|
39 | 39 | inherit system; |
40 | 40 | pkgs = pkgsFor system; |
41 | 41 | }); |
42 | | - |
43 | | - # Stronger than mkDefault (1000), weaker than mkForce (50) and the "default override priority" |
44 | | - # (100). |
45 | | - mkPreferable = inputs.nixpkgs.lib.mkOverride 750; |
46 | | - |
47 | | - # Stronger than the "default override priority", as the upstream module uses that, and weaker than mkForce (50). |
48 | | - mkMorePreferable = inputs.nixpkgs.lib.mkOverride 75; |
49 | | - |
50 | | - # Common settings that are shared between NixOS and nix-darwin modules. |
51 | | - # The settings configured in this module must be generally settable by users both trusted and |
52 | | - # untrusted by the Nix daemon. Settings that require being a trusted user belong in the |
53 | | - # `restrictedSettingsModule` below. |
54 | | - commonSettingsModule = { config, pkgs, lib, ... }: { |
55 | | - nix.package = inputs.nix.packages."${pkgs.stdenv.system}".default; |
56 | | - |
57 | | - nix.registry.nixpkgs = { |
58 | | - exact = true; |
59 | | - |
60 | | - from = { |
61 | | - type = "indirect"; |
62 | | - id = "nixpkgs"; |
63 | | - }; |
64 | | - |
65 | | - # NOTE(cole-h): The NixOS module exposes a `flake` option that is a fancy wrapper around |
66 | | - # setting `to` -- we don't want to clobber this if users have set it on their own |
67 | | - to = lib.mkIf (config.nix.registry.nixpkgs.flake or null == null) (mkPreferable { |
68 | | - type = "tarball"; |
69 | | - url = "https://flakehub.com/f/DeterminateSystems/nixpkgs-weekly/0.1.0.tar.gz"; |
70 | | - }); |
71 | | - }; |
72 | | - |
73 | | - nix.settings = { |
74 | | - bash-prompt-prefix = "(nix:$name)\\040"; |
75 | | - extra-experimental-features = [ "nix-command" "flakes" ]; |
76 | | - extra-nix-path = [ "nixpkgs=flake:nixpkgs" ]; |
77 | | - extra-substituters = [ "https://cache.flakehub.com" ]; |
78 | | - }; |
79 | | - }; |
80 | | - |
81 | | - # Restricted settings that are shared between NixOS and nix-darwin modules. |
82 | | - # The settings configured in this module require being a user trusted by the Nix daemon. |
83 | | - restrictedSettingsModule = { ... }: { |
84 | | - nix.settings = restrictedNixSettings; |
85 | | - }; |
86 | | - |
87 | | - # Nix settings that require being a trusted user to configure. |
88 | | - restrictedNixSettings = { |
89 | | - always-allow-substitutes = true; |
90 | | - netrc-file = "/nix/var/determinate/netrc"; |
91 | | - upgrade-nix-store-path-url = "https://install.determinate.systems/nix-upgrade/stable/universal"; |
92 | | - extra-trusted-public-keys = [ |
93 | | - "cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM=" |
94 | | - "cache.flakehub.com-4:Asi8qIv291s0aYLyH6IOnr5Kf6+OF14WVjkE6t3xMio=" |
95 | | - "cache.flakehub.com-5:zB96CRlL7tiPtzA9/WKyPkp3A2vqxqgdgyTVNGShPDU=" |
96 | | - "cache.flakehub.com-6:W4EGFwAGgBj3he7c5fNh9NkOXw0PUVaxygCVKeuvaqU=" |
97 | | - "cache.flakehub.com-7:mvxJ2DZVHn/kRxlIaxYNMuDG1OvMckZu32um1TadOR8=" |
98 | | - "cache.flakehub.com-8:moO+OVS0mnTjBTcOUh2kYLQEd59ExzyoW1QgQ8XAARQ=" |
99 | | - "cache.flakehub.com-9:wChaSeTI6TeCuV/Sg2513ZIM9i0qJaYsF+lZCXg0J6o=" |
100 | | - "cache.flakehub.com-10:2GqeNlIp6AKp4EF2MVbE1kBOp9iBSyo0UPR9KoR0o1Y=" |
101 | | - ]; |
102 | | - }; |
103 | 42 | in |
104 | 43 | { |
105 | 44 | packages = forAllSystems ({ system, pkgs, ... }: { |
|
127 | 66 | }; |
128 | 67 | }); |
129 | 68 |
|
130 | | - darwinModules.default = { lib, config, pkgs, ... }: { |
131 | | - imports = [ |
132 | | - commonSettingsModule |
133 | | - restrictedSettingsModule |
134 | | - ]; |
135 | | - |
136 | | - config = { |
137 | | - # Make Nix use the Nix daemon |
138 | | - nix.useDaemon = true; |
139 | | - |
140 | | - # Make sure that the user can't enable the nix-daemon in their own nix-darwin config |
141 | | - services.nix-daemon.enable = lib.mkForce false; |
142 | | - |
143 | | - system.activationScripts.nix-daemon = lib.mkForce { enable = false; text = ""; }; |
144 | | - system.activationScripts.launchd.text = lib.mkBefore '' |
145 | | - if test -e /Library/LaunchDaemons/org.nixos.nix-daemon.plist; then |
146 | | - echo "Unloading org.nixos.nix-daemon" |
147 | | - launchctl bootout system /Library/LaunchDaemons/org.nixos.nix-daemon.plist || true |
148 | | - mv /Library/LaunchDaemons/org.nixos.nix-daemon.plist /Library/LaunchDaemons/.before-determinate-nixd.org.nixos.nix-daemon.plist.skip |
149 | | - fi |
150 | | -
|
151 | | - if test -e /Library/LaunchDaemons/org.nixos.darwin-store.plist; then |
152 | | - echo "Unloading org.nixos.darwin-store" |
153 | | - launchctl bootout system /Library/LaunchDaemons/org.nixos.darwin-store.plist || true |
154 | | - mv /Library/LaunchDaemons/org.nixos.darwin-store.plist /Library/LaunchDaemons/.before-determinate-nixd.org.nixos.darwin-store.plist.skip |
155 | | - fi |
156 | | -
|
157 | | - install -d -m 755 -o root -g wheel /usr/local/bin |
158 | | - cp ${self.packages.${pkgs.stdenv.system}.default}/bin/determinate-nixd /usr/local/bin/.determinate-nixd.next |
159 | | - chmod +x /usr/local/bin/.determinate-nixd.next |
160 | | - mv /usr/local/bin/.determinate-nixd.next /usr/local/bin/determinate-nixd |
161 | | - ''; |
162 | | - |
163 | | - launchd.daemons.determinate-nixd-store.serviceConfig = { |
164 | | - Label = "systems.determinate.nix-store"; |
165 | | - RunAtLoad = true; |
166 | | - |
167 | | - StandardErrorPath = lib.mkForce "/var/log/determinate-nix-init.log"; |
168 | | - StandardOutPath = lib.mkForce "/var/log/determinate-nix-init.log"; |
169 | | - |
170 | | - ProgramArguments = lib.mkForce [ |
171 | | - "/usr/local/bin/determinate-nixd" |
172 | | - "--nix-bin" |
173 | | - "${config.nix.package}/bin" |
174 | | - "init" |
175 | | - ]; |
176 | | - }; |
177 | | - |
178 | | - launchd.daemons.determinate-nixd.serviceConfig = { |
179 | | - Label = "systems.determinate.nix-daemon"; |
180 | | - |
181 | | - StandardErrorPath = lib.mkForce "/var/log/determinate-nix-daemon.log"; |
182 | | - StandardOutPath = lib.mkForce "/var/log/determinate-nix-daemon.log"; |
183 | | - |
184 | | - ProgramArguments = lib.mkForce [ |
185 | | - "/usr/local/bin/determinate-nixd" |
186 | | - "--nix-bin" |
187 | | - "${config.nix.package}/bin" |
188 | | - "daemon" |
189 | | - ]; |
190 | | - |
191 | | - Sockets = { |
192 | | - "determinate-nixd.socket" = { |
193 | | - # We'd set `SockFamily = "Unix";`, but nix-darwin automatically sets it with SockPathName |
194 | | - SockPassive = true; |
195 | | - SockPathName = "/var/run/determinate-nixd.socket"; |
196 | | - }; |
197 | | - |
198 | | - "nix-daemon.socket" = { |
199 | | - # We'd set `SockFamily = "Unix";`, but nix-darwin automatically sets it with SockPathName |
200 | | - SockPassive = true; |
201 | | - SockPathName = "/var/run/nix-daemon.socket"; |
202 | | - }; |
203 | | - }; |
204 | | - |
205 | | - SoftResourceLimits = { |
206 | | - NumberOfFiles = mkPreferable 1048576; |
207 | | - NumberOfProcesses = mkPreferable 1048576; |
208 | | - Stack = mkPreferable 67108864; |
209 | | - }; |
210 | | - HardResourceLimits = { |
211 | | - NumberOfFiles = mkPreferable 1048576; |
212 | | - NumberOfProcesses = mkPreferable 1048576; |
213 | | - Stack = mkPreferable 67108864; |
214 | | - }; |
215 | | - }; |
216 | | - }; |
217 | | - }; |
| 69 | + darwinModules.default = import ./modules/nix-darwin.nix inputs; |
218 | 70 |
|
219 | | - |
220 | | - nixosModules.default = { lib, pkgs, config, ... }: { |
221 | | - imports = [ |
222 | | - commonSettingsModule |
223 | | - restrictedSettingsModule |
224 | | - ]; |
225 | | - |
226 | | - config = { |
227 | | - environment.systemPackages = [ |
228 | | - self.packages.${pkgs.stdenv.system}.default |
229 | | - ]; |
230 | | - |
231 | | - systemd.services.nix-daemon.serviceConfig = { |
232 | | - ExecStart = [ |
233 | | - "" |
234 | | - "@${self.packages.${pkgs.stdenv.system}.default}/bin/determinate-nixd determinate-nixd --nix-bin ${config.nix.package}/bin daemon" |
235 | | - ]; |
236 | | - KillMode = mkPreferable "process"; |
237 | | - LimitNOFILE = mkMorePreferable 1048576; |
238 | | - LimitSTACK = mkPreferable "64M"; |
239 | | - TasksMax = mkPreferable 1048576; |
240 | | - }; |
241 | | - |
242 | | - systemd.sockets.nix-daemon.socketConfig.FileDescriptorName = "nix-daemon.socket"; |
243 | | - systemd.sockets.determinate-nixd = { |
244 | | - description = "Determinate Nixd Daemon Socket"; |
245 | | - wantedBy = [ "sockets.target" ]; |
246 | | - before = [ "multi-user.target" ]; |
247 | | - |
248 | | - unitConfig = { |
249 | | - RequiresMountsFor = [ "/nix/store" "/nix/var/determinate" ]; |
250 | | - }; |
251 | | - |
252 | | - socketConfig = { |
253 | | - Service = "nix-daemon.service"; |
254 | | - FileDescriptorName = "determinate-nixd.socket"; |
255 | | - ListenStream = "/nix/var/determinate/determinate-nixd.socket"; |
256 | | - DirectoryMode = "0755"; |
257 | | - }; |
258 | | - }; |
259 | | - }; |
260 | | - }; |
| 71 | + nixosModules.default = import ./modules/nixos.nix inputs; |
261 | 72 | }; |
262 | 73 | } |
0 commit comments