From d2498644fd84360e46ad90de3029066ad441e15a Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 11 Nov 2024 19:56:15 +1100 Subject: [PATCH 1/8] nix-daemon: remove `with lib;` --- modules/services/nix-daemon.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/services/nix-daemon.nix b/modules/services/nix-daemon.nix index 6718ac051..6f9313151 100644 --- a/modules/services/nix-daemon.nix +++ b/modules/services/nix-daemon.nix @@ -1,9 +1,9 @@ -{ config, lib, pkgs, ... }: - -with lib; +{ config, lib, ... }: let cfg = config.services.nix-daemon; + + inherit (lib) mkDefault mkIf mkMerge mkOption types; in { From 698414e4091d919cc1b3af622f29bd594d3c21c3 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 11 Nov 2024 19:56:15 +1100 Subject: [PATCH 2/8] nix-daemon: enable by default Single user installs have been unsupported by the official Nix installer since 2.4. --- modules/services/nix-daemon.nix | 2 +- pkgs/darwin-installer/default.nix | 5 ----- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/modules/services/nix-daemon.nix b/modules/services/nix-daemon.nix index 6f9313151..ffc7e651b 100644 --- a/modules/services/nix-daemon.nix +++ b/modules/services/nix-daemon.nix @@ -10,7 +10,7 @@ in options = { services.nix-daemon.enable = mkOption { type = types.bool; - default = false; + default = true; description = "Whether to enable the nix-daemon service."; }; diff --git a/pkgs/darwin-installer/default.nix b/pkgs/darwin-installer/default.nix index 5c6d801e5..78ca3c889 100644 --- a/pkgs/darwin-installer/default.nix +++ b/pkgs/darwin-installer/default.nix @@ -53,11 +53,6 @@ stdenv.mkDerivation { mkdir -p "$HOME/.nixpkgs" cp "${../../modules/examples/simple.nix}" "$config" chmod u+w "$config" - - # Enable nix-daemon service for multi-user installs. - if [ ! -w /nix/var/nix/db ]; then - sed -i 's/# services.nix-daemon.enable/services.nix-daemon.enable/' "$config" - fi fi # Skip when stdin is not a tty, eg. From 5d1b7ac696c2c9cf4206d7fbd3ebe3daa3b9bbd2 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 11 Nov 2024 22:48:25 +1100 Subject: [PATCH 3/8] treewide: remove mentions of `services.nix-daemon.enable = true;` --- README.md | 1 - modules/examples/flake/flake.nix | 1 - modules/examples/hydra.nix | 2 -- modules/examples/lnl.nix | 1 - modules/examples/simple.nix | 1 - 5 files changed, 6 deletions(-) diff --git a/README.md b/README.md index eb6228ca5..97dc7960f 100644 --- a/README.md +++ b/README.md @@ -68,7 +68,6 @@ Configuration lives in `~/.nixpkgs/darwin-configuration.nix`. Check out ]; # Auto upgrade nix package and the daemon service. - services.nix-daemon.enable = true; nix.package = pkgs.nix; } ``` diff --git a/modules/examples/flake/flake.nix b/modules/examples/flake/flake.nix index bd733bd98..d3967ef12 100644 --- a/modules/examples/flake/flake.nix +++ b/modules/examples/flake/flake.nix @@ -17,7 +17,6 @@ ]; # Auto upgrade nix package and the daemon service. - services.nix-daemon.enable = true; # nix.package = pkgs.nix; # Necessary for using flakes on this system. diff --git a/modules/examples/hydra.nix b/modules/examples/hydra.nix index eb1c5d9b0..f87ed5d05 100644 --- a/modules/examples/hydra.nix +++ b/modules/examples/hydra.nix @@ -8,8 +8,6 @@ let in { - services.nix-daemon.enable = true; - nix.settings.substituters = [ "http://cache1" ]; nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ]; diff --git a/modules/examples/lnl.nix b/modules/examples/lnl.nix index dccae077a..2204c2fa8 100644 --- a/modules/examples/lnl.nix +++ b/modules/examples/lnl.nix @@ -77,7 +77,6 @@ # serviceConfig.ProcessType = "Background"; # }; - services.nix-daemon.enable = true; # services.nix-daemon.enableSocketListener = true; nix.extraOptions = '' diff --git a/modules/examples/simple.nix b/modules/examples/simple.nix index 5baf009f5..c76ecda87 100644 --- a/modules/examples/simple.nix +++ b/modules/examples/simple.nix @@ -12,7 +12,6 @@ # environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix"; # Auto upgrade nix package and the daemon service. - # services.nix-daemon.enable = true; # nix.package = pkgs.nix; # Enable alternative shell support in nix-darwin. From 6d794390fa48afbe5d8b0020392f55bc1d800cb6 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 11 Nov 2024 20:23:06 +1100 Subject: [PATCH 4/8] checks: check single user installs don't have the `nix-daemon` enabled Remove suggestion to set `nix.useDaemon` as it came without an explanation of how the `nix-daemon` would be unmanaged and would most likely lead to most users running an old version of Nix as the daemon. --- modules/system/checks.nix | 34 +++++++++++++++++++++------------- 1 file changed, 21 insertions(+), 13 deletions(-) diff --git a/modules/system/checks.nix b/modules/system/checks.nix index ab6ea19d8..949a28ea9 100644 --- a/modules/system/checks.nix +++ b/modules/system/checks.nix @@ -129,18 +129,26 @@ let fi ''; - singleUser = '' - if grep -q 'build-users-group =' /etc/nix/nix.conf; then - echo "error: The daemon is not enabled but this is a multi-user install, aborting activation" >&2 - echo "Enable the nix-daemon service:" >&2 - echo >&2 - echo " services.nix-daemon.enable = true;" >&2 - echo >&2 - echo "or set" >&2 - echo >&2 - echo " nix.useDaemon = true;" >&2 - echo >&2 - exit 2 + nixDaemon = if config.nix.useDaemon then '' + if ! dscl . -read /Groups/nixbld PrimaryGroupID &> /dev/null; then + printf >&2 'error: The daemon should not be enabled for single-user installs, aborting activation\n' + printf >&2 'Disable the nix-daemon service:\n' + printf >&2 '\n' + printf >&2 ' services.nix-daemon.enable = false;\n' + printf >&2 '\n' + # shellcheck disable=SC2016 + printf >&2 'and remove `nix.useDaemon` from your configuration if it is present.\n' + printf >&2 '\n' + exit 2 + fi + '' else '' + if dscl . -read /Groups/nixbld PrimaryGroupID &> /dev/null; then + printf >&2 'error: The daemon should be enabled for multi-user installs, aborting activation\n' + printf >&2 'Enable the nix-daemon service:\n' + printf >&2 '\n' + printf >&2 ' services.nix-daemon.enable = true;\n' + printf >&2 '\n' + exit 2 fi ''; @@ -337,7 +345,7 @@ in (mkIf cfg.verifyBuildUsers buildUsers) (mkIf cfg.verifyBuildUsers preSequoiaBuildUsers) (mkIf config.nix.configureBuildUsers buildGroupID) - (mkIf (!config.nix.useDaemon) singleUser) + nixDaemon nixStore (mkIf (config.nix.gc.automatic && config.nix.gc.user == null) nixGarbageCollector) (mkIf (config.nix.optimise.automatic && config.nix.optimise.user == null) nixStoreOptimiser) From 7918e24e5b999e36c923573e9d6ac183b0c00f38 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 11 Nov 2024 22:30:42 +1100 Subject: [PATCH 5/8] treewide: remove `nix.package` example --- .github/workflows/test.yml | 8 ++++---- README.md | 3 --- modules/examples/flake/flake.nix | 3 --- modules/examples/simple.nix | 3 --- 4 files changed, 4 insertions(+), 13 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 623cb698e..92d06d4d4 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -55,7 +55,7 @@ jobs: nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1) /usr/bin/sed -i.bak \ - "s/# nix.package = pkgs.nix;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \ + "s/# programs.fish.enable = true;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \ ~/.nixpkgs/darwin-configuration.nix nix-shell -A installer @@ -103,7 +103,7 @@ jobs: nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1) /usr/bin/sed -i.bak \ - "s/# nix.package = pkgs.nix;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \ + "s/# programs.fish.enable = true;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \ ~/.nixpkgs/darwin-configuration.nix nix-shell -A installer @@ -145,7 +145,7 @@ jobs: nix flake init -t $darwin nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1) /usr/bin/sed -i.bak \ - "s/# nix.package = pkgs.nix;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \ + "s/# programs.fish.enable = true;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \ flake.nix popd nix run .#darwin-rebuild -- \ @@ -178,7 +178,7 @@ jobs: nix flake init -t $darwin nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1) /usr/bin/sed -i.bak \ - "s/# nix.package = pkgs.nix;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \ + "s/# programs.fish.enable = true;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \ flake.nix popd nix run .#darwin-rebuild -- \ diff --git a/README.md b/README.md index 97dc7960f..58bde7940 100644 --- a/README.md +++ b/README.md @@ -66,9 +66,6 @@ Configuration lives in `~/.nixpkgs/darwin-configuration.nix`. Check out environment.systemPackages = [ pkgs.vim ]; - - # Auto upgrade nix package and the daemon service. - nix.package = pkgs.nix; } ``` diff --git a/modules/examples/flake/flake.nix b/modules/examples/flake/flake.nix index d3967ef12..dbcc420a1 100644 --- a/modules/examples/flake/flake.nix +++ b/modules/examples/flake/flake.nix @@ -16,9 +16,6 @@ [ pkgs.vim ]; - # Auto upgrade nix package and the daemon service. - # nix.package = pkgs.nix; - # Necessary for using flakes on this system. nix.settings.experimental-features = "nix-command flakes"; diff --git a/modules/examples/simple.nix b/modules/examples/simple.nix index c76ecda87..8d769a2c7 100644 --- a/modules/examples/simple.nix +++ b/modules/examples/simple.nix @@ -11,9 +11,6 @@ # $ darwin-rebuild switch -I darwin-config=$HOME/.config/nixpkgs/darwin/configuration.nix # environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix"; - # Auto upgrade nix package and the daemon service. - # nix.package = pkgs.nix; - # Enable alternative shell support in nix-darwin. # programs.fish.enable = true; From 6d20de4ed606846230f766cc059bf01b47b8e2d4 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 11 Nov 2024 22:32:55 +1100 Subject: [PATCH 6/8] nix: remove outdated note requiring managed daemon for distributedBuilds For Nix 1, some environment variables were set when using distributed builds requiring the Nix daemon to be managed by nix-darwin. However, support for Nix 1 has been removed and no other environment variables for Nix are set by default. --- modules/nix/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/nix/default.nix b/modules/nix/default.nix index 3751e8c4f..09e6e50de 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -191,9 +191,6 @@ in description = '' Whether to distribute builds to the machines listed in {option}`nix.buildMachines`. - - NOTE: This requires services.nix-daemon.enable for a - multi-user install. ''; }; From e07f08c0dcbf2f10a51f76ac2910c25e25ff4d84 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 11 Nov 2024 23:05:03 +1100 Subject: [PATCH 7/8] uninstaller: fix restoring nix-daemon launchd daemon --- pkgs/darwin-uninstaller/configuration.nix | 3 +++ pkgs/darwin-uninstaller/default.nix | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/pkgs/darwin-uninstaller/configuration.nix b/pkgs/darwin-uninstaller/configuration.nix index 75d1cacfa..295477a68 100644 --- a/pkgs/darwin-uninstaller/configuration.nix +++ b/pkgs/darwin-uninstaller/configuration.nix @@ -12,6 +12,9 @@ with lib; launchd.daemons = mkForce {}; launchd.user.agents = mkForce {}; + # Don't try to reload `nix-daemon` + nix.useDaemon = mkForce false; + system.activationScripts.postUserActivation.text = mkAfter '' if [[ -L ~/.nix-defexpr/channels/darwin ]]; then nix-channel --remove darwin || true diff --git a/pkgs/darwin-uninstaller/default.nix b/pkgs/darwin-uninstaller/default.nix index 17c0a460b..f6e045049 100644 --- a/pkgs/darwin-uninstaller/default.nix +++ b/pkgs/darwin-uninstaller/default.nix @@ -31,7 +31,9 @@ in writeShellApplication { echo >&2 " - remove /Applications/Nix Apps symlink" echo >&2 " - cleanup static /etc files" echo >&2 " - disable and remove all launchd services managed by nix-darwin" - echo >&2 " - restore daemon service from nix installer (only when this is a multi-user install)" + if [[ $(stat -f '%Su' /nix/store) == "root" ]]; then + echo >&2 " - restore nix-daemon service from nix installer as this is a multi-user install" + fi echo >&2 if [[ -t 0 ]]; then From ec5fce6061c26095f6de3a9cb9398171aa3b8c86 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 11 Nov 2024 23:45:00 +1100 Subject: [PATCH 8/8] uninstaller: check `nix-daemon` works after restoring --- pkgs/darwin-uninstaller/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/darwin-uninstaller/default.nix b/pkgs/darwin-uninstaller/default.nix index f6e045049..da58682e3 100644 --- a/pkgs/darwin-uninstaller/default.nix +++ b/pkgs/darwin-uninstaller/default.nix @@ -89,8 +89,9 @@ in writeShellApplication { pgrep -l nix-daemon test -e /Library/LaunchDaemons/org.nixos.nix-daemon.plist [[ "$(shasum -a 256 /Library/LaunchDaemons/org.nixos.nix-daemon.plist | awk '{print $1}')" == "$(shasum -a 256 /Library/LaunchDaemons/org.nixos.nix-daemon.plist | awk '{print $1}')" ]] - echo >&2 ok + nix-store --store daemon -q --hash ${stdenv.shell} fi + echo >&2 ok ''; }; }