Use QueueDirectories to wait for /nix/store for keepalived services

This allows to get rid of wait4path and sh from the execution path for
the services. Which simplifies permissions configuration for nix-daemon,
among other things. (No longer needed to grant Full Disk Access / App
Management to /bin/sh for nix-daemon to deal with .app bundles.)

Related: https://github.com/NixOS/nix/issues/6765

Signed-off-by: Ihar Hrachyshka <ihar.hrachyshka@gmail.com>

modules/launchd/default.nix

@@ -79,19 +79,26 @@ let
         };
       };
 
-      config = {
+      config = let
+        keepAlive = (config.serviceConfig.KeepAlive != false && config.serviceConfig.KeepAlive != null);
+      in {
         command = mkIf (config.script != "") (pkgs.writeScript "${name}-start" ''
           #! ${stdenv.shell}
 
           ${config.script}
         '');
 
+        serviceConfig.QueueDirectories = mkIf keepAlive [ "/nix/store" ];
         serviceConfig.Label = mkDefault "${cfg.labelPrefix}.${name}";
-        serviceConfig.ProgramArguments = mkIf (config.command != "") [
+        serviceConfig.ProgramArguments = mkIf (config.command != "") (
-          "/bin/sh"
+          if keepAlive then [
-          "-c"
+            "${config.command}"
-          "/bin/wait4path /nix/store && exec ${config.command}"
+          ] else [
-        ];
+            "/bin/sh"
+            "-c"
+            "/bin/wait4path /nix/store && exec ${config.command}"
+          ]
+        );
         serviceConfig.EnvironmentVariables = mkIf (env != {}) env;
       };
     };

tests/autossh.nix

@@ -12,8 +12,7 @@
   test = ''
     plist=${config.out}/Library/LaunchDaemons/org.nixos.autossh-foo.plist
     test -f $plist
-    grep '<string>/bin/wait4path /nix/store &amp;&amp; exec /nix/store/.*/bin/autossh ' $plist
+    grep '<string>/nix/store/.*/bin/autossh.*-i /some/key' $plist
-    grep '<string>/bin/wait4path /nix/store &amp;&amp; exec.*-i /some/key ' $plist
     tr -d '\n\t ' <$plist |grep '<key>KeepAlive</key><true */>'
   '';
 }

tests/services-lorri.nix

@@ -33,10 +33,8 @@ in
     <service.json jq -e ".KeepAlive                     == true"
     <service.json jq -e ".Label                         == \"org.nixos.lorri\""
     <service.json jq -e ".ProcessType                   == \"Background\""
-    <service.json jq -e ".ProgramArguments|length       == 3"
+    <service.json jq -e ".ProgramArguments|length       == 1"
-    <service.json jq -e ".ProgramArguments[0]           == \"/bin/sh\""
+    <service.json jq -e ".ProgramArguments[0]           == \"${pkgs.lorri}/bin/lorri daemon\""
-    <service.json jq -e ".ProgramArguments[1]           == \"-c\""
-    <service.json jq -e ".ProgramArguments[2]           == \"/bin/wait4path /nix/store && exec ${pkgs.lorri}/bin/lorri daemon\""
     <service.json jq -e ".RunAtLoad                     == true"
   '';
 }

tests/services-nix-daemon.nix

@@ -14,9 +14,7 @@ in
   test = ''
     echo checking nix-daemon service in /Library/LaunchDaemons >&2
     grep "<string>org.nixos.nix-daemon</string>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-daemon.plist
-    grep "<string>/bin/wait4path" ${config.out}/Library/LaunchDaemons/org.nixos.nix-daemon.plist
+    grep "${nix}/bin/nix-daemon</string>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-daemon.plist
-    grep "&amp;&amp;" ${config.out}/Library/LaunchDaemons/org.nixos.nix-daemon.plist
-    grep "exec ${nix}/bin/nix-daemon</string>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-daemon.plist
     grep "<key>KeepAlive</key>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-daemon.plist
     (! grep "<key>Sockets</key>" ${config.out}/Library/LaunchDaemons/org.nixos.nix-daemon.plist)