From 1a8c6cac8c7a9537fcf928714ca3778f4c59c2fd Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 21 Oct 2024 11:16:49 +1100 Subject: [PATCH 01/13] release: fix tests not running on `aarch64-darwin` --- release.nix | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/release.nix b/release.nix index a91059129..835e251f0 100644 --- a/release.nix +++ b/release.nix @@ -1,14 +1,11 @@ { nixpkgs ? -, supportedSystems ? [ "x86_64-darwin" ] +, system ? builtins.currentSystem +, supportedSystems ? [ "x86_64-darwin" "aarch64-darwin" ] , scrubJobs ? true }: let - inherit (release) mapTestOn packagePlatforms pkgs all linux darwin; - - system = "x86_64-darwin"; - - mapPlatforms = systems: pkgs.lib.mapAttrs (n: v: systems); + inherit (release) mapTestOn packagePlatforms pkgs; buildFromConfig = configuration: sel: sel (import ./. { inherit nixpkgs configuration system; }).config; From e11dd028d38bd09ec4a1119742d735512775c8a6 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sun, 3 Nov 2024 21:13:53 +1100 Subject: [PATCH 02/13] release: remove `unstable` job This job is actually in Nixpkgs at https://github.com/NixOS/nixpkgs/blob/2d2a9ddbe3f2c00747398f3dc9b05f7f2ebb0f53/pkgs/top-level/release.nix#L90-L139. --- release.nix | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/release.nix b/release.nix index 835e251f0..cb9e41ca6 100644 --- a/release.nix +++ b/release.nix @@ -75,26 +75,6 @@ let }) (config: config.system.build.manual); jobs = { - - unstable = pkgs.releaseTools.aggregate { - name = "darwin-${pkgs.lib.nixpkgsVersion}"; - constituents = - [ jobs.stdenv.x86_64-darwin - jobs.bash.x86_64-darwin - jobs.zsh.x86_64-darwin - jobs.nix.x86_64-darwin - jobs.reattach-to-user-namespace.x86_64-darwin - jobs.tmux.x86_64-darwin - jobs.nano.x86_64-darwin - jobs.vim.x86_64-darwin - jobs.emacs.x86_64-darwin - jobs.examples.hydra.x86_64-darwin - jobs.examples.lnl.x86_64-darwin - jobs.examples.simple.x86_64-darwin - ]; - meta.description = "Release-critical builds for the darwin channel"; - }; - manualHTML = manual.manualHTML; manpages = manual.manpages; options = manual.optionsJSON; From 8a03b1850b3adf005da3f35e696e801d700740ec Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 4 Nov 2024 08:32:31 +1100 Subject: [PATCH 03/13] release: remove package jobs --- release.nix | 134 ++++++++++++++++++++++++---------------------------- 1 file changed, 61 insertions(+), 73 deletions(-) diff --git a/release.nix b/release.nix index cb9e41ca6..b432a29de 100644 --- a/release.nix +++ b/release.nix @@ -5,7 +5,7 @@ }: let - inherit (release) mapTestOn packagePlatforms pkgs; + inherit (release) pkgs; buildFromConfig = configuration: sel: sel (import ./. { inherit nixpkgs configuration system; }).config; @@ -63,79 +63,67 @@ let packageSet = import nixpkgs; }; - packageSet = { - inherit (pkgs) - stdenv bash zsh nix - tmux reattach-to-user-namespace - nano emacs vim; - }; - manual = buildFromConfig ({ lib, config, ... }: { system.stateVersion = lib.mkDefault config.system.maxStateVersion; }) (config: config.system.build.manual); - jobs = { - manualHTML = manual.manualHTML; - manpages = manual.manpages; - options = manual.optionsJSON; - - examples.hydra = makeSystem ./modules/examples/hydra.nix; - examples.lnl = makeSystem ./modules/examples/lnl.nix; - examples.simple = makeSystem ./modules/examples/simple.nix; - - tests.activation-scripts = makeTest ./tests/activation-scripts.nix; - tests.autossh = makeTest ./tests/autossh.nix; - tests.checks-nix-gc = makeTest ./tests/checks-nix-gc.nix; - tests.environment-path = makeTest ./tests/environment-path.nix; - tests.environment-terminfo = makeTest ./tests/environment-terminfo.nix; - tests.homebrew = makeTest ./tests/homebrew.nix; - tests.launchd-daemons = makeTest ./tests/launchd-daemons.nix; - tests.launchd-setenv = makeTest ./tests/launchd-setenv.nix; - tests.networking-hostname = makeTest ./tests/networking-hostname.nix; - tests.networking-networkservices = makeTest ./tests/networking-networkservices.nix; - tests.nixpkgs-overlays = makeTest ./tests/nixpkgs-overlays.nix; - tests.programs-ssh = makeTest ./tests/programs-ssh.nix; - tests.programs-tmux = makeTest ./tests/programs-tmux.nix; - tests.programs-zsh = makeTest ./tests/programs-zsh.nix; - tests.programs-ssh-empty-known-hosts = makeTest ./tests/programs-ssh-empty-known-hosts.nix; - tests.security-pki = makeTest ./tests/security-pki.nix; - tests.services-activate-system = makeTest ./tests/services-activate-system.nix; - tests.services-activate-system-changed-label-prefix = makeTest ./tests/services-activate-system-changed-label-prefix.nix; - tests.services-buildkite-agent = makeTest ./tests/services-buildkite-agent.nix; - tests.services-github-runners = makeTest ./tests/services-github-runners.nix; - tests.services-lorri = makeTest ./tests/services-lorri.nix; - tests.services-nix-daemon = makeTest ./tests/services-nix-daemon.nix; - tests.sockets-nix-daemon = makeTest ./tests/sockets-nix-daemon.nix; - tests.services-aerospace = makeTest ./tests/services-aerospace.nix; - tests.services-dnsmasq = makeTest ./tests/services-dnsmasq.nix; - tests.services-eternal-terminal = makeTest ./tests/services-eternal-terminal.nix; - tests.services-nix-gc = makeTest ./tests/services-nix-gc.nix; - tests.services-nix-optimise = makeTest ./tests/services-nix-optimise.nix; - tests.services-nextdns = makeTest ./tests/services-nextdns.nix; - tests.services-netdata = makeTest ./tests/services-netdata.nix; - tests.services-ofborg = makeTest ./tests/services-ofborg.nix; - tests.services-offlineimap = makeTest ./tests/services-offlineimap.nix; - tests.services-privoxy = makeTest ./tests/services-privoxy.nix; - tests.services-redis = makeTest ./tests/services-redis.nix; - tests.services-skhd = makeTest ./tests/services-skhd.nix; - tests.services-spacebar = makeTest ./tests/services-spacebar.nix; - tests.services-spotifyd = makeTest ./tests/services-spotifyd.nix; - tests.services-synapse-bt = makeTest ./tests/services-synapse-bt.nix; - tests.services-synergy = makeTest ./tests/services-synergy.nix; - tests.services-yabai = makeTest ./tests/services-yabai.nix; - tests.services-jankyborders = makeTest ./tests/services-jankyborders.nix; - tests.system-defaults-write = makeTest ./tests/system-defaults-write.nix; - tests.system-environment = makeTest ./tests/system-environment.nix; - tests.system-keyboard-mapping = makeTest ./tests/system-keyboard-mapping.nix; - tests.system-packages = makeTest ./tests/system-packages.nix; - tests.system-path = makeTest ./tests/system-path.nix; - tests.system-shells = makeTest ./tests/system-shells.nix; - tests.users-groups = makeTest ./tests/users-groups.nix; - tests.users-packages = makeTest ./tests/users-packages.nix; - tests.fonts = makeTest ./tests/fonts.nix; - - } - // (mapTestOn (packagePlatforms packageSet)); - -in - jobs +in { + manualHTML = manual.manualHTML; + manpages = manual.manpages; + options = manual.optionsJSON; + + examples.hydra = makeSystem ./modules/examples/hydra.nix; + examples.lnl = makeSystem ./modules/examples/lnl.nix; + examples.simple = makeSystem ./modules/examples/simple.nix; + + tests.activation-scripts = makeTest ./tests/activation-scripts.nix; + tests.autossh = makeTest ./tests/autossh.nix; + tests.checks-nix-gc = makeTest ./tests/checks-nix-gc.nix; + tests.environment-path = makeTest ./tests/environment-path.nix; + tests.environment-terminfo = makeTest ./tests/environment-terminfo.nix; + tests.homebrew = makeTest ./tests/homebrew.nix; + tests.launchd-daemons = makeTest ./tests/launchd-daemons.nix; + tests.launchd-setenv = makeTest ./tests/launchd-setenv.nix; + tests.networking-hostname = makeTest ./tests/networking-hostname.nix; + tests.networking-networkservices = makeTest ./tests/networking-networkservices.nix; + tests.nixpkgs-overlays = makeTest ./tests/nixpkgs-overlays.nix; + tests.programs-ssh = makeTest ./tests/programs-ssh.nix; + tests.programs-tmux = makeTest ./tests/programs-tmux.nix; + tests.programs-zsh = makeTest ./tests/programs-zsh.nix; + tests.programs-ssh-empty-known-hosts = makeTest ./tests/programs-ssh-empty-known-hosts.nix; + tests.security-pki = makeTest ./tests/security-pki.nix; + tests.services-activate-system = makeTest ./tests/services-activate-system.nix; + tests.services-activate-system-changed-label-prefix = makeTest ./tests/services-activate-system-changed-label-prefix.nix; + tests.services-buildkite-agent = makeTest ./tests/services-buildkite-agent.nix; + tests.services-github-runners = makeTest ./tests/services-github-runners.nix; + tests.services-lorri = makeTest ./tests/services-lorri.nix; + tests.services-nix-daemon = makeTest ./tests/services-nix-daemon.nix; + tests.sockets-nix-daemon = makeTest ./tests/sockets-nix-daemon.nix; + tests.services-aerospace = makeTest ./tests/services-aerospace.nix; + tests.services-dnsmasq = makeTest ./tests/services-dnsmasq.nix; + tests.services-eternal-terminal = makeTest ./tests/services-eternal-terminal.nix; + tests.services-nix-gc = makeTest ./tests/services-nix-gc.nix; + tests.services-nix-optimise = makeTest ./tests/services-nix-optimise.nix; + tests.services-nextdns = makeTest ./tests/services-nextdns.nix; + tests.services-netdata = makeTest ./tests/services-netdata.nix; + tests.services-ofborg = makeTest ./tests/services-ofborg.nix; + tests.services-offlineimap = makeTest ./tests/services-offlineimap.nix; + tests.services-privoxy = makeTest ./tests/services-privoxy.nix; + tests.services-redis = makeTest ./tests/services-redis.nix; + tests.services-skhd = makeTest ./tests/services-skhd.nix; + tests.services-spacebar = makeTest ./tests/services-spacebar.nix; + tests.services-spotifyd = makeTest ./tests/services-spotifyd.nix; + tests.services-synapse-bt = makeTest ./tests/services-synapse-bt.nix; + tests.services-synergy = makeTest ./tests/services-synergy.nix; + tests.services-yabai = makeTest ./tests/services-yabai.nix; + tests.services-jankyborders = makeTest ./tests/services-jankyborders.nix; + tests.system-defaults-write = makeTest ./tests/system-defaults-write.nix; + tests.system-environment = makeTest ./tests/system-environment.nix; + tests.system-keyboard-mapping = makeTest ./tests/system-keyboard-mapping.nix; + tests.system-packages = makeTest ./tests/system-packages.nix; + tests.system-path = makeTest ./tests/system-path.nix; + tests.system-shells = makeTest ./tests/system-shells.nix; + tests.users-groups = makeTest ./tests/users-groups.nix; + tests.users-packages = makeTest ./tests/users-packages.nix; + tests.fonts = makeTest ./tests/fonts.nix; +} From c904f6cdcb02c85181cf478496b0b9a78308133a Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sun, 3 Nov 2024 21:43:36 +1100 Subject: [PATCH 04/13] release: rename `release` to `release-lib` to match NixOS https://github.com/NixOS/nixpkgs/blob/2d2a9ddbe3f2c00747398f3dc9b05f7f2ebb0f53/pkgs/top-level/release.nix#L56-L58 --- release.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/release.nix b/release.nix index b432a29de..c4d4c583d 100644 --- a/release.nix +++ b/release.nix @@ -5,7 +5,12 @@ }: let - inherit (release) pkgs; + release-lib = import (nixpkgs + "/pkgs/top-level/release-lib.nix") { + inherit supportedSystems scrubJobs system; + packageSet = import nixpkgs; + }; + + inherit (release-lib) pkgs; buildFromConfig = configuration: sel: sel (import ./. { inherit nixpkgs configuration system; }).config; @@ -58,11 +63,6 @@ let in buildFromConfig configuration (config: config.system.build.run-test); - release = import (nixpkgs + "/pkgs/top-level/release-lib.nix") { - inherit supportedSystems scrubJobs; - packageSet = import nixpkgs; - }; - manual = buildFromConfig ({ lib, config, ... }: { system.stateVersion = lib.mkDefault config.system.maxStateVersion; }) (config: config.system.build.manual); From 56ac6182d3fcb449db620fac0658eedd56aa1597 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 4 Nov 2024 13:38:11 +1100 Subject: [PATCH 05/13] release: remove unnecessary use of `release-lib` --- release.nix | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/release.nix b/release.nix index c4d4c583d..cba421014 100644 --- a/release.nix +++ b/release.nix @@ -5,19 +5,10 @@ }: let - release-lib = import (nixpkgs + "/pkgs/top-level/release-lib.nix") { - inherit supportedSystems scrubJobs system; - packageSet = import nixpkgs; - }; - - inherit (release-lib) pkgs; - buildFromConfig = configuration: sel: sel (import ./. { inherit nixpkgs configuration system; }).config; - makeSystem = configuration: pkgs.lib.genAttrs [ system ] (system: - buildFromConfig configuration (config: config.system.build.toplevel) - ); + makeSystem = configuration: buildFromConfig configuration (config: config.system.build.toplevel); makeTest = test: let From dd48cbd7766baba246f0b2e2bd42baf67e0005d6 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 4 Nov 2024 13:40:00 +1100 Subject: [PATCH 06/13] examples: fix evaluation --- modules/examples/hydra.nix | 2 ++ modules/examples/lnl.nix | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/examples/hydra.nix b/modules/examples/hydra.nix index 316049853..edbb0299f 100644 --- a/modules/examples/hydra.nix +++ b/modules/examples/hydra.nix @@ -53,4 +53,6 @@ in chown hydra:hydra ~hydra ~hydra/.ssh ~hydra/.ssh/authorized_keys echo "ok" ''; + + system.stateVersion = 5; } diff --git a/modules/examples/lnl.nix b/modules/examples/lnl.nix index d944158aa..f264e1ac3 100644 --- a/modules/examples/lnl.nix +++ b/modules/examples/lnl.nix @@ -50,13 +50,11 @@ pkgs.gnupg pkgs.htop pkgs.jq - pkgs.mosh pkgs.ripgrep pkgs.shellcheck pkgs.vault pkgs.qes - pkgs.darwin-zsh-completions ]; services.yabai.enable = true; @@ -331,4 +329,6 @@ nix.configureBuildUsers = true; nix.nrBuildUsers = 32; + + system.stateVersion = 5; } From 569153467be5f438e4f932a09bfba79adcecf856 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 4 Nov 2024 14:00:05 +1100 Subject: [PATCH 07/13] ofborg: automatically add `ofborg` to `known{Users,Groups}` --- modules/examples/ofborg.nix | 5 ----- modules/services/ofborg/default.nix | 10 ++++------ 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/modules/examples/ofborg.nix b/modules/examples/ofborg.nix index 6cef6e793..ed928b737 100644 --- a/modules/examples/ofborg.nix +++ b/modules/examples/ofborg.nix @@ -18,11 +18,6 @@ with lib; nix.gc.automatic = true; nix.gc.options = "--max-freed $((25 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | awk '{ print $4 }')))"; - # Manage user for ofborg, this enables creating/deleting users - # depending on what modules are enabled. - users.knownGroups = [ "ofborg" ]; - users.knownUsers = [ "ofborg" ]; - # Used for backwards compatibility, please read the changelog before changing. # $ darwin-rebuild changelog system.stateVersion = 5; diff --git a/modules/services/ofborg/default.nix b/modules/services/ofborg/default.nix index 4c356158a..8959cc846 100644 --- a/modules/services/ofborg/default.nix +++ b/modules/services/ofborg/default.nix @@ -46,12 +46,6 @@ in }; config = mkIf cfg.enable { - - assertions = [ - { assertion = elem "ofborg" config.users.knownGroups; message = "set users.knownGroups to enable ofborg group"; } - { assertion = elem "ofborg" config.users.knownUsers; message = "set users.knownUsers to enable ofborg user"; } - ]; - warnings = mkIf (isDerivation cfg.configFile) [ "services.ofborg.configFile is a derivation, credentials will be world readable" ]; @@ -87,9 +81,13 @@ in users.users.ofborg.shell = "/bin/bash"; users.users.ofborg.description = "OfBorg service user"; + users.knownUsers = [ "ofborg" ]; + users.groups.ofborg.gid = mkDefault 531; users.groups.ofborg.description = "Nix group for OfBorg service"; + users.knownGroups = [ "ofborg" ]; + # FIXME: create logfiles automatically if defined. system.activationScripts.preActivation.text = '' mkdir -p '${user.home}' From c13549d7a632fc107bc8802463806fc2002c9c54 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 4 Nov 2024 13:40:00 +1100 Subject: [PATCH 08/13] examples: drop `ofborg` example We decided to drop this example as the package is not available in Nixpkgs and we won't be able to import it easily and keep this example evaluating as a useful smoke test. The code in this example is already documented under `services.ofborg.*` so any interested users can still find out how to set up `ofborg`. --- flake.nix | 1 - modules/examples/ofborg.nix | 24 ------------------------ 2 files changed, 25 deletions(-) delete mode 100644 modules/examples/ofborg.nix diff --git a/flake.nix b/flake.nix index 59db4ffb4..8d50f9522 100644 --- a/flake.nix +++ b/flake.nix @@ -48,7 +48,6 @@ darwinModules.hydra = ./modules/examples/hydra.nix; darwinModules.lnl = ./modules/examples/lnl.nix; - darwinModules.ofborg = ./modules/examples/ofborg.nix; darwinModules.simple = ./modules/examples/simple.nix; templates.default = { diff --git a/modules/examples/ofborg.nix b/modules/examples/ofborg.nix deleted file mode 100644 index ed928b737..000000000 --- a/modules/examples/ofborg.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -{ - # Logs are enabled by default. - # $ tail -f /var/log/ofborg.log - services.ofborg.enable = true; - # services.ofborg.configFile = "/var/lib/ofborg/config.json"; - - # $ nix-channel --add https://github.com/NixOS/ofborg/archive/released.tar.gz ofborg - # $ nix-channel --update - services.ofborg.package = (import {}).ofborg.rs; - - # Keep nix-daemon updated. - services.nix-daemon.enable = true; - - nix.gc.automatic = true; - nix.gc.options = "--max-freed $((25 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | awk '{ print $4 }')))"; - - # Used for backwards compatibility, please read the changelog before changing. - # $ darwin-rebuild changelog - system.stateVersion = 5; -} From 68637ee7dbdb194755697930c36272ad115af4a6 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Sun, 3 Nov 2024 21:52:58 +1100 Subject: [PATCH 09/13] flake: expose `jobs` from `release.nix` as a flattened attrset --- .github/workflows/test.yml | 8 ++++---- .github/workflows/update-manual.yml | 2 +- flake.nix | 23 +++++++---------------- release.nix | 6 +++--- 4 files changed, 15 insertions(+), 24 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index bb247e948..709edd35f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -19,8 +19,8 @@ jobs: with: install_url: https://releases.nixos.org/nix/nix-2.18.8/install - run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A tests - - run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A manpages - - run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A examples.simple + - run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A docs + - run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A examples test-unstable: runs-on: macos-13 @@ -32,8 +32,8 @@ jobs: with: install_url: https://releases.nixos.org/nix/nix-2.24.9/install - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A tests - - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A manpages - - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A examples.simple + - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A docs + - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A examples install-against-stable: runs-on: macos-13 diff --git a/.github/workflows/update-manual.yml b/.github/workflows/update-manual.yml index 36e2fd88d..19638a216 100644 --- a/.github/workflows/update-manual.yml +++ b/.github/workflows/update-manual.yml @@ -21,7 +21,7 @@ jobs: - name: Build manual run: | - nix-build ./release.nix -I nixpkgs=channel:nixpkgs-24.05-darwin -I darwin=. -A manualHTML + nix build .#manualHTML --override-input nixpkgs nixpkgs/nixpkgs-24.05-darwin - name: Push update to manual run: | diff --git a/flake.nix b/flake.nix index 8d50f9522..48dc31213 100644 --- a/flake.nix +++ b/flake.nix @@ -1,9 +1,12 @@ { - # WARNING this is very much still experimental. description = "A collection of darwin modules"; outputs = { self, nixpkgs }: let forAllSystems = nixpkgs.lib.genAttrs [ "aarch64-darwin" "x86_64-darwin" ]; + + jobs = forAllSystems (system: import ./release.nix { + inherit nixpkgs system; + }); in { lib = { evalConfig = import ./eval-config.nix; @@ -55,21 +58,7 @@ description = "nix flake init -t nix-darwin"; }; - checks = forAllSystems (system: let - simple = self.lib.darwinSystem { - modules = [ - self.darwinModules.simple - { nixpkgs.hostPlatform = system; } - ]; - }; - in { - simple = simple.system; - - inherit (simple.config.system.build.manual) - optionsJSON - manualHTML - manpages; - }); + checks = forAllSystems (system: jobs.${system}.tests // jobs.${system}.examples); packages = forAllSystems (system: let pkgs = import nixpkgs { @@ -80,6 +69,8 @@ default = self.packages.${system}.darwin-rebuild; inherit (pkgs) darwin-option darwin-rebuild darwin-version darwin-uninstaller; + + inherit (jobs.${system}.docs) manualHTML manpages optionsJSON; }); }; } diff --git a/release.nix b/release.nix index cba421014..18fb239dd 100644 --- a/release.nix +++ b/release.nix @@ -59,9 +59,9 @@ let }) (config: config.system.build.manual); in { - manualHTML = manual.manualHTML; - manpages = manual.manpages; - options = manual.optionsJSON; + docs = { + inherit (manual) manualHTML manpages optionsJSON; + }; examples.hydra = makeSystem ./modules/examples/hydra.nix; examples.lnl = makeSystem ./modules/examples/lnl.nix; From e0f243d17e5c6281b2541c79b52be0270be9a360 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 4 Nov 2024 08:42:12 +1100 Subject: [PATCH 10/13] ci: run nix flake check --- .github/workflows/test.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 709edd35f..176d56fdf 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -18,9 +18,7 @@ jobs: uses: cachix/install-nix-action@v30 with: install_url: https://releases.nixos.org/nix/nix-2.18.8/install - - run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A tests - - run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A docs - - run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A examples + - run: nix flake check --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }} test-unstable: runs-on: macos-13 @@ -31,9 +29,7 @@ jobs: uses: cachix/install-nix-action@v30 with: install_url: https://releases.nixos.org/nix/nix-2.24.9/install - - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A tests - - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A docs - - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A examples + - run: nix flake check --override-input nixpkgs nixpkgs/nixpkgs-unstable install-against-stable: runs-on: macos-13 From 37b591bd8b3ca9641a8aff165f30927755b5dc20 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 4 Nov 2024 11:53:47 +1100 Subject: [PATCH 11/13] ci: remove unused workflows --- .github/workflows/build.yml | 18 ------------------ .github/workflows/debug.yml | 23 ----------------------- 2 files changed, 41 deletions(-) delete mode 100644 .github/workflows/build.yml delete mode 100644 .github/workflows/debug.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 1cb24265b..000000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,18 +0,0 @@ -name: "Build" -on: - # curl -fsSL -XPOST \ - # -H "Accept: application/vnd.github.everest-preview+json" \ - # -H "Authorization: token $GITHUB_TOKEN" \ - # --data '{"event_type": "build", "client_payload": {"args": "-f channel:nixpkgs-unstable hello"}}' \ - # https://api.github.com/repos/LnL7/nix-darwin/dispatches - repository_dispatch: - types: - - build -jobs: - build: - runs-on: macos-12 - steps: - - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v22 - - run: | - nix build ${{ github.event.client_payload.args }} -vL diff --git a/.github/workflows/debug.yml b/.github/workflows/debug.yml deleted file mode 100644 index 7535f7134..000000000 --- a/.github/workflows/debug.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: "Debug" -on: - # curl -fsSL -XPOST \ - # -H "Accept: application/vnd.github.everest-preview+json" \ - # -H "Authorization: token $GITHUB_TOKEN" \ - # --data '{"event_type": "debug"}' \ - # https://api.github.com/repos/LnL7/nix-darwin/dispatches - repository_dispatch: - types: - - debug -jobs: - debug: - runs-on: macos-12 - steps: - - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v22 - - run: | - nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs - nix-channel --update - - run: | - nix-shell -A installer - nix-shell -A installer.check - - uses: mxschmitt/action-tmate@v3 From 223a920ab457160a245a588f4191f2b6782b3957 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 4 Nov 2024 14:37:59 +1100 Subject: [PATCH 12/13] ci: upgrade `actions/checkout` --- .github/workflows/test.yml | 12 ++++++------ .github/workflows/update-manual.yml | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 176d56fdf..ce176ebed 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,7 +13,7 @@ jobs: runs-on: macos-13 timeout-minutes: 30 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install nix corresponding to latest stable channel uses: cachix/install-nix-action@v30 with: @@ -24,7 +24,7 @@ jobs: runs-on: macos-13 timeout-minutes: 30 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install nix from current unstable channel uses: cachix/install-nix-action@v30 with: @@ -35,7 +35,7 @@ jobs: runs-on: macos-13 timeout-minutes: 30 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install nix corresponding to latest stable channel uses: cachix/install-nix-action@v30 with: @@ -80,7 +80,7 @@ jobs: runs-on: macos-13 timeout-minutes: 30 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install nix from current unstable channel uses: cachix/install-nix-action@v30 with: @@ -125,7 +125,7 @@ jobs: runs-on: macos-13 timeout-minutes: 30 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install nix version corresponding to latest stable channel uses: cachix/install-nix-action@v30 with: @@ -154,7 +154,7 @@ jobs: runs-on: macos-13 timeout-minutes: 30 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install nix from current unstable channel uses: cachix/install-nix-action@v30 with: diff --git a/.github/workflows/update-manual.yml b/.github/workflows/update-manual.yml index 19638a216..a2f938229 100644 --- a/.github/workflows/update-manual.yml +++ b/.github/workflows/update-manual.yml @@ -11,7 +11,7 @@ jobs: runs-on: macos-13 steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: # So that we fetch all branches, since we need to checkout the `gh-pages` branch later. fetch-depth: 0 From 2af06b086283be3ab3824a86f35f6301c95b372b Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 4 Nov 2024 22:02:31 +1100 Subject: [PATCH 13/13] examples: clean up --- modules/examples/hydra.nix | 15 +++------------ modules/examples/lnl.nix | 9 +-------- 2 files changed, 4 insertions(+), 20 deletions(-) diff --git a/modules/examples/hydra.nix b/modules/examples/hydra.nix index edbb0299f..eb1c5d9b0 100644 --- a/modules/examples/hydra.nix +++ b/modules/examples/hydra.nix @@ -1,25 +1,16 @@ { config, lib, pkgs, ... }: -with lib; - let - environment = concatStringsSep " " + environment = lib.concatStringsSep " " [ "NIX_REMOTE=daemon" "NIX_SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]; in { - # Create /etc/bashrc that loads the nix-darwin environment. - programs.bash.enable = true; - programs.bash.completion.enable = false; - - # Recreate /run/current-system symlink after boot. - services.activate-system.enable = true; - services.nix-daemon.enable = true; - nix.settings.substituters = [ http://cache1 ]; + nix.settings.substituters = [ "http://cache1" ]; nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ]; nix.settings.trusted-users = [ "@admin" "@hydra" ]; @@ -31,7 +22,7 @@ in nix.gc.automatic = true; nix.gc.options = "--max-freed $((25 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | awk '{ print $4 }')))"; - environment.etc."per-user/hydra/ssh/authorized_keys".text = concatStringsSep "\n" + environment.etc."per-user/hydra/ssh/authorized_keys".text = lib.concatStringsSep "\n" [ "command=\"${environment} ${config.nix.package}/bin/nix-store --serve --write\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCVsc0pHGsskoayziMhA2e59bHPWe0bbKgusmqhuJFBGQ1BAk9UmPzKCWE3nCiV6CLD1+SygVkBjb06DYtc+94BnzviCa9qZtL0G4+2vhp6x8OvXh8xlf/eWw3k5MWlvu+kjJFpbW8wHWTiUqzH+uEeHklAosT0lFNjiIYd/Vs3JAezhUR62a6c7ZjWOd5F7ALGEKzOiwC4i37kSgGsIWNCbe0Ku7gyr718zhMGeyxax6saHhnkSpIB+7d6oHhKeiJSFMWctNmz1/qxXUPbxNaJvqgdKlVHhN+B7x/TIbkVr5pTC59Okx9LTcpflFIv79VT+Gf1K7VypZpSvJjG0xFRt8iDs1+ssWFBfvpo94vUbZ+ZwMDcBGR5iJeO41Gj5fYn5aaDl32RXfJ9Fkwael1L6pcXtkIc66jk+KQQpgoeNj8Y3Emntpqva/2AM41wDDvr5tKp5KhEKFLM95CoiWq+g88pZLcpqLK7wooDVqNkVUEbMaj9lBN0AzU9mcsIRGvTa6CmWAdBvwqS2fRZD97Oarqct9AWgb0X6mOUq9BJNi4i4xvjgnVkylLwtLUnibR/PeXMtkb9bv6BEZXNf5ACqxSjKXJyaIHI65I5TILCr5eEgaujgvmkREn6U3T1NZAUIeVe9aVYLqehYh79OHUBzggoHqidRrXBB/6zdg9UgQ==" "command=\"${environment} ${config.nix.package}/bin/nix-store --serve --write\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCnubA1pRqlpoAXkZ1q5nwhqi1RY2z840wFLFDj7vAMSups9E2U8PNIVtuVYApZpkBWIpzD4GGbQTF5Itnu5uBpJswc2Yat9yGWO/guuVyXIaRoBIM0Pg1WBWcWsz+k4rNludu9UQ74FHqEiqZIuIuOcgV+RIZn8xQlGt2kUqN9TWboHhZz8Zhx7EtGSJH6MJRLn3mA/pPjOF6k1jiiFG1pVDuqBTZPANkelWYCWAJ46jCyhxXltWE/jkBYGc/XbB8yT7DFE1XC6TVsSEp68R9PhVG3yqxqY06sniEyduSoGt/TDr6ycERd93bvLElXFATes85YiFszeaUgayYSKwQPe0q7YeHMhIXL0UYJYaKVVgT9saFDiHDzde7kKe+NA+J4+TbIk7Y/Ywn0jepsYV13M7TyEqgqbu9fvVGF3JI9+4g0m1gAzHTa7n6iiAedtz+Pi79uCEpRD2hWSSoLWroyPlep8j1p2tygtFsrieePEukesoToCTwqg1Ejnjh+yKdtUbc6xpyRvl3hKeO8QbCpfaaVd27e4vE4lP2JMW6nOo8b0wlVXQIFe5K2zh52q1MSwhLAq6Kg8oPmgj0lru4IivmPc+/NVwd3Qj3E9ZB8LRfTesfbcxHrC8lF5dL/QpLMeLwebrwCxL19gI0kxmDIaUQuHSyP3B2z+EmBKcN/Xw==" ]; diff --git a/modules/examples/lnl.nix b/modules/examples/lnl.nix index f264e1ac3..dccae077a 100644 --- a/modules/examples/lnl.nix +++ b/modules/examples/lnl.nix @@ -1,10 +1,6 @@ { config, lib, inputs, pkgs, ... }: { - # imports = [ ~/.config/nixpkgs/darwin/local-configuration.nix ]; - - # system.patches = [ ./pam.patch ]; - system.defaults.NSGlobalDomain.AppleKeyboardUIMode = 3; system.defaults.NSGlobalDomain.ApplePressAndHoldEnabled = false; system.defaults.NSGlobalDomain.InitialKeyRepeat = 10; @@ -52,7 +48,6 @@ pkgs.jq pkgs.ripgrep pkgs.shellcheck - pkgs.vault pkgs.qes ]; @@ -94,7 +89,7 @@ ''; nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ]; - nix.settings.trusted-substituters = [ https://d3i7ezr9vxxsfy.cloudfront.net ]; + nix.settings.trusted-substituters = [ "https://d3i7ezr9vxxsfy.cloudfront.net" ]; nix.settings.sandbox = true; nix.settings.extra-sandbox-paths = [ "/private/tmp" "/private/var/tmp" "/usr/bin/env" ]; @@ -300,8 +295,6 @@ fi ''; - # environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix"; - nixpkgs.config.allowUnfree = true; nixpkgs.overlays = [