1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2024-12-14 11:57:34 +00:00
Commit graph

241 commits

Author SHA1 Message Date
Michael Hoang
698414e409 nix-daemon: enable by default
Single user installs have been unsupported by the official Nix installer
since 2.4.
2024-11-16 23:19:11 +11:00
Michael Hoang
d2498644fd nix-daemon: remove with lib; 2024-11-16 23:19:11 +11:00
Michael Hoang
dae702993d activate-system: remove enable option
Disabling this is not supported as `/run` gets cleared out on every
reboot so it is necessary for ensuring that the `/run/current-system`
symlink exists.
2024-11-15 14:10:48 +11:00
Yuriy Taraday
110d49af63 github-runner: Fix labels for different nixpkgs versions
Changes to escapeShellArg introduced in
https://github.com/NixOS/nixpkgs/pull/333744 made different versions of
nixpkgs behave differently. If current nix-darwin is used with nixpkgs
before that change, labels end up having labels quoted twice
(see https://github.com/LnL7/nix-darwin/issues/1085), but without
changes from https://github.com/LnL7/nix-darwin/pull/1055, with new
nixpkgs, labels end up not quoted at all, and ShellCheck ends up
complaining that commas might have been used as array item separator
(see https://www.shellcheck.net/wiki/SC2054).

Use the old version of escapeShellArg to always escape the list of
labels and make nix-darwin work with both old and new versions of
nixpkgs.

Fixes https://github.com/LnL7/nix-darwin/issues/1085
2024-11-07 11:46:08 +01:00
Michael Hoang
79608947e2 buildkit-agents: don't use mkdir -p -m
As `cfg.dataDir` will be the `home` of the Buildkite Agent user, it is
guaranted to exist so we don't need to use the `-p` flag.
2024-11-07 17:31:22 +11:00
Michael Hoang
3b738c765d github-runner: replace mkdir -p -m with umask
`mkdir -p -m` only applies the mode on the deepest directory which could
be a security issue so we use umask to be more careful.
2024-11-07 17:31:22 +11:00
Michael Hoang
569153467b ofborg: automatically add ofborg to known{Users,Groups} 2024-11-07 11:41:51 +11:00
Emily
84d14d4043 prometheus-node-exporter: fix log permissions
The daemon won’t start as the assigned user doesn’t have
permissions to create the log file.
2024-11-05 03:00:55 +00:00
Emily
189d2d422c
Merge pull request #1129 from mweinelt/node-exporter
module: add prometheus-node-exporter service
2024-11-04 05:40:01 +00:00
Benoît de Chezelles
331fd8d3b5 karabiner-elements: allow use of custom package 2024-10-31 16:51:05 +01:00
Martin Weinelt
6c8d45fb20
module: add prometheus-node-exporter service 2024-10-31 02:08:34 +01:00
Ihar Hrachyshka
445c6bfc65 Add keepalive flag for emacs service 2024-10-26 13:05:25 -04:00
Nick Hu
7ebf95a73e
style fixes 2024-10-19 10:49:55 +01:00
Nick Hu
72e93853c2
module: add aerospace service 2024-10-16 22:50:44 +01:00
Michael Hoang
6347a9dcd1 skhd: add skhd to PATH 2024-10-14 17:18:08 +11:00
Michael Hoang
fd0e3ed30b
Merge pull request #794 from fesplugas/patch-1
fix: postgresql service initdb
2024-10-13 08:39:35 +11:00
Michael Hoang
8c8388ade7
Merge pull request #1095 from aspauldingcode/master
jankyborders service option order above or below
2024-10-04 09:48:17 +10:00
Michael Hoang
c266b57bbe
Merge pull request #1077 from rsrohitsingh682/add-netadata
feat: add netdata service
2024-10-04 09:44:43 +10:00
Rohit Singh
239d802869 netdata: add netdata service in nix-darwin. 2024-10-03 23:42:10 +05:30
Alex S.
5cd9995215
Update modules/services/jankyborders/default.nix
Co-authored-by: Michael Hoang <Enzime@users.noreply.github.com>
2024-10-02 10:38:08 -06:00
aspauldingcode
af95f7b7ec add JankyBorders option order and set below by default (values: above/below) 2024-10-01 17:47:30 -06:00
will
3d19b90fc7
fix: karabiner elements virtualhiddeviceclient
- command needed to be quoted
2024-09-28 15:13:31 +10:00
will
034c45dd0c
feat: use wait4path with script launchd option
addresses https://github.com/LnL7/nix-darwin/issues/1043

fix: use exec in launchd daemon config

fix: dont use a script thats in the nix store

fix: remove manual wait4path in linux-builder

fix: remove manual wait4path in karabiner elements

fix: remove manual wait4path in nix-daemon

fix: remove manual wait4path in nix-optimise

fix: remove manual wait4path in tailscaled

fix: autossh test

Revert "fix: remove manual wait4path in nix-daemon"

This reverts commit 6aec084fa5.

fix: remove bad exec

Reapply "fix: remove manual wait4path in nix-daemon"

This reverts commit c8f136ecc5.

fix: update autossh test

to reflect changes in f86e6133d9

fix: services-activate-system-changed-label-prefix test

fix: services-buildkite-agent test

fix: services-activate-system test

fix: escape ampersand

fix: services-lorri test

fix: services-nix-optimise test

fix: services-nix-gc test

refactor: use script rather than command in daemon

fix: use config.command for clarity

style: fix indentation

fix: use lib.getExe rather than directly pointing to file

revert: a87fc7bbbb

- mistaken refactor meant that service waited for nix store and not the relevant path
2024-09-22 15:30:21 +10:00
Sirio Balmelli
c334175319
nixos/github-runner: quote comma separators so as to pass shellcheck
Shellcheck complains:

       > args=(
       >      ^-- SC2054 (warning): Use spaces, not commas, to separate array elements.

Quote the --labels argument to resolve.

Signed-off-by: Sirio Balmelli <sirio@b-ad.ch>
2024-09-06 14:57:35 +02:00
Michael Hoang
dc8e1f4839 github-runners: move workDir outside of /run
As `/run` gets recreated every reboot and we can't specify dependencies
for launchd, creating the `workDir` every reboot will require extra
complexity with a separate daemon that runs as `root` otherwise it won't
have sufficient privileges.

As we clean the `workDir` when the service first starts anyway, it ends
up being the same.
2024-07-27 10:41:18 +10:00
Michael Hoang
5c8fb55182 Revert "github-runnners: fix workDir missing on reboot"
This reverts commit fe99aa9699.
2024-07-27 10:26:37 +10:00
Michael Hoang
fe99aa9699 github-runnners: fix workDir missing on reboot 2024-07-23 11:06:40 +10:00
Nikola Milojević
199cf34012
chore: removing deprecations for 25.05 nix 2024-07-22 13:37:17 +02:00
Emily
33bf7df5bb
Merge pull request #973 from amsynist/modules/services/jankyborders
module : `jankyborders` for window borders Configuration
2024-07-21 09:21:06 +01:00
Prav!n
fa0d64721f module: add jankyborders service
- Added the jankyborders service.
- Introduced changes for whitelist and blacklist options and assertions.
- emoved path reference from launchd argument.
- Corrected missing trailing newline in default.nix.
2024-07-21 02:54:45 +05:30
Henrique Goncalves
e2a85731a0
nextdns: fix argument handling 2024-07-08 16:36:31 -03:00
Nikola Milojević
e00896468a
chore: remove mkpackageoptionmd deprecation 2024-07-01 16:24:41 +02:00
Tyler Miller
861af0fc94
fix(launchd): improve StartCalendarInterval
Stricter launchd -> StartCalendarInterval type:

- Verify that the integers passed to `Minute`, `Hour`, etc. are within
  range.

- When provided, the value for StartCalendarInterval must be a non-empty
  list of calendar intervals and must not contain duplicates entries
  (throw an error otherwise).

- For increased flexibility and backwards-compatibility, allow an
  attrset to be passed as well (which will be type-checked and is
  functionally equivalent to passing a singleton list). Allowing an
  attrset or list is precisely in-line with what `launchd.plist(5)`
  accepts for StartCalendarInterval.

Migrate `nix.gc.interval` and `nix.optimise.interval` over to use this
new type, and update their defaults to run weekly instead of daily.

Create `modules/launchd/types.nix` file for easier/modular use of
launchd types needed in multiple files.

Documentation:

- Update and improve wording/documentation of launchd's
  `StartCalendarInterval`.

- Improve wording/documentation of `nix.gc.interval` and
  `nix.optimise.interval` ("time interval" can be misleading as it's
  actually a "calendar interval"; e.g. `{ Hour = 3; Minute = 15;}`
  runs daily, not every 3.25 hours).
2024-06-09 11:20:15 -07:00
zowoq
251eaabfa0 hercules-ci-agent: fix crash calling security
this applies the same fix that was used for the cachix agent in e043606b50
2024-05-21 23:16:46 +10:00
Sander
e043606b50
cachix-agent: fix crash calling security
One of cachix-agent's dependencies, `hs-certificate`, makes calls to
`security`. This lives in `/usr/bin`, which isn't available from
launchd. This commit makes the system paths available to cachix-agent.

Fixes #924.
2024-05-16 18:04:33 +04:00
zowoq
ec06ea8837 nix-daemon: increase SoftResourceLimits.NumberOfFiles
1048576 matches the nixos/nix plist

e3a4e40a35/misc/launchd/org.nixos.nix-daemon.plist.in (L29)
2024-04-24 16:03:49 +10:00
Weijia Wang
def1e23be8 treewide: remove lib.mdDoc 2024-04-19 04:05:50 +02:00
Malo Bourgon
398510f601 Add nix.optimise module 2024-03-27 12:50:04 -07:00
Michael Hoang
c7ae5dc969
Merge pull request #725 from mitchmindtree/trezord 2024-03-13 02:00:15 +11:00
Michael Hoang
1032f0963f
Merge pull request #767 from jmmaloney4/master
a few fixes for ipfs module
2024-03-04 16:23:30 +11:00
Vincent Haupert
06f5dab065 github-runners: adapt to NixOS module
While #859 added basic support for configuring GitHub runners through
nix-darwin, it did not yet support all of the options the NixOS module
offers.

I am aware that this is a rather big overhaul. I think, however, that
it's worth it:

- Copies the `options.nix` from the [NixOS module] with only minor
  adaptations. This should help to keep track of any changes to it.
- Respect the `workDir` config option. So far, the implementation didn't
  even read the value of the option.
- Allow configuring a custom user and group.
  If both are `null`, nix-darwin manages the `_github-runner` user
  shared among all instances. Take care of creating your own users if
  that's not what you want.
- Also creates the necessary directories for state, logs and the working
  directory (unless `workDir != null`). It uses the following locations:
    * state: `/var/lib/github-runners/${name}`
    * logs: `/var/log/github-runners/${name}`
    * work: The value of `workDir` or `/var/run/github-runners/${name}`
            if (`workDir == null`).
  We have to create the logs directory before starting the service since
  launchd expects that the `Standard{Error,Out}Path` exist. We do this
  by prepending to [`system.activationScripts.launchd.text`].
  All directories belong to the configured `user` and `group`.
- Warn if a `tokenFile` points to the Nix store.

[NixOS module]: https://github.com/NixOS/nixpkgs/blob/3c30c56/nixos/modules/services/continuous-integration/github-runner/options.nix
[`system.activationScripts.launchd.text`]: https://github.com/LnL7/nix-darwin/blob/bbde06b/modules/system/launchd.nix#L99-L123
2024-02-28 09:40:25 +01:00
Domen Kožar
0e6857fa1d
Merge pull request #859 from yaxitech/github-runner
github-runners: init module
2024-02-18 04:48:38 +00:00
Nikodem Rabuliński
4363d3b42f
services/yabai: Remove IFD
enableScriptingAddition no longer triggers IFD
by using runCommand to generate sudoers.d/yabai,
instead of builtins.hashFile and interpolating the string in nix.
2024-02-01 23:06:13 +01:00
Michael Hoang
91b9daf672
Merge pull request #780 from kalbasit/update_yabai_sa_script
services/yabai: Remove --check-sa and --install-sa flags
2024-01-30 12:32:45 +10:00
Vincent Haupert
21b92addaf github-runners: init module
Adds a new module which allows to configure multiple GitHub self-hosted
runners on Darwin. The module is heavily inspired by the nixpkgs NixOS
module. Its implementation differs in some ways:

- There's currently no way to configure the user/group which runs the
  runner. All configured runners share the same user and group.
- No automatic cleanup.
- No advanced sandboxing apart from user/group isolation
2024-01-22 10:27:11 +01:00
Francesc Esplugas
b2dff2033d fix: initdb missing data area directory
Use `PGDATA` environment variable instead of `-D` to maintain
consistency with NixOS module.

Co-Authored-By: Michael Hoang <enzime@users.noreply.github.com>
2023-11-23 11:00:33 +11:00
Richard Huang
892482250c
[yabai] Configure scripting addition
Allow admins to execute `yabai --load-sa` as the root user without
having to enter a password
2023-11-18 21:01:01 -08:00
Yacine Hmito
4fa7b5cdd1 Add security.pki.installCACerts config
Made is possible to disable the management of
/etc/ssl/certs/ca-certificates.crt by Nix darwin.
2023-11-11 12:36:28 +01:00
Wael M. Nasreddine
30311b6f90
services/yabai: Remove --check-sa and --install-sa flags
The --check-sa and --install-sa flags were removed in favor of
--load-sa as of version 5.0.0 of Yabai.

ee0137f37d/CHANGELOG.md (L83)
2023-09-14 09:01:04 -07:00
Jack Maloney
8e102a9991
a few fixes for ipfs module 2023-08-30 09:15:29 -05:00