feat(darwin): add nix-darwin host and linux-builder for NixOS tests

Running NixOS tests on macOS requires a Linux VM capable of building
NixOS VMs. This adds a nix-darwin configuration that provisions an
ephemeral QEMU linux-builder with support for aarch64-linux and
x86_64-linux builds.

Usage:

    nix run github:supabase/postgres#setup-darwin-linux-builder

Enables running NixOS integration tests from macOS development machines
(see #1989).

Author: jfroche

flake.lock

@@ -11,6 +11,7 @@
     flake-utils.url = "github:numtide/flake-utils";
     git-hooks.inputs.nixpkgs.follows = "nixpkgs";
     git-hooks.url = "github:cachix/git-hooks.nix";
+    nix-darwin.url = "github:nix-darwin/nix-darwin";
     nix-editor.inputs.nixpkgs.follows = "nixpkgs";
     nix-editor.inputs.utils.follows = "flake-utils";
     nix-editor.url = "github:snowfallorg/nix-editor";
@@ -45,6 +46,7 @@
         nix/devShells.nix
         nix/fmt.nix
         nix/hooks.nix
+        nix/hosts.nix
         nix/nixpkgs.nix
         nix/packages
         nix/overlays

flake.nix

@@ -0,0 +1,10 @@
+{ inputs, ... }:
+{
+  flake = {
+    darwinConfigurations = {
+      darwin-nixostest = inputs.nix-darwin.lib.darwinSystem {
+        modules = [ ./hosts/darwin-nixostest/darwin-configuration.nix ];
+      };
+    };
+  };
+}

nix/hosts.nix

@@ -0,0 +1,128 @@
+{ lib, pkgs, ... }:
+let
+  start-linux-builder = pkgs.writeShellApplication {
+    name = "start-linux-builder";
+    text = ''
+      echo "Starting linux-builder..."
+
+      if sudo launchctl list | grep -q org.nixos.linux-builder; then
+          echo "linux-builder is already running"
+          exit 0
+      fi
+
+      # Use load instead of start to re-enable the service
+      if sudo launchctl load -w /Library/LaunchDaemons/org.nixos.linux-builder.plist 2>/dev/null; then
+          echo "linux-builder started successfully"
+      else
+          echo "Error: Could not start linux-builder"
+          echo "Make sure nix-darwin is configured with linux-builder enabled"
+          exit 1
+      fi
+
+      # Check if it's running
+      sleep 2
+      if sudo launchctl list | grep -q org.nixos.linux-builder; then
+          echo "linux-builder is now running"
+      else
+          echo "Warning: linux-builder may not have started properly"
+      fi
+    '';
+  };
+  stop-linux-builder = pkgs.writeShellApplication {
+    name = "stop-linux-builder";
+    text = ''
+      echo "Stopping linux-builder..."
+
+      # Use unload instead of stop because KeepAlive=true will restart it
+      if sudo launchctl unload -w /Library/LaunchDaemons/org.nixos.linux-builder.plist 2>/dev/null; then
+          echo "linux-builder stopped successfully"
+      else
+          echo "Warning: Could not stop linux-builder (it may not be running)"
+      fi
+
+      # Check if it's still running
+      sleep 1
+      if sudo launchctl list | grep -q org.nixos.linux-builder; then
+          echo "Warning: linux-builder is still running"
+          STATUS=$(sudo launchctl list | grep org.nixos.linux-builder || true)
+          echo "Current status: $STATUS"
+      else
+          echo "linux-builder is not running"
+      fi
+    '';
+  };
+in
+{
+  nixpkgs.hostPlatform = "aarch64-darwin";
+
+  # Install builder control scripts
+  environment.systemPackages = [
+    start-linux-builder
+    stop-linux-builder
+  ];
+
+  nix.settings = {
+    experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+    always-allow-substitutes = true;
+    max-jobs = "auto";
+    trusted-users = [ "@admin" ];
+    extra-substituters = [ "https://nix-postgres-artifacts.s3.amazonaws.com" ];
+    extra-trusted-substituters = [ "https://nix-postgres-artifacts.s3.amazonaws.com" ];
+    extra-trusted-public-keys = [
+      "nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI="
+    ];
+  };
+
+  nix.extraOptions = ''
+    !include nix.custom.conf
+  '';
+
+  # accept existing nix.custom.conf
+  system.activationScripts.checks.text = lib.mkForce "";
+  system.activationScripts.nix-daemon.text = lib.mkForce ''
+    if ! diff /etc/nix/nix.conf /run/current-system/etc/nix/nix.conf &> /dev/null || ! diff /etc/nix/machines /run/current-system/etc/nix/machines &> /dev/null; then
+        echo "reloading nix-daemon..." >&2
+        launchctl kill HUP system/org.nixos.nix-daemon
+    fi
+    max_wait=30
+    waited=0
+    while ! nix-store --store daemon -q --hash ${pkgs.stdenv.shell} &>/dev/null; do
+        if [ $waited -ge $max_wait ]; then
+            echo "ERROR: nix-daemon failed to start after $max_wait seconds" >&2
+            exit 1
+        fi
+        echo "waiting for nix-daemon" >&2
+        launchctl kickstart system/org.nixos.nix-daemon
+        sleep 1
+        waited=$((waited + 1))
+    done
+  '';
+
+  nix.linux-builder = {
+    enable = true;
+    ephemeral = true;
+    maxJobs = 4;
+    supportedFeatures = [
+      "kvm"
+      "benchmark"
+      "big-parallel"
+      "nixos-test"
+    ];
+    config = {
+      virtualisation = {
+        darwin-builder = {
+          diskSize = 40 * 1024;
+          memorySize = 8 * 1024;
+        };
+        cores = 6;
+      };
+    };
+  };
+
+  nix.distributedBuilds = true;
+
+  system.stateVersion = 6;
+}

nix/hosts/darwin-nixostest/darwin-configuration.nix

@@ -84,6 +84,9 @@
             cargo-pgrx_0_14_3
             ;
         }
+        // lib.optionalAttrs pkgs.stdenv.isDarwin {
+          setup-darwin-linux-builder = pkgs.callPackage ./setup-darwin-linux-builder.nix { inherit inputs; };
+        }
         // lib.filterAttrs (n: _v: n != "override" && n != "overrideAttrs" && n != "overrideDerivation") (
           pkgs.callPackage ../postgresql/default.nix {
             inherit self';

nix/packages/default.nix

@@ -0,0 +1,60 @@
+{
+  inputs,
+  stdenv,
+  writeShellApplication,
+}:
+writeShellApplication {
+  name = "setup-darwin-linux-builder";
+  runtimeInputs = [
+    inputs.nix-darwin.packages.${stdenv.hostPlatform.system}.darwin-rebuild
+  ];
+  text = ''
+    set -euo pipefail
+
+    echo "Configuring nix-darwin linux-builder..."
+    echo ""
+
+    # Backup files that nix-darwin will manage
+    echo "Preparing for nix-darwin..."
+    for file in /etc/nix/nix.conf /etc/bashrc /etc/zshrc; do
+      if [[ -f "$file" && ! -L "$file" ]]; then
+        echo "  Backing up $file"
+        sudo mv "$file" "$file.before-nix-darwin"
+      fi
+    done
+    echo ""
+
+    revert() {
+      for file in /etc/nix/nix.conf /etc/bashrc /etc/zshrc; do
+        if [[ ! -L "$file" && -f "$file.before-nix-darwin" ]]; then
+          echo "  Restoring original $file"
+          sudo mv "$file.before-nix-darwin" "$file" 
+        fi
+      done
+    }
+    trap revert ERR SIGINT SIGTERM
+
+    echo "This will configure your system with:"
+    echo "  - NixOS linux-builder VM (ephemeral)"
+    echo "  - 6 cores, 8GB RAM, 40GB disk"
+    echo "  - Support for x86_64-linux and aarch64-linux builds"
+    echo ""
+    echo "Running darwin-rebuild switch..."
+    echo ""
+
+    sudo darwin-rebuild switch --refresh --flake github:supabase/postgres/darwin-linux-builder#darwin-nixostest
+
+    echo ""
+    echo "Configuration complete!"
+    echo ""
+    echo "The linux-builder is now configured. You can test it by:"
+    echo "  nix build --system x86_64-linux nixpkgs#hello"
+    echo "  nix build --system aarch64-linux nixpkgs#hello"
+    echo ""
+    echo "To control the linux builder vm, you can use:"
+    echo "  stop-linux-builder  # to stop the linux builder vm"
+    echo "  start-linux-builder # to start the linux builder vm"
+    echo ""
+    echo "If this is the first install, you may need to restart your shell to use these scripts."
+  '';
+}