
@ -131,12 +137,12 @@ in
echo "Configuring GitHub Actions Runner"
# Always clean the working directory
${pkgs.findutils}/bin/find ${escapeShellArg workDir} -mindepth 1 -delete
${getExe pkgs.findutils} ${escapeShellArg workDir} -mindepth 1 -delete
# Clean the $RUNNER_ROOT if we are in ephemeral mode
if ${boolToString cfg.ephemeral}; then
echo "Cleaning $RUNNER_ROOT"
${pkgs.findutils}/bin/find "$RUNNER_ROOT" -mindepth 1 -delete
${getExe pkgs.findutils} "$RUNNER_ROOT" -mindepth 1 -delete
fi
# If the `.runner` file does not exist, we assume the runner is not configured
@ -145,7 +151,7 @@ in
fi
# Start the service
${package}/bin/Runner.Listener run --startuptype service
${getExe' package "Runner.Listener"} run --startuptype service
'';
serviceConfig = mkMerge [

33
modules/services/openssh.nix Normal file
View file

@ -0,0 +1,33 @@
{ config, lib, ... }:
let
cfg = config.services.openssh;
in
{
options = {
services.openssh.enable = lib.mkOption {
type = lib.types.nullOr lib.types.bool;
default = null;
description = ''
Whether to enable Apple's built-in OpenSSH server.
The default is null which means let macOS manage the OpenSSH server.
'';
};
};
config = {
# We don't use `systemsetup -setremotelogin` as it requires Full Disk Access
system.activationScripts.launchd.text = lib.mkIf (cfg.enable != null) (if cfg.enable then ''
if [[ "$(systemsetup -getremotelogin | sed 's/Remote Login: //')" == "Off" ]]; then
launchctl enable system/com.openssh.sshd
launchctl bootstrap system /System/Library/LaunchDaemons/ssh.plist
fi
'' else ''
if [[ "$(systemsetup -getremotelogin | sed 's/Remote Login: //')" == "On" ]]; then
launchctl bootout system/com.openssh.sshd
launchctl disable system/com.openssh.sshd
fi
'');
};
}

5
modules/system/activation-scripts.nix
View file

@ -44,9 +44,6 @@ in
systemConfig=@out@
_status=0
trap "_status=1" ERR
# Ensure a consistent umask.
umask 0022
@ -82,8 +79,6 @@ in
# Prevent the current configuration from being garbage-collected.
ln -sfn /run/current-system /nix/var/nix/gcroots/current-system
exit $_status
'';
# FIXME: activationScripts.checks should be system level

65
modules/system/base.nix
View file

@ -2,50 +2,35 @@
{
system.activationScripts.createRun.text = ''
IFS="." read -r -a macOSVersion <<< "$(sw_vers -productVersion)"
if [[ $(stat -c '%a' /etc/synthetic.conf) != "644" ]]; then
echo "fixing permissions on /etc/synthetic.conf..."
sudo chmod 644 /etc/synthetic.conf
fi
if [[ ''${macOSVersion[0]} -gt 10 || ( ''${macOSVersion[0]} -eq 10 && ''${macOSVersion[1]} -ge 15 ) ]]; then
if ! grep -q '^run\b' /etc/synthetic.conf 2>/dev/null; then
echo "setting up /run via /etc/synthetic.conf..."
printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf >/dev/null
fi
if [[ $(grep -c '^run\b' /etc/synthetic.conf) -gt 1 ]]; then
echo "found duplicate run entries in /etc/synthetic.conf, removing..."
sudo sed -i "" -e '/^run\tprivate\/var\/run$/d' /etc/synthetic.conf
fi
if [[ ''${macOSVersion[0]} -gt 10 ]]; then
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t || true
else
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B || true
fi
if ! grep -q '^run\b' /etc/synthetic.conf 2>/dev/null; then
echo "setting up /run via /etc/synthetic.conf..."
printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf >/dev/null
fi
if [[ ! -L /run ]]; then
printf >&2 'error: apfs.util failed to symlink /run, aborting activation\n'
printf >&2 'To create a symlink from /run to /var/run, please run:\n'
printf >&2 '\n'
printf >&2 "$ printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf"
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t || true
if [[ ''${macOSVersion[0]} -gt 10 ]]; then
printf >&2 '$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t\n'
else
printf >&2 '$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B\n'
fi
printf >&2 '\n'
printf >&2 'The current contents of /etc/synthetic.conf is:\n'
printf >&2 '\n'
sudo sed 's/^/ /' /etc/synthetic.conf >&2
printf >&2 '\n'
exit 1
fi
else
echo "setting up /run..."
sudo ln -sfn private/var/run /run
if [[ ! -L /run ]]; then
printf >&2 'error: failed to symlink /run, aborting activation\n'
printf >&2 'To create a symlink from /run to /var/run, please run:\n'
printf >&2 '\n'
printf >&2 '$ sudo ln -sfn private/var/link /run\n'
exit 1
fi
if [[ ! -L /run ]]; then
printf >&2 'error: apfs.util failed to symlink /run, aborting activation\n'
printf >&2 'To create a symlink from /run to /var/run, please run:\n'
printf >&2 '\n'
printf >&2 "$ printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf\n"
printf >&2 '$ sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t\n'
printf >&2 '\n'
printf >&2 'The current contents of /etc/synthetic.conf is:\n'
printf >&2 '\n'
sed 's/^/ /' /etc/synthetic.conf >&2
printf >&2 '\n'
exit 1
fi
'';
}

72
modules/system/checks.nix
View file

@ -8,30 +8,29 @@ let
cfg = config.system.checks;
darwinChanges = ''
darwinChanges=/dev/null
if test -e /run/current-system/darwin-changes; then
darwinChanges=/run/current-system/darwin-changes
fi
darwinChanges=$(diff --changed-group-format='%>' --unchanged-group-format= /run/current-system/darwin-changes $systemConfig/darwin-changes 2> /dev/null) || true
if test -n "$darwinChanges"; then
echo >&2
echo "CHANGELOG" >&2
echo >&2
echo "$darwinChanges" >&2
echo >&2
fi
'';
runLink = ''
if [[ ! -e /run ]]; then
printf >&2 'error: directory /run does not exist, aborting activation\n'
macOSVersion = ''
IFS=. read -ra osVersion <<<"$(sw_vers -productVersion)"
if (( osVersion[0] < 11 || (osVersion[0] == 11 && osVersion[1] < 3) )); then
printf >&2 '\e[1;31merror: macOS version is less than 11.3, aborting activation\e[0m\n'
printf >&2 'Nixpkgs 25.05 requires macOS Big Sur 11.3 or newer, and 25.11 will\n'
printf >&2 'require macOS Sonoma 14.\n'
printf >&2 '\n'
printf >&2 'For more information on your options going forward, see the 25.05\n'
printf >&2 'release notes:\n'
printf >&2 '<https://nixos.org/manual/nixos/unstable/release-notes#sec-release-25.05>\n'
printf >&2 '\n'
printf >&2 'Nixpkgs 24.11 and nix-darwin 24.11 continue to support down to macOS\n'
printf >&2 'Sierra 10.12, and will be supported through June 2025.\n'
printf >&2 '\n'
printf >&2 'You can override this check by setting:\n'
printf >&2 '\n'
printf >&2 ' system.checks.verifyMacOSVersion = false;\n'
printf >&2 '\n'
printf >&2 'However, we are unable to provide support if you do so.\n'
exit 1
fi
'';
oldBuildUsers = ''
if dscl . -list /Users | grep -q '^nixbld'; then
echo "error: Detected old style nixbld users, aborting activation" >&2
@ -118,7 +117,6 @@ let
printf >&2 'Possible causes include setting up a new Nix installation with an\n'
printf >&2 'existing nix-darwin configuration, setting up a new nix-darwin\n'
printf >&2 'installation with an existing Nix installation, or manually increasing\n'
# shellcheck disable=SC2016
printf >&2 'your `system.stateVersion` setting.\n'
printf >&2 '\n'
printf >&2 'You can set the configured group ID to match the actual value:\n'
@ -139,7 +137,6 @@ let
printf >&2 '\n'
printf >&2 ' services.nix-daemon.enable = false;\n'
printf >&2 '\n'
# shellcheck disable=SC2016
printf >&2 'and remove `nix.useDaemon` from your configuration if it is present.\n'
printf >&2 '\n'
exit 2
@ -196,7 +193,7 @@ let
darwinConfig=$(NIX_PATH=$nixPath nix-instantiate --find-file darwin-config) || true
if ! test -e "$darwinConfig"; then
echo "error: Changed <darwin-config> but target does not exist, aborting activation" >&2
echo "Create ''${darwinConfig:-~/.nixpkgs/darwin-configuration.nix} or set environment.darwinConfig:" >&2
echo "Create ''${darwinConfig:-/etc/nix-darwin/configuration.nix} or set environment.darwinConfig:" >&2
echo >&2
echo " environment.darwinConfig = \"$(nix-instantiate --find-file darwin-config 2> /dev/null || echo '***')\";" >&2
echo >&2
@ -211,8 +208,8 @@ let
if ! test -e "$darwinPath"; then
echo "error: Changed <darwin> but target does not exist, aborting activation" >&2
echo "Add the darwin repo as a channel or set nix.nixPath:" >&2
echo "$ nix-channel --add https://github.com/LnL7/nix-darwin/archive/master.tar.gz darwin" >&2
echo "$ nix-channel --update" >&2
echo "$ sudo nix-channel --add https://github.com/LnL7/nix-darwin/archive/master.tar.gz darwin" >&2
echo "$ sudo nix-channel --update" >&2
echo >&2
echo "or set" >&2
echo >&2
@ -225,8 +222,8 @@ let
if ! test -e "$nixpkgsPath"; then
echo "error: Changed <nixpkgs> but target does not exist, aborting activation" >&2
echo "Add a nixpkgs channel or set nix.nixPath:" >&2
echo "$ nix-channel --add http://nixos.org/channels/nixpkgs-unstable nixpkgs" >&2
echo "$ nix-channel --update" >&2
echo "$ sudo nix-channel --add http://nixos.org/channels/nixpkgs-unstable nixpkgs" >&2
echo "$ sudo nix-channel --update" >&2
echo >&2
echo "or set" >&2
echo >&2
@ -279,7 +276,6 @@ let
if [[ -d /etc/ssh/authorized_keys.d ]]; then
printf >&2 '\e[1;31merror: /etc/ssh/authorized_keys.d exists, aborting activation\e[0m\n'
printf >&2 'SECURITY NOTICE: The previous implementation of the\n'
# shellcheck disable=SC2016
printf >&2 '`users.users.<name>.openssh.authorizedKeys.*` options would not delete\n'
printf >&2 'authorized keys files when the setting for a given user was removed.\n'
printf >&2 '\n'
@ -302,12 +298,20 @@ let
echo "Homebrew doesn't seem to be installed. Please install homebrew separately." >&2
echo "You can install homebrew using the following command:" >&2
echo >&2
# shellcheck disable=SC2016
echo ' /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"' >&2
echo >&2
exit 2
fi
'';
# some mac devices, notably notebook do not support restartAfterPowerFailure option
restartAfterPowerFailureIsSupported = ''
if sudo /usr/sbin/systemsetup -getRestartPowerFailure | grep -q "Not supported"; then
printf >&2 "\e[1;31merror: restarting after power failure is not supported on your machine\e[0m\n" >&2
printf >&2 "Please ensure that \`power.restartAfterPowerFailure\` is not set.\n" >&2
exit 2
fi
'';
in
{
@ -332,6 +336,12 @@ in
description = "Whether to run the Nix build users validation checks.";
};
system.checks.verifyMacOSVersion = mkOption {
type = types.bool;
default = true;
description = "Whether to run the macOS version check.";
};
system.checks.text = mkOption {
internal = true;
type = types.lines;
@ -342,8 +352,7 @@ in
config = {
system.checks.text = mkMerge [
darwinChanges
runLink
(mkIf cfg.verifyMacOSVersion macOSVersion)
(mkIf (cfg.verifyBuildUsers && !config.nix.configureBuildUsers) oldBuildUsers)
(mkIf cfg.verifyBuildUsers buildUsers)
(mkIf cfg.verifyBuildUsers preSequoiaBuildUsers)
@ -357,6 +366,7 @@ in
(mkIf cfg.verifyNixPath nixPath)
oldSshAuthorizedKeysDirectory
(mkIf config.homebrew.enable homebrewInstalled)
(mkIf (config.power.restartAfterPowerFailure != null) restartAfterPowerFailureIsSupported)
];
system.activationScripts.checks.text = ''

5
modules/system/default.nix
View file

@ -135,7 +135,10 @@ in
chmod u+x $out/activate-user
unset activationUserScript
shellcheck $out/activate $out/activate-user
# We exclude the warnings for `…` in singlequote strings and
# nonASCII quotation marks as they are noisy and lead to a lot
# of false positives in our userfacing output:
shellcheck --exclude=SC2016,SC1112 $out/activate $out/activate-user
echo -n "$systemConfig" > $out/systemConfig

11
modules/system/defaults-write.nix
View file

@ -9,6 +9,9 @@ let
"defaults write ${domain} '${key}' $'${strings.escape [ "'" ] (generators.toPlist { } value)}'";
defaultsToList = domain: attrs: mapAttrsToList (writeDefault domain) (filterAttrs (n: v: v != null) attrs);
# Filter out options to not pass through
# dock has alias options that we need to ignore
dockFiltered = (builtins.removeAttrs cfg.dock ["expose-group-by-app"]);
# defaults
alf = defaultsToList "/Library/Preferences/com.apple.alf" cfg.alf;
@ -21,7 +24,7 @@ let
LaunchServices = defaultsToList "com.apple.LaunchServices" cfg.LaunchServices;
NSGlobalDomain = defaultsToList "-g" cfg.NSGlobalDomain;
menuExtraClock = defaultsToList "com.apple.menuextra.clock" cfg.menuExtraClock;
dock = defaultsToList "com.apple.dock" cfg.dock;
dock = defaultsToList "com.apple.dock" dockFiltered;
finder = defaultsToList "com.apple.finder" cfg.finder;
hitoolbox = defaultsToList "com.apple.HIToolbox" cfg.hitoolbox;
magicmouse = defaultsToList "com.apple.AppleMultitouchMouse" cfg.magicmouse;
@ -39,7 +42,7 @@ let
CustomSystemPreferences = flatten (mapAttrsToList (name: value: defaultsToList name value) cfg.CustomSystemPreferences);
mkIfAttrs = list: mkIf (any (attrs: attrs != { }) list);
mkIfLists = list: mkIf (any (attrs: attrs != [ ]) list);
in
{
@ -54,7 +57,7 @@ in
else types.float.check x;
};
system.activationScripts.defaults.text = mkIfAttrs [
system.activationScripts.defaults.text = mkIfLists [
alf
loginwindow
smb
@ -71,7 +74,7 @@ in
${concatStringsSep "\n" CustomSystemPreferences}
'';
system.activationScripts.userDefaults.text = mkIfAttrs
system.activationScripts.userDefaults.text = mkIfLists
[
GlobalPreferences
LaunchServices

32
modules/system/defaults/WindowManager.nix
View file

@ -57,6 +57,38 @@ with lib;
'';
};
system.defaults.WindowManager.EnableTilingByEdgeDrag = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Enable dragging windows to screen edges to tile them. The default is true.
'';
};
system.defaults.WindowManager.EnableTopTilingByEdgeDrag = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Enable dragging windows to the menu bar to fill the screen. The default is true.
'';
};
system.defaults.WindowManager.EnableTilingOptionAccelerator = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Enable holding alt to tile windows. The default is true.
'';
};
system.defaults.WindowManager.EnableTiledWindowMargins = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Enable window margins when tiling windows. The default is true.
'';
};
system.defaults.WindowManager.StandardHideWidgets = mkOption {
type = types.nullOr types.bool;
default = null;

9
modules/system/defaults/dock.nix
View file

@ -6,6 +6,10 @@ let
# Should only be used with options that previously used floats defined as strings.
inherit (config.lib.defaults.types) floatWithDeprecationError;
in {
imports = [
(mkRenamedOptionModule [ "system" "defaults" "dock" "expose-group-by-app" ] [ "system" "defaults" "dock" "expose-group-apps" ])
];
options = {
system.defaults.dock.appswitcher-all-displays = mkOption {
@ -67,11 +71,11 @@ in {
'';
};
system.defaults.dock.expose-group-by-app = mkOption {
system.defaults.dock.expose-group-apps = mkOption {
type = types.nullOr types.bool;
default = null;
description = ''
Whether to group windows by application in Mission Control's Exposé. The default is true.
Whether to group windows by application in Mission Control's Exposé. The default is false.
'';
};
@ -220,7 +224,6 @@ in {
Magnified icon size on hover. The default is 16.
'';
};
system.defaults.dock.wvous-tl-corner = mkOption {
type = types.nullOr types.ints.positive;

15
modules/system/defaults/screencapture.nix
View file

@ -48,5 +48,20 @@ with lib;
Show thumbnail after screencapture before writing to file. The default is true.
'';
};
system.defaults.screencapture.target = mkOption {
type = types.nullOr (types.enum [ "file" "clipboard" "preview" "mail" "messages" ]);
default = null;
description = ''
Target to which screencapture should save screenshot to. The default is "file".
Valid values include:
* `file`: Saves as a file in location specified by `system.defaults.screencapture.location`
* `clipboard`: Saves screenshot to clipboard
* `preview`: Opens screenshot in Preview app
* `mail`
* `messages`
'';
};
};
}

1
modules/system/defaults/universalaccess.nix
View file

@ -28,7 +28,6 @@ with lib;
default = null;
description = ''
Disable transparency in the menu bar and elsewhere.
Requires macOS Yosemite or later.
The default is false.
'';
};

22
modules/system/version.nix
View file

@ -51,7 +51,7 @@ in
system.maxStateVersion = mkOption {
internal = true;
type = types.int;
default = 5;
default = 6;
};
system.darwinLabel = mkOption {
@ -59,11 +59,18 @@ in
description = "Label to be used in the names of generated outputs.";
};
system.darwinRelease = mkOption {
readOnly = true;
type = types.str;
default = (lib.importJSON ../../version.json).release;
description = "The nix-darwin release (e.g. `24.11`).";
};
system.darwinVersion = mkOption {
internal = true;
type = types.str;
default = "darwin${toString cfg.stateVersion}${cfg.darwinVersionSuffix}";
description = "The full darwin version (e.g. `darwin4.2abdb5a`).";
default = cfg.darwinRelease + cfg.darwinVersionSuffix;
description = "The full nix-darwin version (e.g. `24.11.2abdb5a`).";
};
system.darwinVersionSuffix = mkOption {
@ -72,7 +79,7 @@ in
default = if cfg.darwinRevision != null
then ".${substring 0 7 cfg.darwinRevision}"
else "";
description = "The short darwin version suffix (e.g. `.2abdb5a`).";
description = "The short nix-darwin version suffix (e.g. `.2abdb5a`).";
};
system.darwinRevision = mkOption {
@ -86,14 +93,15 @@ in
readOnly = true;
type = types.str;
default = lib.trivial.release;
description = "The nixpkgs release (e.g. `16.03`).";
description = "The nixpkgs release (e.g. `24.11`).";
};
# TODO: Shouldnt mismatch the Darwin release, rethink all this…
system.nixpkgsVersion = mkOption {
internal = true;
type = types.str;
default = cfg.nixpkgsRelease + cfg.nixpkgsVersionSuffix;
description = "The full nixpkgs version (e.g. `16.03.1160.f2d4ee1`).";
description = "The full nixpkgs version (e.g. `24.11.1160.f2d4ee1`).";
};
system.nixpkgsVersionSuffix = mkOption {
@ -124,7 +132,7 @@ in
config = {
# This default is set here rather than up there so that the options
# documentation is not reprocessed on every commit
system.darwinLabel = mkDefault "${cfg.nixpkgsVersion}+${cfg.darwinVersion}";
system.darwinLabel = mkDefault cfg.darwinVersion;
assertions = [
{

5
modules/users/default.nix
View file

@ -149,7 +149,6 @@ in
if ! sudo dscl . -change /Users/nobody NFSHomeDirectory "$homeDirectory" "$homeDirectory" &> /dev/null; then
if [[ -n "$SSH_CONNECTION" ]]; then
printf >&2 '\e[1;31merror: users cannot be %s over SSH without Full Disk Access, aborting activation\e[0m\n' "$2"
# shellcheck disable=SC2016
printf >&2 'The user %s could not be %s as `darwin-rebuild` was not executed with Full Disk Access over SSH.\n' "$1" "$2"
printf >&2 'You can either:\n'
printf >&2 '\n'
@ -157,7 +156,6 @@ in
printf >&2 '\n'
printf >&2 'or\n'
printf >&2 '\n'
# shellcheck disable=SC2016
printf >&2 ' run `darwin-rebuild` in a graphical session.\n'
printf >&2 '\n'
printf >&2 'The option "Allow full disk access for remote users" can be found by\n'
@ -171,11 +169,9 @@ in
if ! sudo dscl . -change /Users/nobody NFSHomeDirectory "$homeDirectory" "$homeDirectory" &> /dev/null; then
printf >&2 '\e[1;31merror: permission denied when trying to %s user %s, aborting activation\e[0m\n' "$2" "$1"
# shellcheck disable=SC2016
printf >&2 '`darwin-rebuild` requires permissions to administrate your computer,\n'
printf >&2 'please accept the dialog that pops up.\n'
printf >&2 '\n'
# shellcheck disable=SC2016
printf >&2 'If you do not wish to be prompted every time `darwin-rebuild updates your users,\n'
printf >&2 'you can grant Full Disk Access to your terminal emulator in System Settings.\n'
printf >&2 '\n'
@ -224,7 +220,6 @@ in
if [ "$u" -gt 501 ]; then
# TODO: add `darwin.primaryUser` as well
if [[ ${name} == "$USER" ]]; then
# shellcheck disable=SC2016
printf >&2 '\e[1;31merror: refusing to delete the user calling `darwin-rebuild` (%s), aborting activation\e[0m\n', ${name}
exit 1
fi

6
pkgs/darwin-uninstaller/configuration.nix
View file

@ -16,12 +16,12 @@ with lib;
nix.useDaemon = mkForce false;
system.activationScripts.postUserActivation.text = mkAfter ''
if [[ -L ~/.nix-defexpr/channels/darwin ]]; then
nix-channel --remove darwin || true
fi
nix-channel --remove darwin || true
'';
system.activationScripts.postActivation.text = mkAfter ''
nix-channel --remove darwin || true
if [[ -L /Applications/Nix\ Apps ]]; then
rm /Applications/Nix\ Apps
fi

3
pkgs/darwin-uninstaller/default.nix
View file

@ -56,7 +56,6 @@ in writeShellApplication {
if [[ -L /run ]]; then
if [[ -e /etc/synthetic.conf ]]; then
sudo sed -i -E '/^run[[:space:]]/d' /etc/synthetic.conf
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B &>/dev/null || true
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t &>/dev/null || true
echo >&2 "NOTE: the /run symlink will be removed on reboot"
else
@ -78,7 +77,7 @@ in writeShellApplication {
echo >&2
echo >&2 "checking darwin channel"
test -e ~/.nix-defexpr/channels/darwin && exit 1
nix-instantiate --find-file darwin && exit 1
echo >&2 "checking /etc"
test -e /etc/static && exit 1
echo >&2 "checking /run/current-system"

4
pkgs/nix-tools/darwin-option.sh
View file

@ -1,7 +1,9 @@
#! @shell@
set -e
set -o pipefail
export PATH=@path@:$PATH
export PATH=@path@
export NIX_PATH=${NIX_PATH:-@nixPath@}
evalNix() {
nix-instantiate --eval --strict "${extraEvalFlags[@]}" -E "with import <darwin> {}; $*" 2>/dev/null

17
pkgs/nix-tools/darwin-rebuild.sh
View file

@ -1,8 +1,9 @@
#! @shell@
set -e
set -o pipefail
export PATH=@path@:$PATH
export PATH=@path@
export NIX_PATH=${NIX_PATH:-@nixPath@}
showSyntax() {
echo "darwin-rebuild [--help] {edit | switch | activate | build | check | changelog}" >&2
@ -22,15 +23,9 @@ showSyntax() {
}
sudo() {
# REMOVEME when support for macOS 10.13 is dropped
# macOS 10.13 does not support sudo --preserve-env so we make this conditional
if command sudo --help | grep -- --preserve-env= >/dev/null; then
# We use `env` before our command to ensure the preserved PATH gets checked
# when trying to resolve the command to execute
command sudo -H --preserve-env=PATH --preserve-env=SSH_CONNECTION env "$@"
else
command sudo -H "$@"
fi
# We use `env` before our command to ensure the preserved PATH gets checked
# when trying to resolve the command to execute
command sudo -H --preserve-env=PATH --preserve-env=SSH_CONNECTION env "$@"
}
# Parse the command line.
@ -177,8 +172,8 @@ if [ "$action" != build ]; then
fi
if [ "$action" = edit ]; then
darwinConfig=$(nix-instantiate --find-file darwin-config)
if [ -z "$flake" ]; then
darwinConfig=$(nix-instantiate "${extraBuildFlags[@]}" --find-file darwin-config)
exec "${EDITOR:-vi}" "$darwinConfig"
else
exec nix "${flakeFlags[@]}" edit "${extraLockFlags[@]}" -- "$flake#$flakeAttr"

29
pkgs/nix-tools/default.nix
View file

@ -5,12 +5,31 @@
, substituteAll
, stdenv
, profile ? "/nix/var/nix/profiles/system"
, nixPackage ? "/nix/var/nix/profiles/default"
, systemPath ? "$HOME/.nix-profile/bin:/etc/profiles/per-user/$USER/bin:/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin"
, # This should be kept in sync with the default
# `environment.systemPath`. We err on side of including conditional
# things like the profile directories, since theyre more likely to
# help than hurt, and this default is mostly used for fresh
# installations anyway.
systemPath ? lib.concatStringsSep ":" [
"$HOME/.nix-profile/bin"
"/etc/profiles/per-user/$USER/bin"
"/run/current-system/sw/bin"
"/nix/var/nix/profiles/default/bin"
"/usr/local/bin"
"/usr/bin"
"/bin"
"/usr/sbin"
"/sbin"
]
, # This should be kept in sync with the default `nix.nixPath`.
nixPath ? lib.concatStringsSep ":" [
"darwin-config=/etc/nix-darwin/configuration.nix"
"/nix/var/nix/profiles/per-user/root/channels"
]
}:
let
extraPath = lib.makeBinPath [ nixPackage coreutils jq git ];
extraPath = lib.makeBinPath [ coreutils jq git ];
writeProgram = name: env: src:
substituteAll ({
@ -25,14 +44,14 @@ in
{
darwin-option = writeProgram "darwin-option"
{
inherit path;
inherit path nixPath;
inherit (stdenv) shell;
}
./darwin-option.sh;
darwin-rebuild = writeProgram "darwin-rebuild"
{
inherit path profile;
inherit path nixPath profile;
inherit (stdenv) shell;
postInstall = ''
mkdir -p $out/share/zsh/site-functions

2
tests/environment-path.nix
View file

@ -30,8 +30,8 @@ with lib;
"afterProfile/bin"
"/usr/local/bin"
"/usr/bin"
"/usr/sbin"
"/bin"
"/usr/sbin"
"/sbin"
"afterPath"
]}"

32
tests/fixtures/system-defaults-write/activate-user.txt vendored
View file

@ -235,6 +235,11 @@ defaults write com.apple.dock 'autohide-delay' $'<?xml version="1.0" encoding="U
<plist version="1.0">
<real>0.240000</real>
</plist>'
defaults write com.apple.dock 'expose-group-apps' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.dock 'orientation' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
@ -421,6 +426,11 @@ defaults write com.apple.screencapture 'location' $'<?xml version="1.0" encoding
<plist version="1.0">
<string>/tmp</string>
</plist>'
defaults write com.apple.screencapture 'target' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<string>file</string>
</plist>'
defaults write com.apple.screensaver 'askForPassword' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
@ -509,6 +519,26 @@ defaults write com.apple.WindowManager 'EnableStandardClickToShowDesktop' $'<?xm
<plist version="1.0">
<false/>
</plist>'
defaults write com.apple.WindowManager 'EnableTiledWindowMargins' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.WindowManager 'EnableTilingByEdgeDrag' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.WindowManager 'EnableTilingOptionAccelerator' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.WindowManager 'EnableTopTilingByEdgeDrag' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<true/>
</plist>'
defaults write com.apple.WindowManager 'GloballyEnabled' $'<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
@ -568,4 +598,4 @@ defaults write ~/Library/Preferences/ByHost/com.apple.controlcenter 'Sound' $'<?
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<integer>24</integer>
</plist>'
</plist>'

58
tests/services-aerospace.nix
View file

@ -8,6 +8,7 @@ in
services.aerospace.enable = true;
services.aerospace.package = aerospace;
services.aerospace.settings = {
after-startup-command = [ "layout tiles" ];
gaps = {
outer.left = 8;
outer.bottom = 8;
@ -20,6 +21,32 @@ in
alt-k = "focus up";
alt-l = "focus right";
};
on-window-detected = [
{
"if" = {
app-id = "Another.Cool.App";
during-aerospace-startup = false;
};
check-further-callbacks = false;
run = "move-node-to-workspace m";
}
{
"if".app-name-regex-substring = "finder|calendar";
run = "layout floating";
}
{
"if".workspace = "1";
run = "layout h_accordion";
}
];
workspace-to-monitor-force-assignment = {
"1" = 1;
"2" = "main";
"3" = "secondary";
"4" = "built-in";
"5" = "^built-in retina display$";
"6" = [ "secondary" "dell" ];
};
};
test = ''
@ -31,6 +58,35 @@ in
${config.out}/user/Library/LaunchAgents/org.nixos.aerospace.plist`
echo >&2 "checking config in $conf"
if [ `cat $conf | wc -l` -eq "27" ]; then echo "aerospace.toml config correctly contains 27 lines"; else return 1; fi
grep 'after-startup-command = \["layout tiles"\]' $conf
grep 'bottom = 8' $conf
grep 'left = 8' $conf
grep 'right = 8' $conf
grep 'top = 8' $conf
grep 'alt-h = "focus left"' $conf
grep 'alt-j = "focus down"' $conf
grep 'alt-k = "focus up"' $conf
grep 'alt-l = "focus right"' $conf
grep 'check-further-callbacks = false' $conf
grep 'run = "move-node-to-workspace m"' $conf
grep 'app-id = "Another.Cool.App"' $conf
grep 'during-aerospace-startup = false' $conf
grep 'run = "layout floating"' $conf
grep 'app-name-regex-substring = "finder|calendar"' $conf
(! grep 'window-title-regex-substring' $conf)
grep 'workspace = "1"' $conf
grep 'run = "layout h_accordion"' $conf
grep '1 = 1' $conf
grep '2 = "main"' $conf
grep '3 = "secondary"' $conf
grep '4 = "built-in"' $conf
grep '5 = "^built-in retina display$"' $conf
grep '6 = \["secondary", "dell"\]' $conf
'';
}

6
tests/system-defaults-write.nix
View file

@ -46,6 +46,7 @@
system.defaults.menuExtraClock.Show24Hour = false;
system.defaults.menuExtraClock.ShowDayOfWeek = true;
system.defaults.menuExtraClock.ShowDate = 2;
system.defaults.dock.expose-group-apps = true;
system.defaults.dock.appswitcher-all-displays = false;
system.defaults.dock.autohide-delay = 0.24;
system.defaults.dock.orientation = "left";
@ -73,6 +74,7 @@
system.defaults.finder.ShowRemovableMediaOnDesktop = false;
system.defaults.hitoolbox.AppleFnUsageType = "Show Emoji & Symbols";
system.defaults.screencapture.location = "/tmp";
system.defaults.screencapture.target = "file";
system.defaults.screencapture.include-date = true;
system.defaults.screensaver.askForPassword = true;
system.defaults.screensaver.askForPasswordDelay = 5;
@ -94,6 +96,10 @@
system.defaults.WindowManager.AppWindowGroupingBehavior = true;
system.defaults.WindowManager.StandardHideDesktopIcons = false;
system.defaults.WindowManager.HideDesktop = false;
system.defaults.WindowManager.EnableTilingByEdgeDrag = true;
system.defaults.WindowManager.EnableTopTilingByEdgeDrag = true;
system.defaults.WindowManager.EnableTilingOptionAccelerator = true;
system.defaults.WindowManager.EnableTiledWindowMargins = true;
system.defaults.WindowManager.StandardHideWidgets = true;
system.defaults.WindowManager.StageManagerHideWidgets = true;
system.defaults.CustomUserPreferences = {

4
version.json Normal file
View file

@ -0,0 +1,4 @@
{
"release": "25.05",
"isReleaseBranch": false
}