This is hopefully largely cosmetic, but should increase user
confidence in the safety and effectiveness of the migration, and the
Determinate Systems and Lix installer commands will also update the
`/nix/receipt.json` files to match the changes made. They cannot
properly handle the format of each other’s receipts, so we need to
detect which was used.
Checking for the Sequoia stuff won’t work properly if a system is
still in this old state. Best to be loud about it to deal with any
straggler systems that haven’t yet dealt with this issue.
As explained in the changelog and activation check, the previous
implementation had a nasty security bug that made removing a user’s
authorized keys effectively a no‐op.
This process was automated by [my fork of `nix-doc-munge`]; thanks
to @pennae for writing this tool! It automatically checks that the
resulting documentation doesn't change, although my fork loosens
this a little to ignore some irrelevant whitespace and typographical
differences.
As of this commit there is no DocBook remaining in the options
documentation.
You can play along at home if you want to reproduce this commit:
$ NIX_PATH=nixpkgs=flake:nixpkgs/c1bca7fe84c646cfd4ebf3482c0e6317a0b13f22 \
nix shell nixpkgs#coreutils \
-c find . -name '*.nix' \
-exec nix run github:emilazy/nix-doc-munge/0a7190f600027bf7baf6cb7139e4d69ac2f51062 \
{} +
[my fork of `nix-doc-munge`]: https://github.com/emilazy/nix-doc-munge
According to some investigation creating "role" accounts avoids
migration problems when upgrading to certain macOS versions, so create
the build users to match that definition and remove the old ones if
present.
Role accounts require name starting with _ and UID in 200-400 range
This case will cause problems when existing files in /etc are replaced
instead of skipped with a warning, potentially breaking the nix install
in the process.
The nix.useDaemon option enables using a multi-user install without
managing the nix installation with nix-darwin. The following checks
apply to both cases.
All the checks are now aggregated in system.checks.text making it easy
to allow certain checks to be disabled as well as disabling them
alltogether if desired. eg.
# Disable all checks.
system.checks.text = mkForce "";
Fixes#117
