Shellcheck complains:
> args=(
> ^-- SC2054 (warning): Use spaces, not commas, to separate array elements.
Quote the --labels argument to resolve.
Signed-off-by: Sirio Balmelli <sirio@b-ad.ch>
As `/run` gets recreated every reboot and we can't specify dependencies
for launchd, creating the `workDir` every reboot will require extra
complexity with a separate daemon that runs as `root` otherwise it won't
have sufficient privileges.
As we clean the `workDir` when the service first starts anyway, it ends
up being the same.
- Added the jankyborders service.
- Introduced changes for whitelist and blacklist options and assertions.
- emoved path reference from launchd argument.
- Corrected missing trailing newline in default.nix.
Stricter launchd -> StartCalendarInterval type:
- Verify that the integers passed to `Minute`, `Hour`, etc. are within
range.
- When provided, the value for StartCalendarInterval must be a non-empty
list of calendar intervals and must not contain duplicates entries
(throw an error otherwise).
- For increased flexibility and backwards-compatibility, allow an
attrset to be passed as well (which will be type-checked and is
functionally equivalent to passing a singleton list). Allowing an
attrset or list is precisely in-line with what `launchd.plist(5)`
accepts for StartCalendarInterval.
Migrate `nix.gc.interval` and `nix.optimise.interval` over to use this
new type, and update their defaults to run weekly instead of daily.
Create `modules/launchd/types.nix` file for easier/modular use of
launchd types needed in multiple files.
Documentation:
- Update and improve wording/documentation of launchd's
`StartCalendarInterval`.
- Improve wording/documentation of `nix.gc.interval` and
`nix.optimise.interval` ("time interval" can be misleading as it's
actually a "calendar interval"; e.g. `{ Hour = 3; Minute = 15;}`
runs daily, not every 3.25 hours).
One of cachix-agent's dependencies, `hs-certificate`, makes calls to
`security`. This lives in `/usr/bin`, which isn't available from
launchd. This commit makes the system paths available to cachix-agent.
Fixes#924.
While #859 added basic support for configuring GitHub runners through
nix-darwin, it did not yet support all of the options the NixOS module
offers.
I am aware that this is a rather big overhaul. I think, however, that
it's worth it:
- Copies the `options.nix` from the [NixOS module] with only minor
adaptations. This should help to keep track of any changes to it.
- Respect the `workDir` config option. So far, the implementation didn't
even read the value of the option.
- Allow configuring a custom user and group.
If both are `null`, nix-darwin manages the `_github-runner` user
shared among all instances. Take care of creating your own users if
that's not what you want.
- Also creates the necessary directories for state, logs and the working
directory (unless `workDir != null`). It uses the following locations:
* state: `/var/lib/github-runners/${name}`
* logs: `/var/log/github-runners/${name}`
* work: The value of `workDir` or `/var/run/github-runners/${name}`
if (`workDir == null`).
We have to create the logs directory before starting the service since
launchd expects that the `Standard{Error,Out}Path` exist. We do this
by prepending to [`system.activationScripts.launchd.text`].
All directories belong to the configured `user` and `group`.
- Warn if a `tokenFile` points to the Nix store.
[NixOS module]: https://github.com/NixOS/nixpkgs/blob/3c30c56/nixos/modules/services/continuous-integration/github-runner/options.nix
[`system.activationScripts.launchd.text`]: https://github.com/LnL7/nix-darwin/blob/bbde06b/modules/system/launchd.nix#L99-L123
enableScriptingAddition no longer triggers IFD
by using runCommand to generate sudoers.d/yabai,
instead of builtins.hashFile and interpolating the string in nix.
Adds a new module which allows to configure multiple GitHub self-hosted
runners on Darwin. The module is heavily inspired by the nixpkgs NixOS
module. Its implementation differs in some ways:
- There's currently no way to configure the user/group which runs the
runner. All configured runners share the same user and group.
- No automatic cleanup.
- No advanced sandboxing apart from user/group isolation
`mkEnableOption` wraps its argument in a complete sentence with a
terminating full stop; an additional newline will add an incorrect
space before the end of the sentence in the rendered documentation,
and any additional verbiage that doesn't fit into the form "Whether to
enable [...]." is also incorrect. In the latter case, the description
can be overridden manually.
This adds a small module for configuring the trezor-bridge service,
trezord. This service enables users to interact with their Trezor
hardware wallet through the trezor suite web interface, or to use the
device for U2F auth, SSH login, GPG or password mgmt.
https://trezor.io/learn/a/what-is-trezor-bridge
The options were copied directly from the nixos service module here:
9d6e454b85/nixos/modules/services/hardware/trezord.nix (L16)
The implementation was adapted from the nixos module's systemd service
to a launchd user agent.
Tested successfully locally on an Air M2.
This process was automated by [my fork of `nix-doc-munge`]; thanks
to @pennae for writing this tool! It automatically checks that the
resulting documentation doesn't change, although my fork loosens
this a little to ignore some irrelevant whitespace and typographical
differences.
As of this commit there is no DocBook remaining in the options
documentation.
You can play along at home if you want to reproduce this commit:
$ NIX_PATH=nixpkgs=flake:nixpkgs/c1bca7fe84c646cfd4ebf3482c0e6317a0b13f22 \
nix shell nixpkgs#coreutils \
-c find . -name '*.nix' \
-exec nix run github:emilazy/nix-doc-munge/0a7190f600027bf7baf6cb7139e4d69ac2f51062 \
{} +
[my fork of `nix-doc-munge`]: https://github.com/emilazy/nix-doc-munge
These all use DocBook markup too complex for `nix-doc-munge` to handle,
have syntax that clashes with Markdown, or already contain Markdown
syntax that currently isn't rendering correctly.
Converting DocBook list syntax makes me think that maybe Markdown
isn't so bad after all.
These help `nix-munge-doc` automate more of the Markdown conversion
process. See the following nixpkgs commits for explanations of many
of these changes:
* 275a34e0d8
* 694d5b19d3
* f1d39b6d61
* 16102dce2f
I couldn't think of any particularly good way to format the
`system.defaults` breadcrumbs, so I just made them standalone
paragraphs. They weren't rendering correctly in DocBook anyway.
