mirrors/nix-darwin
mirrors/nix-darwin
1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2025-03-31 04:04:45 +00:00
Code Activity

nix-daemon: use PathState to wait for nix store

Browse source 
This allows to avoid wait4path and sh from execution path; simplifying
permissions setup for the daemon (which needs Full Disk Access to manage
all files under /nix/store.)

Signed-off-by: Ihar Hrachyshka <ihar.hrachyshka@gmail.com>
This commit is contained in:
Ihar Hrachyshka 2025-03-15 12:23:53 -04:00
parent adf5c88ba1
commit dda8683244
2 changed files with 15 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
modules/services/nix-daemon.nix
View file

@ -40,18 +40,25 @@ in
};
};
config = mkIf config.nix.enable {
config = let
nixDaemonCmd = lib.getExe' config.nix.package "nix-daemon";
keepAliveArgs = if cfg.enableSocketListener then {
command = nixDaemonCmd;
} else {
serviceConfig.ProgramArguments = [ nixDaemonCmd ];
serviceConfig.KeepAlive.PathState = {
"/nix/store" = true;
};
};
in mkIf config.nix.enable {
launchd.daemons.nix-daemon = {
command = lib.getExe' config.nix.package "nix-daemon";
launchd.daemons.nix-daemon = lib.recursiveUpdate {
serviceConfig.ProcessType = config.nix.daemonProcessType;
serviceConfig.LowPriorityIO = config.nix.daemonIOLowPriority;
serviceConfig.Label = "org.nixos.nix-daemon"; # must match daemon installed by Nix regardless of the launchd label Prefix
serviceConfig.SoftResourceLimits.NumberOfFiles = mkDefault 1048576;
serviceConfig.StandardErrorPath = cfg.logFile;
serviceConfig.KeepAlive = mkIf (!cfg.enableSocketListener) true;
serviceConfig.Sockets = mkIf cfg.enableSocketListener
{ Listeners.SockType = "stream";
Listeners.SockPathName = "/nix/var/nix/daemon-socket/socket";
@ -68,7 +75,6 @@ in
OBJC_DISABLE_INITIALIZE_FORK_SAFETY = mkDefault "YES";
}
];
};
} keepAliveArgs;
};
}

5
tests/services-nix-daemon.nix
View file

@ -14,10 +14,9 @@ in
test = ''
echo checking nix-daemon service in /Library/LaunchDaemons >&2
grep "<string>org.nixos.nix-daemon</string>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-daemon.plist
grep "<string>/bin/wait4path" ${config.out}/Library/LaunchDaemons/org.nixos.nix-daemon.plist
grep "&amp;&amp;" ${config.out}/Library/LaunchDaemons/org.nixos.nix-daemon.plist
grep "exec ${nix}/bin/nix-daemon</string>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-daemon.plist
grep "${nix}/bin/nix-daemon</string>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-daemon.plist
grep "<key>KeepAlive</key>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-daemon.plist
grep "<key>PathState</key>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-daemon.plist
(! grep "<key>Sockets</key>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-daemon.plist)
echo checking NIX_SSL_CERT_FILE in nix-daemon service >&2