Graham/fh 638 determinate nix in nix installer

.github/workflows/propose-release.yml

@@ -7,7 +7,7 @@ on:
       version:
         type: string
         required: true
-      nix-version:
+      determinate-nix-version:
         type: string
         required: true
 
@@ -35,6 +35,6 @@ jobs:
         done
         git commit -m "Update test fixtures with the new nix-installer version" || true
 
-        sed -i 's#https://flakehub.com/f/DeterminateSystems/nix/=.*";#https://flakehub.com/f/DeterminateSystems/nix/=${{ inputs.nix-version }}";#' ./flake.nix
+        sed -i 's#https://flakehub.com/f/DeterminateSystems/nix-src/=.*";#https://flakehub.com/f/DeterminateSystems/nix-src/=${{ inputs.determinate-nix-version }}";#' ./flake.nix
         git add flake.nix
-        git commit -m "Update Nix release to ${{ inputs.nix-version }}" || true
+        git commit -m "Update Determinate Nix release to ${{ inputs.determinate-nix-version }}" || true

flake.nix

@@ -7,7 +7,7 @@
     crane.url = "github:ipetkov/crane/v0.20.0";
 
     nix = {
-      url = "https://flakehub.com/f/DeterminateSystems/nix/=2.26.2";
+      url = "https://flakehub.com/f/DeterminateSystems/nix-src/*";
       # Omitting `inputs.nixpkgs.follows = "nixpkgs";` on purpose
     };
 
@@ -49,7 +49,7 @@
 
       nixTarballs = forAllSystems ({ system, ... }:
         inputs.nix.tarballs_direct.${system}
-          or "${inputs.nix.checks."${system}".binaryTarball}/nix-${inputs.nix.packages."${system}".default.version}-${system}.tar.xz");
+          or "${inputs.nix.packages."${system}".binaryTarball}/nix-${inputs.nix.packages."${system}".default.version}-${system}.tar.xz");
 
       optionalPathToDeterminateNixd = system: if builtins.elem system systemsSupportedByDeterminateNixd then "${inputs.determinate.packages.${system}.default}/bin/determinate-nixd" else null;
 
@@ -89,7 +89,8 @@
 
           env = sharedAttrs.env // {
             RUSTFLAGS = "--cfg tokio_unstable";
-            NIX_INSTALLER_TARBALL_PATH = nixTarballs.${stdenv.hostPlatform.system};
+            NIX_TARBALL_URL = "https://releases.nixos.org/nix/nix-2.26.2/nix-2.26.2-${pkgs.stdenv.hostPlatform.system}.tar.xz";
+            DETERMINATE_NIX_TARBALL_PATH = nixTarballs.${stdenv.hostPlatform.system};
             DETERMINATE_NIXD_BINARY_PATH = optionalPathToDeterminateNixd stdenv.hostPlatform.system;
           };
         });
@@ -109,7 +110,8 @@
             name = "nix-install-shell";
 
             RUST_SRC_PATH = "${pkgs.rustPlatform.rustcSrc}/library";
-            NIX_INSTALLER_TARBALL_PATH = nixTarballs.${system};
+            NIX_TARBALL_URL = "https://releases.nixos.org/nix/nix-2.26.2/nix-2.26.2-${pkgs.stdenv.hostPlatform.system}.tar.xz";
+            DETERMINATE_NIX_TARBALL_PATH = nixTarballs.${system};
             DETERMINATE_NIXD_BINARY_PATH = optionalPathToDeterminateNixd system;
 
             nativeBuildInputs = with pkgs; [ ];

src/action/base/fetch_and_unpack_nix.rs

@@ -6,6 +6,7 @@ use tracing::{span, Span};
 
 use crate::{
     action::{Action, ActionDescription, ActionError, ActionErrorKind, ActionTag, StatefulAction},
+    distribution::{Distribution, TarballLocation},
     parse_ssl_cert,
     settings::UrlOrPath,
     util::OnMissing,
@@ -17,6 +18,7 @@ Fetch a URL to the given path
 #[derive(Debug, serde::Deserialize, serde::Serialize, Clone)]
 #[serde(tag = "action_name", rename = "fetch_and_unpack_nix")]
 pub struct FetchAndUnpackNix {
+    distribution: Distribution,
     url_or_path: Option<UrlOrPath>,
     dest: PathBuf,
     proxy: Option<Url>,
@@ -26,6 +28,7 @@ pub struct FetchAndUnpackNix {
 impl FetchAndUnpackNix {
     #[tracing::instrument(level = "debug", skip_all)]
     pub async fn plan(
+        distribution: Distribution,
         url_or_path: Option<UrlOrPath>,
         dest: PathBuf,
         proxy: Option<Url>,
@@ -53,6 +56,7 @@ impl FetchAndUnpackNix {
         }
 
         Ok(Self {
+            distribution,
             url_or_path,
             dest,
             proxy,
@@ -69,13 +73,17 @@ impl Action for FetchAndUnpackNix {
         ActionTag("fetch_and_unpack_nix")
     }
     fn tracing_synopsis(&self) -> String {
-        if let Some(ref url_or_path) = self.url_or_path {
-            format!("Fetch `{}` to `{}`", url_or_path, self.dest.display())
-        } else {
-            format!(
-                "Extract the bundled Nix (originally from {})",
-                crate::settings::NIX_TARBALL_PATH
-            )
+        match self.distribution.tarball_location_or(&self.url_or_path) {
+            TarballLocation::UrlOrPath(uop) => {
+                format!("Fetch `{}` to `{}`", uop, self.dest.display())
+            },
+            TarballLocation::InMemory(from, _) => {
+                format!(
+                    "Extract the bundled Nix (originally from {}) to `{}`",
+                    from,
+                    self.dest.display()
+                )
+            },
         }
     }
 
@@ -106,9 +114,9 @@ impl Action for FetchAndUnpackNix {
 
     #[tracing::instrument(level = "debug", skip_all)]
     async fn execute(&mut self) -> Result<(), ActionError> {
-        let bytes = match &self.url_or_path {
-            &None => Bytes::from(crate::settings::NIX_TARBALL),
-            Some(UrlOrPath::Url(url)) => {
+        let bytes = match self.distribution.tarball_location_or(&self.url_or_path) {
+            TarballLocation::InMemory(_, bytes) => Bytes::from(bytes),
+            TarballLocation::UrlOrPath(UrlOrPath::Url(url)) => {
                 let bytes = match url.scheme() {
                     "https" | "http" => {
                         let mut buildable_client = reqwest::Client::builder();
@@ -154,10 +162,10 @@ impl Action for FetchAndUnpackNix {
                 };
                 bytes
             },
-            Some(UrlOrPath::Path(path)) => {
-                let buf = tokio::fs::read(path)
+            TarballLocation::UrlOrPath(UrlOrPath::Path(path)) => {
+                let buf = tokio::fs::read(&path)
                     .await
-                    .map_err(|e| ActionErrorKind::Read(PathBuf::from(path), e))
+                    .map_err(|e| ActionErrorKind::Read(path, e))
                     .map_err(Self::error)?;
                 Bytes::from(buf)
             },

src/action/common/configure_nix.rs

@@ -54,7 +54,7 @@ impl ConfigureNix {
                     settings.ssl_cert_file.clone(),
                     settings.extra_conf.clone(),
                     settings.force,
-                    settings.determinate_nix,
+                    settings.distribution(),
                 )
                 .await
                 .map_err(Self::error)?,

src/action/common/place_nix_configuration.rs

@@ -9,6 +9,7 @@ use crate::action::base::{CreateDirectory, CreateOrMergeNixConfig};
 use crate::action::{
     Action, ActionDescription, ActionError, ActionErrorKind, ActionTag, StatefulAction,
 };
+use crate::distribution::Distribution;
 use crate::parse_ssl_cert;
 use crate::settings::UrlOrPathOrString;
 use std::path::PathBuf;
@@ -46,7 +47,7 @@ impl PlaceNixConfiguration {
         ssl_cert_file: Option<PathBuf>,
         extra_conf: Vec<UrlOrPathOrString>,
         force: bool,
-        determinate_nix: bool,
+        distribution: Distribution,
     ) -> Result<StatefulAction<Self>, ActionError> {
         let extra_conf = Self::parse_extra_conf(proxy, ssl_cert_file.as_ref(), extra_conf).await?;
 
@@ -55,14 +56,14 @@ impl PlaceNixConfiguration {
             target_lexicon::OperatingSystem::MacOSX { .. }
                 | target_lexicon::OperatingSystem::Darwin
         );
-        let configured_ssl_cert_file = if determinate_nix && is_macos {
+        let configured_ssl_cert_file = if distribution == Distribution::DeterminateNix && is_macos {
             // On macOS, determinate-nixd will handle configuring the ssl-cert-file option for Nix
             None
         } else {
             ssl_cert_file
         };
 
-        let standard_nix_config = if !determinate_nix {
+        let standard_nix_config = if distribution != Distribution::DeterminateNix {
             let maybe_trusted_users = extra_conf.settings().get(TRUSTED_USERS_CONF_NAME);
 
             Some(Self::setup_standard_config(maybe_trusted_users).await?)

src/action/common/provision_determinate_nixd.rs

@@ -23,7 +23,7 @@ pub struct ProvisionDeterminateNixd {
 impl ProvisionDeterminateNixd {
     #[tracing::instrument(level = "debug", skip_all)]
     pub async fn plan() -> Result<StatefulAction<Self>, ActionError> {
-        crate::settings::DETERMINATE_NIXD_BINARY
+        crate::distribution::DETERMINATE_NIXD_BINARY
             .ok_or_else(|| Self::error(ActionErrorKind::DeterminateNixUnavailable))?;
 
         let this = Self {
@@ -61,7 +61,7 @@ impl Action for ProvisionDeterminateNixd {
 
     #[tracing::instrument(level = "debug", skip_all)]
     async fn execute(&mut self) -> Result<(), ActionError> {
-        let bytes = crate::settings::DETERMINATE_NIXD_BINARY
+        let bytes = crate::distribution::DETERMINATE_NIXD_BINARY
             .ok_or_else(|| Self::error(ActionErrorKind::DeterminateNixUnavailable))?;
 
         crate::util::remove_file(&self.binary_location, OnMissing::Ignore)

src/action/common/provision_nix.rs

@@ -30,6 +30,7 @@ impl ProvisionNix {
     #[tracing::instrument(level = "debug", skip_all)]
     pub async fn plan(settings: &CommonSettings) -> Result<StatefulAction<Self>, ActionError> {
         let fetch_nix = FetchAndUnpackNix::plan(
+            settings.distribution(),
             settings.nix_package_url.clone(),
             PathBuf::from(SCRATCH_DIR),
             settings.proxy.clone(),

src/action/macos/create_determinate_nix_volume.rs

@@ -7,9 +7,6 @@ use tokio::process::Command;
 use tracing::{span, Span};
 
 use super::{create_fstab_entry::CreateFstabEntry, DARWIN_LAUNCHD_DOMAIN};
-use crate::action::macos::{
-    BootstrapLaunchctlService, CreateDeterminateVolumeService, KickstartLaunchctlService,
-};
 use crate::action::{
     base::{create_or_insert_into_file, CreateDirectory, CreateOrInsertIntoFile},
     common::place_nix_configuration::NIX_CONF_FOLDER,
@@ -19,6 +16,12 @@ use crate::action::{
     },
     Action, ActionDescription, ActionError, ActionErrorKind, ActionTag, StatefulAction,
 };
+use crate::{
+    action::macos::{
+        BootstrapLaunchctlService, CreateDeterminateVolumeService, KickstartLaunchctlService,
+    },
+    distribution::Distribution,
+};
 
 pub const VOLUME_MOUNT_SERVICE_NAME: &str = "systems.determinate.nix-store";
 pub const VOLUME_MOUNT_SERVICE_DEST: &str =
@@ -90,7 +93,9 @@ impl CreateDeterminateNixVolume {
             .await
             .map_err(Self::error)?;
 
-        let encrypt_volume = EncryptApfsVolume::plan(true, disk, &name, &create_volume).await?;
+        let encrypt_volume =
+            EncryptApfsVolume::plan(Distribution::DeterminateNix, disk, &name, &create_volume)
+                .await?;
 
         let setup_volume_daemon = CreateDeterminateVolumeService::plan(
             VOLUME_MOUNT_SERVICE_DEST,

src/action/macos/create_nix_volume.rs

@@ -1,10 +1,13 @@
-use crate::action::{
-    base::{create_or_insert_into_file, CreateOrInsertIntoFile},
-    macos::{
-        BootstrapLaunchctlService, CreateApfsVolume, CreateSyntheticObjects, EnableOwnership,
-        EncryptApfsVolume, UnmountApfsVolume,
+use crate::{
+    action::{
+        base::{create_or_insert_into_file, CreateOrInsertIntoFile},
+        macos::{
+            BootstrapLaunchctlService, CreateApfsVolume, CreateSyntheticObjects, EnableOwnership,
+            EncryptApfsVolume, UnmountApfsVolume,
+        },
+        Action, ActionDescription, ActionError, ActionErrorKind, ActionTag, StatefulAction,
     },
-    Action, ActionDescription, ActionError, ActionErrorKind, ActionTag, StatefulAction,
+    distribution::Distribution,
 };
 use std::{
     path::{Path, PathBuf},
@@ -48,6 +51,7 @@ impl CreateNixVolume {
         name: String,
         case_sensitive: bool,
         encrypt: bool,
+        distribution: Distribution,
     ) -> Result<StatefulAction<Self>, ActionError> {
         let disk = disk.as_ref();
         let create_or_append_synthetic_conf = CreateOrInsertIntoFile::plan(
@@ -82,7 +86,7 @@ impl CreateNixVolume {
             .map_err(Self::error)?;
 
         let encrypt_volume = if encrypt {
-            Some(EncryptApfsVolume::plan(false, disk, &name, &create_volume).await?)
+            Some(EncryptApfsVolume::plan(distribution, disk, &name, &create_volume).await?)
         } else {
             None
         };