1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2025-03-31 04:04:45 +00:00

linux-builder: remove /nix/store external directory when disabled

When /nix/store internal directories get renamed, they just don't get
into the next version of your system closure and are thus no problem to
rename. But state in the system is a problem, as there is no process to
remov eit. Thus we need to do it ourselves.
This commit is contained in:
‮rekcäH nitraM‮ 2025-03-24 21:44:21 +01:00
parent 8246e9dc79
commit e8f9cf2e2e

View file

@ -159,69 +159,78 @@ in
'';
};
config = mkIf cfg.enable {
assertions = [
{
assertion = config.nix.enable;
message = ''`nix.linux-builder.enable` requires `nix.enable`'';
}
];
config = mkMerge [
# get rid of /nix/store external directory when disabled
(mkIf (!cfg.enable) {
system.activationScripts.preActivation.text = ''
rm -rf ${cfg.workingDirectory}
'';
})
# normal config when enabled
(mkIf cfg.enable {
assertions = [
{
assertion = config.nix.enable;
message = ''`nix.linux-builder.enable` requires `nix.enable`'';
}
];
system.activationScripts.preActivation.text = ''
# upgrade old path
if [ -e /var/lib/darwin-builder ] && [ ! -e ${cfg.workingDirectory} ]; then
mv /var/lib/darwin-builder ${cfg.workingDirectory}
fi
system.activationScripts.preActivation.text = ''
# upgrade old path
if [ -e /var/lib/darwin-builder ] && [ ! -e ${cfg.workingDirectory} ]; then
mv /var/lib/darwin-builder ${cfg.workingDirectory}
fi
mkdir -p ${cfg.workingDirectory}
'';
launchd.daemons.linux-builder = {
environment = {
inherit (config.environment.variables) NIX_SSL_CERT_FILE;
};
# create-builder uses TMPDIR to share files with the builder, notably certs.
# macOS will clean up files in /tmp automatically that haven't been accessed in 3+ days.
# If we let it use /tmp, leaving the computer asleep for 3 days makes the certs vanish.
# So we'll use /run/org.nixos.linux-builder instead and clean it up ourselves.
script = ''
export TMPDIR=/run/org.nixos.linux-builder USE_TMPDIR=1
rm -rf $TMPDIR
mkdir -p $TMPDIR
trap "rm -rf $TMPDIR" EXIT
${lib.optionalString cfg.ephemeral ''
rm -f ${cfg.workingDirectory}/${cfg.package.nixosConfig.networking.hostName}.qcow2
''}
${cfg.package}/bin/create-builder
mkdir -p ${cfg.workingDirectory}
'';
serviceConfig = {
KeepAlive = true;
RunAtLoad = true;
WorkingDirectory = cfg.workingDirectory;
};
};
launchd.daemons.linux-builder = {
environment = {
inherit (config.environment.variables) NIX_SSL_CERT_FILE;
};
environment.etc."ssh/ssh_config.d/100-linux-builder.conf".text = ''
Host linux-builder
# create-builder uses TMPDIR to share files with the builder, notably certs.
# macOS will clean up files in /tmp automatically that haven't been accessed in 3+ days.
# If we let it use /tmp, leaving the computer asleep for 3 days makes the certs vanish.
# So we'll use /run/org.nixos.linux-builder instead and clean it up ourselves.
script = ''
export TMPDIR=/run/org.nixos.linux-builder USE_TMPDIR=1
rm -rf $TMPDIR
mkdir -p $TMPDIR
trap "rm -rf $TMPDIR" EXIT
${lib.optionalString cfg.ephemeral ''
rm -f ${cfg.workingDirectory}/${cfg.package.nixosConfig.networking.hostName}.qcow2
''}
${cfg.package}/bin/create-builder
'';
serviceConfig = {
KeepAlive = true;
RunAtLoad = true;
WorkingDirectory = cfg.workingDirectory;
};
};
environment.etc."ssh/ssh_config.d/100-linux-builder.conf".text = ''
Host linux-builder
User builder
Hostname localhost
HostKeyAlias linux-builder
Port 31022
IdentityFile /etc/nix/builder_ed25519
'';
'';
nix.distributedBuilds = true;
nix.distributedBuilds = true;
nix.buildMachines = [{
hostName = "linux-builder";
sshUser = "builder";
sshKey = "/etc/nix/builder_ed25519";
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUpCV2N4Yi9CbGFxdDFhdU90RStGOFFVV3JVb3RpQzVxQkorVXVFV2RWQ2Igcm9vdEBuaXhvcwo=";
inherit (cfg) mandatoryFeatures maxJobs protocol speedFactor supportedFeatures systems;
}];
nix.buildMachines = [{
hostName = "linux-builder";
sshUser = "builder";
sshKey = "/etc/nix/builder_ed25519";
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUpCV2N4Yi9CbGFxdDFhdU90RStGOFFVV3JVb3RpQzVxQkorVXVFV2RWQ2Igcm9vdEBuaXhvcwo=";
inherit (cfg) mandatoryFeatures maxJobs protocol speedFactor supportedFeatures systems;
}];
nix.settings.builders-use-substitutes = true;
};
nix.settings.builders-use-substitutes = true;
})
];
}