1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2024-12-14 11:57:34 +00:00
Commit graph

1117 commits

Author SHA1 Message Date
Sebastian Reuße
6ad463a764
zsh: don't be noisy when scripts are run with -u
When a script specifies the shell option "nounset" as part of the
shebang (e.g., via "#!/usr/bin/env -S zsh -u"), our initialization
scripts would produce error messages of the form:

    __ETC_FOO_SOURCED: parameter not set

These messages could probably be confusing to users when running such
scripts. By providing a fall-back in the parameter expansion, we can
avoid them.

This patch does not address interactive shell start-up, where such
messages may (or may not) be less problematic.

NixOS/nixpkgs@7d84dbdf5b
2024-09-11 14:07:24 +02:00
Jörg Thalheim
7e6c548eef
zsh: let children shells set their fpath
Currently zshenv by default only sets fpath without exporting it. A
parent shell would also not set those variables usually as they are
shell local.

It also sources a file called set-environment but this is protected by
an environment variable called __NIX_DARWIN_SET_ENVIRONMENT_DONE. Hence
any modification done by the parent shell should persist as long as
__NIX_DARWIN_SET_ENVIRONMENT_DONE is not unset.

This behavior deviates from what we do in bashrc and breaks common
setups such as tmux/mosh or screen.

NixOS/nixpkgs@55819e6c86
2024-09-11 13:01:26 +02:00
Emily
88b97aa49c {ids,checks}: update for new builder UID/GID values 2024-09-11 01:17:01 +01:00
Emily
9c60c95008 checks: make oldBuildUsers check fail hard
Checking for the Sequoia stuff won’t work properly if a system is
still in this old state. Best to be loud about it to deal with any
straggler systems that haven’t yet dealt with this issue.
2024-09-11 00:37:08 +01:00
Emily
2af5f0fb9e checks: factor out nix.useDaemon check 2024-09-11 00:37:08 +01:00
Sebastian Reuße
15f64efcaf
zsh: prefer Nix completions these from Zsh package
Zsh ships some rudimentary completions for programs where upstream also
ships their own completions (e.g., curl). So as not to shadow those
completions, we need to prepend to the fpath instead of appending.

NixOS/nixpkgs@8dad5a2239
2024-09-10 21:40:11 +02:00
Jan Malakhovski
4d59f660bc
zsh: move fpath init from /etc/zshrc to /etc/zshenv
We want these to be set even when /etc/zshrc loading is disabled.

NixOS/nixpkgs@f70e3f3738
2024-09-10 21:35:35 +02:00
natsukium
ec76c31dbd
checks.nix: fix typo 2024-09-10 22:20:22 +09:00
Sirio Balmelli
c334175319
nixos/github-runner: quote comma separators so as to pass shellcheck
Shellcheck complains:

       > args=(
       >      ^-- SC2054 (warning): Use spaces, not commas, to separate array elements.

Quote the --labels argument to resolve.

Signed-off-by: Sirio Balmelli <sirio@b-ad.ch>
2024-09-06 14:57:35 +02:00
Emily
97e0f72759 users: allow arbitrary group IDs
The upstream Nix UID/GID changes for Sequoia will require us to manage
a group with GID 350. That will require more work on our end to ensure
compatibility and a working migration path, but this is enough to
allow hacking around it locally in system configurations for now.
2024-09-05 10:39:01 +01:00
Michael Hoang
e1b6f307ec linux-builder: make package.nixosConfig accurate 2024-09-05 13:54:53 +10:00
Michael Hoang
7c4b53a7d9
Merge pull request #1051 from booxter/suppress-gpg-connect-agent-stderr
gpg: Suppress stderr from gpg-connect-agent on shell init
2024-09-01 21:15:02 +10:00
Ihar Hrachyshka
75d14c62cb gpg: Suppress stderr from gpg-connect-agent on shell init
In some scenarios, the command may fail, e.g. when the shell is executed
with a different $HOME from where gpg agent is configured to run from.

(E.g. this happens in kitty terminal test suite.)

This patch will suppress stderr errors on tty in this situation.

Note that zsh does not allow to suppress execution of /etc/zshenv on
startup, so it's impossible to skip it in the test suite environment.

An alternative would be to set IN_NIX_SHELL in the test suite, but this
was rejected in upstream:

https://github.com/kovidgoyal/kitty/pull/7800

There's also a kitty package specific fix posted here but this may be
unnecessary once nix-darwin is patched here:

https://github.com/NixOS/nixpkgs/pull/338070

Signed-off-by: Ihar Hrachyshka <ihar.hrachyshka@gmail.com>
2024-08-29 16:37:56 -04:00
Corey Jewett
544db3691c Add sha256 for DeterminateSystems Nix installer 0.22.0 2024-08-29 10:51:52 -07:00
Michael Hoang
ac5694a0b8
Merge pull request #1044 from Enzime/add/known-hash
etc: add known hash for DetSys installer 0.20.0+
2024-08-25 14:56:10 +10:00
Michael Hoang
2bd4949af3 etc: add known hash for DetSys installer 0.20.0+ 2024-08-25 14:36:37 +10:00
isabel
c06794de03
feat: system.disableInstallerTools 2024-08-21 14:29:54 +01:00
Michael Hoang
076b9a905a
Merge pull request #1026 from thecaralice/nochan
Allow disabling channels
2024-08-17 11:59:09 +10:00
Alice Carroll
5afa71b413
fix: respect user nixPath configuration 2024-08-17 02:51:01 +03:00
Alice Carroll
691a590bff
feat: allow disabling channels 2024-08-17 02:51:01 +03:00
Alice Carroll
d5dba1c6f5
refactor: rename environment.postBuild to environment.extraSetup 2024-08-17 02:50:56 +03:00
Maxime Daffis
636d1a09d8 (feature) Add swapLeftCtrlAndFn
Use this and never find yourself again hitting fn because of muscle
memory! (you can even physically swap the keycaps, at least on M series)

Keycodes have been pulled from https://hidutil-generator.netlify.app/
and the hex value has been converted to a base 10 int.
2024-08-05 13:00:32 +02:00
Maxime Daffis
3dd14e466c (feature) Add Stage Manager (com.apple.WindowManager) settings as system.defaults.windowmanager
All credits go to @AlexOwl. Their [PR](https://github.com/LnL7/nix-darwin/pull/505)
looked abandonned so I reported their changes and addressed the change
requests.
2024-08-02 01:17:45 +02:00
Jörg Thalheim
cf45edbf27 programs.ssh: add certificate authorities 2024-07-31 19:34:17 +02:00
Emily
7e08a9dd34
Merge pull request #1018 from Enzime/fix/github-runners-work-dir
github-runners: move `workDir` outside of `/run`
2024-07-31 18:00:20 +01:00
Emily
0413754b3c
Merge pull request #1012 from Enzime/fix/dock-not-running
defaults: only restart Dock when user is logged in
2024-07-27 13:17:26 +01:00
zowoq
e88eb66c2b mapAttrsFlatten -> mapAttrsToList
deprecated in 473e469d5a
2024-07-27 13:37:28 +10:00
Michael Hoang
dc8e1f4839 github-runners: move workDir outside of /run
As `/run` gets recreated every reboot and we can't specify dependencies
for launchd, creating the `workDir` every reboot will require extra
complexity with a separate daemon that runs as `root` otherwise it won't
have sufficient privileges.

As we clean the `workDir` when the service first starts anyway, it ends
up being the same.
2024-07-27 10:41:18 +10:00
Michael Hoang
a6903cf7e3 activation-scripts: add extra comment 2024-07-27 10:39:57 +10:00
Michael Hoang
5c8fb55182 Revert "github-runnners: fix workDir missing on reboot"
This reverts commit fe99aa9699.
2024-07-27 10:26:37 +10:00
Michael Hoang
a566238826 defaults: only restart Dock when user is logged in 2024-07-25 12:24:30 +10:00
347Online | Katie Janzen
be14a2add1 Add inline prediction option mirroring the capitalization option 2024-07-24 12:51:20 -05:00
Michael Hoang
fe99aa9699 github-runnners: fix workDir missing on reboot 2024-07-23 11:06:40 +10:00
Nikola Milojević
199cf34012
chore: removing deprecations for 25.05 nix 2024-07-22 13:37:17 +02:00
Emily
33bf7df5bb
Merge pull request #973 from amsynist/modules/services/jankyborders
module : `jankyborders` for window borders Configuration
2024-07-21 09:21:06 +01:00
Prav!n
fa0d64721f module: add jankyborders service
- Added the jankyborders service.
- Introduced changes for whitelist and blacklist options and assertions.
- emoved path reference from launchd argument.
- Corrected missing trailing newline in default.nix.
2024-07-21 02:54:45 +05:30
Michael Hoang
a3e4a7b8ff
Merge pull request #999 from Enzime/restart-dock
defaults: restart Dock when changing settings
2024-07-18 12:43:02 +10:00
Michael Hoang
ce130f4b20 defaults: restart Dock when changing settings 2024-07-16 11:28:20 +10:00
Michael Hoang
7522a30d32
Merge pull request #997 from thanegill/patch-3
Add `User` and  already generated `IdentityFile` to ssh_config for `nix.linux-builder`
2024-07-16 09:34:28 +10:00
Thane Gill
395e4d3794
Update modules/nix/linux-builder.nix
Co-authored-by: Michael Hoang <Enzime@users.noreply.github.com>
2024-07-12 09:50:57 -07:00
Emily
cf297a8d24
Merge pull request #976 from emilazy/openssh-use-links-for-authorized-keys
ssh: use symlinks for `authorizedKeys` options
2024-07-10 09:17:22 +01:00
Thane Gill
b34d1bee48 Add User and already generated IdentityFile to ssh_config for nix.linux-builder 2024-07-09 13:16:19 -07:00
Henrique Goncalves
e2a85731a0
nextdns: fix argument handling 2024-07-08 16:36:31 -03:00
Ian Chamberlain
b7e112cdf9
Add lix-installer to known files 2024-07-06 18:04:06 -04:00
Nikola Milojević
e00896468a
chore: remove mkpackageoptionmd deprecation 2024-07-01 16:24:41 +02:00
Samuel Tam
4141697ed2
checks.nix: disable verifyBuildUsers for auto-allocate-uids 2024-06-23 15:14:48 +08:00
Michael Hoang
29b3096a6e
Merge pull request #974 from nicknovitski/linux-builder-crossarch 2024-06-17 22:17:38 +00:00
Nick Novitski
d21ba5a487 linux-builder: make compatible with cross-arch builder package
Before this commit, aarch64 users building the following configuration
would end up with an aarch64-linux builder, while after it, they get the
x86_64-linux builder they expect:
```nix
 nix.linux-builder = {
  enable = true;
  package = pkgs.darwin.linux-builder-x86_64;
};
```

Before, in order to get an x86_64-linux builder, they would have needed
to use this configuration instead:
```nix
 nix.linux-builder = {
  enable = true;
  config.nixpkgs.hostPlatform = "x86_64-linux";
  systems = ["x86_64-linux"];
};
```

The reason for this is that the linux-builder module calls `override` on
the package option, and the `linux-builder-x86_64` package is also
defined using override:
```nix
linux-builder-x86_64 = linux-builder.override {
  modules = [ { nixpkgs.hostPlatform = "x86_64-linux"; } ];
};
```

The module was effectively discarding the `nixpkgs.hostPlatform` option.

Example issue: https://github.com/NixOS/nixpkgs/issues/313784
2024-06-16 14:03:41 -07:00
Emily
36a15e8c6c write-text: remove support for copy
This is a huge anti‐declarative footgun; `copy` files cannot
distinguish if a previous version is managed by nix-darwin, so they
can’t check the hash, so they’re prone to destroying data, and
copied files are not deleted when they’re removed from the system
configuration, which led to a security bug. Nothing else in‐tree
was using this functionality, so let’s make sure it doesn’t
cause any more bugs.
2024-06-15 12:15:13 +01:00
Emily
b833d4a32d ssh: use symlinks for authorizedKeys options
As explained in the changelog and activation check, the previous
implementation had a nasty security bug that made removing a user’s
authorized keys effectively a no‐op.
2024-06-15 12:15:13 +01:00