Merge pull request #1140 from Enzime/aarch64-tests

release: fix tests not running on `aarch64-darwin`

.github/workflows/test.yml

@@ -13,33 +13,29 @@ jobs:
     runs-on: macos-13
     timeout-minutes: 30
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install nix corresponding to latest stable channel
       uses: cachix/install-nix-action@v30
       with:
         install_url: https://releases.nixos.org/nix/nix-2.18.8/install
-    - run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A tests
-    - run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A manpages
-    - run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A examples.simple
+    - run: nix flake check --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
 
   test-unstable:
     runs-on: macos-13
     timeout-minutes: 30
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install nix from current unstable channel
       uses: cachix/install-nix-action@v30
       with:
         install_url: https://releases.nixos.org/nix/nix-2.24.9/install
-    - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A tests
-    - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A manpages
-    - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A examples.simple
+    - run: nix flake check --override-input nixpkgs nixpkgs/nixpkgs-unstable
 
   install-against-stable:
     runs-on: macos-13
     timeout-minutes: 30
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install nix corresponding to latest stable channel
       uses: cachix/install-nix-action@v30
       with:
@@ -84,7 +80,7 @@ jobs:
     runs-on: macos-13
     timeout-minutes: 30
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install nix from current unstable channel
       uses: cachix/install-nix-action@v30
       with:
@@ -129,7 +125,7 @@ jobs:
     runs-on: macos-13
     timeout-minutes: 30
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install nix version corresponding to latest stable channel
       uses: cachix/install-nix-action@v30
       with:
@@ -158,7 +154,7 @@ jobs:
     runs-on: macos-13
     timeout-minutes: 30
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install nix from current unstable channel
       uses: cachix/install-nix-action@v30
       with:

.github/workflows/update-manual.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: macos-13
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         # So that we fetch all branches, since we need to checkout the `gh-pages` branch later.
         fetch-depth: 0
@@ -21,7 +21,7 @@ jobs:
 
     - name: Build manual
       run: |
-        nix-build ./release.nix -I nixpkgs=channel:nixpkgs-24.05-darwin -I darwin=. -A manualHTML
+        nix build .#manualHTML --override-input nixpkgs nixpkgs/nixpkgs-24.05-darwin
 
     - name: Push update to manual
       run: |

flake.nix

@@ -1,9 +1,12 @@
 {
-  # WARNING this is very much still experimental.
   description = "A collection of darwin modules";
 
   outputs = { self, nixpkgs }: let
     forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-darwin" "x86_64-darwin" ];
+
+    jobs = forAllSystems (system: import ./release.nix {
+      inherit nixpkgs system;
+    });
   in {
     lib = {
       evalConfig = import ./eval-config.nix;
@@ -48,29 +51,14 @@
 
     darwinModules.hydra = ./modules/examples/hydra.nix;
     darwinModules.lnl = ./modules/examples/lnl.nix;
-    darwinModules.ofborg = ./modules/examples/ofborg.nix;
     darwinModules.simple = ./modules/examples/simple.nix;
 
     templates.default = {
       path = ./modules/examples/flake;
       description = "nix flake init -t nix-darwin";
     };
 
-    checks = forAllSystems (system: let
-      simple = self.lib.darwinSystem {
-        modules = [
-          self.darwinModules.simple
-          { nixpkgs.hostPlatform = system; }
-        ];
-      };
-    in {
-      simple = simple.system;
-
-      inherit (simple.config.system.build.manual)
-        optionsJSON
-        manualHTML
-        manpages;
-    });
+    checks = forAllSystems (system: jobs.${system}.tests // jobs.${system}.examples);
 
     packages = forAllSystems (system: let
       pkgs = import nixpkgs {
@@ -81,6 +69,8 @@
       default = self.packages.${system}.darwin-rebuild;
 
       inherit (pkgs) darwin-option darwin-rebuild darwin-version darwin-uninstaller;
+
+      inherit (jobs.${system}.docs) manualHTML manpages optionsJSON;
     });
   };
 }

modules/examples/hydra.nix

@@ -1,25 +1,16 @@
 { config, lib, pkgs, ... }:
 
-with lib;
-
 let
-  environment = concatStringsSep " "
+  environment = lib.concatStringsSep " "
     [ "NIX_REMOTE=daemon"
       "NIX_SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
     ];
 in
 
 {
-  # Create /etc/bashrc that loads the nix-darwin environment.
-  programs.bash.enable = true;
-  programs.bash.completion.enable = false;
-
-  # Recreate /run/current-system symlink after boot.
-  services.activate-system.enable = true;
-
   services.nix-daemon.enable = true;
 
-  nix.settings.substituters = [ http://cache1 ];
+  nix.settings.substituters = [ "http://cache1" ];
   nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ];
 
   nix.settings.trusted-users = [ "@admin" "@hydra" ];
@@ -31,7 +22,7 @@ in
   nix.gc.automatic = true;
   nix.gc.options = "--max-freed $((25 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | awk '{ print $4 }')))";
 
-  environment.etc."per-user/hydra/ssh/authorized_keys".text = concatStringsSep "\n"
+  environment.etc."per-user/hydra/ssh/authorized_keys".text = lib.concatStringsSep "\n"
     [ "command=\"${environment} ${config.nix.package}/bin/nix-store --serve --write\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCVsc0pHGsskoayziMhA2e59bHPWe0bbKgusmqhuJFBGQ1BAk9UmPzKCWE3nCiV6CLD1+SygVkBjb06DYtc+94BnzviCa9qZtL0G4+2vhp6x8OvXh8xlf/eWw3k5MWlvu+kjJFpbW8wHWTiUqzH+uEeHklAosT0lFNjiIYd/Vs3JAezhUR62a6c7ZjWOd5F7ALGEKzOiwC4i37kSgGsIWNCbe0Ku7gyr718zhMGeyxax6saHhnkSpIB+7d6oHhKeiJSFMWctNmz1/qxXUPbxNaJvqgdKlVHhN+B7x/TIbkVr5pTC59Okx9LTcpflFIv79VT+Gf1K7VypZpSvJjG0xFRt8iDs1+ssWFBfvpo94vUbZ+ZwMDcBGR5iJeO41Gj5fYn5aaDl32RXfJ9Fkwael1L6pcXtkIc66jk+KQQpgoeNj8Y3Emntpqva/2AM41wDDvr5tKp5KhEKFLM95CoiWq+g88pZLcpqLK7wooDVqNkVUEbMaj9lBN0AzU9mcsIRGvTa6CmWAdBvwqS2fRZD97Oarqct9AWgb0X6mOUq9BJNi4i4xvjgnVkylLwtLUnibR/PeXMtkb9bv6BEZXNf5ACqxSjKXJyaIHI65I5TILCr5eEgaujgvmkREn6U3T1NZAUIeVe9aVYLqehYh79OHUBzggoHqidRrXBB/6zdg9UgQ=="
       "command=\"${environment} ${config.nix.package}/bin/nix-store --serve --write\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCnubA1pRqlpoAXkZ1q5nwhqi1RY2z840wFLFDj7vAMSups9E2U8PNIVtuVYApZpkBWIpzD4GGbQTF5Itnu5uBpJswc2Yat9yGWO/guuVyXIaRoBIM0Pg1WBWcWsz+k4rNludu9UQ74FHqEiqZIuIuOcgV+RIZn8xQlGt2kUqN9TWboHhZz8Zhx7EtGSJH6MJRLn3mA/pPjOF6k1jiiFG1pVDuqBTZPANkelWYCWAJ46jCyhxXltWE/jkBYGc/XbB8yT7DFE1XC6TVsSEp68R9PhVG3yqxqY06sniEyduSoGt/TDr6ycERd93bvLElXFATes85YiFszeaUgayYSKwQPe0q7YeHMhIXL0UYJYaKVVgT9saFDiHDzde7kKe+NA+J4+TbIk7Y/Ywn0jepsYV13M7TyEqgqbu9fvVGF3JI9+4g0m1gAzHTa7n6iiAedtz+Pi79uCEpRD2hWSSoLWroyPlep8j1p2tygtFsrieePEukesoToCTwqg1Ejnjh+yKdtUbc6xpyRvl3hKeO8QbCpfaaVd27e4vE4lP2JMW6nOo8b0wlVXQIFe5K2zh52q1MSwhLAq6Kg8oPmgj0lru4IivmPc+/NVwd3Qj3E9ZB8LRfTesfbcxHrC8lF5dL/QpLMeLwebrwCxL19gI0kxmDIaUQuHSyP3B2z+EmBKcN/Xw=="
     ];
@@ -53,4 +44,6 @@ in
     chown hydra:hydra ~hydra ~hydra/.ssh ~hydra/.ssh/authorized_keys
     echo "ok"
   '';
+
+  system.stateVersion = 5;
 }

modules/examples/lnl.nix

@@ -1,10 +1,6 @@
 { config, lib, inputs, pkgs, ... }:
 
 {
-  # imports = [ ~/.config/nixpkgs/darwin/local-configuration.nix ];
-
-  # system.patches = [ ./pam.patch ];
-
   system.defaults.NSGlobalDomain.AppleKeyboardUIMode = 3;
   system.defaults.NSGlobalDomain.ApplePressAndHoldEnabled = false;
   system.defaults.NSGlobalDomain.InitialKeyRepeat = 10;
@@ -50,13 +46,10 @@
       pkgs.gnupg
       pkgs.htop
       pkgs.jq
-      pkgs.mosh
       pkgs.ripgrep
       pkgs.shellcheck
-      pkgs.vault
 
       pkgs.qes
-      pkgs.darwin-zsh-completions
     ];
 
   services.yabai.enable = true;
@@ -96,7 +89,7 @@
   '';
 
   nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ];
-  nix.settings.trusted-substituters = [ https://d3i7ezr9vxxsfy.cloudfront.net ];
+  nix.settings.trusted-substituters = [ "https://d3i7ezr9vxxsfy.cloudfront.net" ];
 
   nix.settings.sandbox = true;
   nix.settings.extra-sandbox-paths = [ "/private/tmp" "/private/var/tmp" "/usr/bin/env" ];
@@ -302,8 +295,6 @@
     fi
   '';
 
-  # environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix";
-
   nixpkgs.config.allowUnfree = true;
 
   nixpkgs.overlays = [
@@ -331,4 +322,6 @@
 
   nix.configureBuildUsers = true;
   nix.nrBuildUsers = 32;
+
+  system.stateVersion = 5;
 }

modules/services/ofborg/default.nix

@@ -46,12 +46,6 @@ in
   };
 
   config = mkIf cfg.enable {
-
-    assertions = [
-      { assertion = elem "ofborg" config.users.knownGroups; message = "set users.knownGroups to enable ofborg group"; }
-      { assertion = elem "ofborg" config.users.knownUsers; message = "set users.knownUsers to enable ofborg user"; }
-    ];
-
     warnings = mkIf (isDerivation cfg.configFile) [
       "services.ofborg.configFile is a derivation, credentials will be world readable"
     ];
@@ -87,9 +81,13 @@ in
     users.users.ofborg.shell = "/bin/bash";
     users.users.ofborg.description = "OfBorg service user";
 
+    users.knownUsers = [ "ofborg" ];
+
     users.groups.ofborg.gid = mkDefault 531;
     users.groups.ofborg.description = "Nix group for OfBorg service";
 
+    users.knownGroups = [ "ofborg" ];
+
     # FIXME: create logfiles automatically if defined.
     system.activationScripts.preActivation.text = ''
       mkdir -p '${user.home}'