summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSeth Flynn <[email protected]>2025-01-29 15:32:09 -0500
committerSeth Flynn <[email protected]>2025-01-30 05:13:44 -0500
commit90827099fcabc17e3bb4137ab1d843ce108cd686 (patch)
tree678778aa7a417c913127bd81f7913421fc111860
parent191568c62559e8d9d9fe949a6942d0693d53affc (diff)
nixos+darwin/determinate: init
Diffstat
-rw-r--r--flake.lock64
-rw-r--r--flake.nix8
-rw-r--r--modules/darwin/traits/default.nix1
-rw-r--r--modules/darwin/traits/determinate.nix119
-rw-r--r--modules/nixos/traits/default.nix1
-rw-r--r--modules/nixos/traits/determinate.nix63
-rw-r--r--modules/shared/traits/default.nix1
-rw-r--r--modules/shared/traits/determinate.nix51
8 files changed, 308 insertions, 0 deletions
diff --git a/flake.lock b/flake.lock
index 194207f..a4c7545 100644
--- a/flake.lock
+++ b/flake.lock
@@ -84,6 +84,69 @@
"type": "github"
}
},
+ "determinate": {
+ "inputs": {
+ "determinate-nixd-aarch64-darwin": "determinate-nixd-aarch64-darwin",
+ "determinate-nixd-aarch64-linux": "determinate-nixd-aarch64-linux",
+ "determinate-nixd-x86_64-darwin": [
+ "determinate",
+ "determinate-nixd-aarch64-darwin"
+ ],
+ "determinate-nixd-x86_64-linux": "determinate-nixd-x86_64-linux",
+ "nix": [],
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1737479102,
+ "narHash": "sha256-KTANKYmX1/9Smm7SpBwSkUVHNZAopIB/pc9Dx/da98c=",
+ "rev": "352f03a1c13589195ba3f435a5cc6b093cdf4812",
+ "revCount": 176,
+ "type": "tarball",
+ "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/0.1.176%2Brev-352f03a1c13589195ba3f435a5cc6b093cdf4812/019489d6-2962-7611-a5ec-762a7ced541f/source.tar.gz"
+ },
+ "original": {
+ "type": "tarball",
+ "url": "https://flakehub.com/f/DeterminateSystems/determinate/0.1"
+ }
+ },
+ "determinate-nixd-aarch64-darwin": {
+ "flake": false,
+ "locked": {
+ "narHash": "sha256-yLy38fgeC+orxYylwUwLUuRUdgi9WLEflLX9j9NDIUI=",
+ "type": "file",
+ "url": "https://install.determinate.systems/determinate-nixd/tag/v0.3.0/macOS"
+ },
+ "original": {
+ "type": "file",
+ "url": "https://install.determinate.systems/determinate-nixd/tag/v0.3.0/macOS"
+ }
+ },
+ "determinate-nixd-aarch64-linux": {
+ "flake": false,
+ "locked": {
+ "narHash": "sha256-9/HjI0v/ZLoTqOy+5+viIQh8iGjf49qMLRVthVZ3V9U=",
+ "type": "file",
+ "url": "https://install.determinate.systems/determinate-nixd/tag/v0.3.0/aarch64-linux"
+ },
+ "original": {
+ "type": "file",
+ "url": "https://install.determinate.systems/determinate-nixd/tag/v0.3.0/aarch64-linux"
+ }
+ },
+ "determinate-nixd-x86_64-linux": {
+ "flake": false,
+ "locked": {
+ "narHash": "sha256-cyvqGm+WT5l3N40wSO6FSJTm7Lxm9w1owpXjAYtGAm4=",
+ "type": "file",
+ "url": "https://install.determinate.systems/determinate-nixd/tag/v0.3.0/x86_64-linux"
+ },
+ "original": {
+ "type": "file",
+ "url": "https://install.determinate.systems/determinate-nixd/tag/v0.3.0/x86_64-linux"
+ }
+ },
"firefox-addons": {
"inputs": {
"flake-utils": "flake-utils",
@@ -435,6 +498,7 @@
"agenix": "agenix",
"arkenfox": "arkenfox",
"catppuccin": "catppuccin",
+ "determinate": "determinate",
"firefox-addons": "firefox-addons",
"flake-parts": "flake-parts",
"getchpkgs": "getchpkgs",
diff --git a/flake.nix b/flake.nix
index 82eac05..7d5afb0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -78,6 +78,14 @@
};
};
+ determinate = {
+ url = "https://flakehub.com/f/DeterminateSystems/determinate/0.1";
+ inputs = {
+ nixpkgs.follows = "nixpkgs";
+ nix.follows = "";
+ };
+ };
+
firefox-addons = {
url = "sourcehut:~rycee/nur-expressions?dir=pkgs/firefox-addons";
inputs = {
diff --git a/modules/darwin/traits/default.nix b/modules/darwin/traits/default.nix
index 3664eb7..2bc544a 100644
--- a/modules/darwin/traits/default.nix
+++ b/modules/darwin/traits/default.nix
@@ -1,5 +1,6 @@
{
imports = [
+ ./determinate.nix
./home-manager.nix
./users
];
diff --git a/modules/darwin/traits/determinate.nix b/modules/darwin/traits/determinate.nix
new file mode 100644
index 0000000..9d6367a
--- /dev/null
+++ b/modules/darwin/traits/determinate.nix
@@ -0,0 +1,119 @@
+{
+ config,
+ lib,
+ inputs',
+ ...
+}:
+
+let
+ cfg = config.traits.determinate;
+
+ package = inputs'.determinate.packages.default;
+in
+
+{
+ config = lib.mkIf cfg.enable (
+ lib.mkMerge [
+ (lib.mkIf cfg.determinate-nixd.enable {
+ assertions = [
+ {
+ assertion = config.nix.daemon;
+ message = "`nix.daemon` must be `true` when using `traits.determinate`";
+ }
+
+ {
+ assertion = !config.services.nix-daemon.enable;
+ message = "`services.nix-daemon` and `traits.determinate` conflict";
+ }
+ ];
+
+ launchd.daemons = {
+ determinate-nixd-store.serviceConfig = {
+ Label = "systems.determinate.nix-store";
+ RunAtLoad = true;
+
+ StandardErrorPath = lib.mkForce "/var/log/determinate-nix-init.log";
+ StandardOutPath = lib.mkForce "/var/log/determinate-nix-init.log";
+
+ ProgramArguments = lib.mkForce [
+ "/usr/local/bin/determinate-nixd"
+ "--nix-bin"
+ "${config.nix.package}/bin"
+ "init"
+ ];
+ };
+
+ determinate-nixd.serviceConfig = {
+ Label = "systems.determinate.nix-daemon";
+
+ StandardErrorPath = lib.mkForce "/var/log/determinate-nix-daemon.log";
+ StandardOutPath = lib.mkForce "/var/log/determinate-nix-daemon.log";
+
+ ProgramArguments = lib.mkForce [
+ "/usr/local/bin/determinate-nixd"
+ "--nix-bin"
+ "${config.nix.package}/bin"
+ "daemon"
+ ];
+
+ Sockets = {
+ "determinate-nixd.socket" = {
+ # We'd set `SockFamily = "Unix";`, but nix-darwin automatically sets it with SockPathName
+ SockPassive = true;
+ SockPathName = "/var/run/determinate-nixd.socket";
+ };
+
+ "nix-daemon.socket" = {
+ # We'd set `SockFamily = "Unix";`, but nix-darwin automatically sets it with SockPathName
+ SockPassive = true;
+ SockPathName = "/var/run/nix-daemon.socket";
+ };
+ };
+
+ SoftResourceLimits = {
+ NumberOfFiles = lib.mkDefault 1048576;
+ NumberOfProcesses = lib.mkDefault 1048576;
+ Stack = lib.mkDefault 67108864;
+ };
+
+ HardResourceLimits = {
+ NumberOfFiles = lib.mkDefault 1048576;
+ NumberOfProcesses = lib.mkDefault 1048576;
+ Stack = lib.mkDefault 67108864;
+ };
+ };
+ };
+
+ nix.useDaemon = true;
+
+ services.nix-daemon.enable = false;
+
+ system.activationScripts = {
+ launchd.text = lib.mkBefore ''
+ if test -e /Library/LaunchDaemons/org.nixos.nix-daemon.plist; then
+ echo "Unloading org.nixos.nix-daemon"
+ launchctl bootout system /Library/LaunchDaemons/org.nixos.nix-daemon.plist || true
+ mv /Library/LaunchDaemons/org.nixos.nix-daemon.plist /Library/LaunchDaemons/.before-determinate-nixd.org.nixos.nix-daemon.plist.skip
+ fi
+
+ if test -e /Library/LaunchDaemons/org.nixos.darwin-store.plist; then
+ echo "Unloading org.nixos.darwin-store"
+ launchctl bootout system /Library/LaunchDaemons/org.nixos.darwin-store.plist || true
+ mv /Library/LaunchDaemons/org.nixos.darwin-store.plist /Library/LaunchDaemons/.before-determinate-nixd.org.nixos.darwin-store.plist.skip
+ fi
+
+ install -d -m 755 -o root -g wheel /usr/local/bin
+ cp ${lib.getExe package "determinate-nixd"} /usr/local/bin/.determinate-nixd.next
+ chmod +x /usr/local/bin/.determinate-nixd.next
+ mv /usr/local/bin/.determinate-nixd.next /usr/local/bin/determinate-nixd
+ '';
+
+ nix-daemon = lib.mkForce {
+ enable = false;
+ text = "";
+ };
+ };
+ })
+ ]
+ );
+}
diff --git a/modules/nixos/traits/default.nix b/modules/nixos/traits/default.nix
index a7357ee..e8117ab 100644
--- a/modules/nixos/traits/default.nix
+++ b/modules/nixos/traits/default.nix
@@ -3,6 +3,7 @@
./arm-builder.nix
./auto-upgrade.nix
./containers.nix
+ ./determinate.nix
./home-manager.nix
./locale.nix
./mac-builder.nix
diff --git a/modules/nixos/traits/determinate.nix b/modules/nixos/traits/determinate.nix
new file mode 100644
index 0000000..459b128
--- /dev/null
+++ b/modules/nixos/traits/determinate.nix
@@ -0,0 +1,63 @@
+{
+ config,
+ lib,
+ inputs',
+ ...
+}:
+
+let
+ cfg = config.traits.determinate;
+
+ package = inputs'.determinate.packages.default;
+in
+
+{
+ config = lib.mkIf cfg.enable (
+ lib.mkMerge [
+ (lib.mkIf cfg.determinate-nixd.enable {
+ environment.systemPackages = [
+ package
+ ];
+
+ systemd = {
+ services.nix-daemon.serviceConfig = {
+ ExecStart = [
+ ""
+ "@${lib.getExe' package "determinate-nixd"} determinate-nixd --nix-bin ${config.nix.package}/bin daemon"
+ ];
+ KillMode = lib.mkDefault "process";
+ LimitNOFILE = lib.mkDefault 1048576;
+ LimitSTACK = lib.mkDefault "64M";
+ TasksMax = lib.mkDefault 1048576;
+ };
+
+ sockets = {
+ determinate-nixd = {
+ description = "Determinate Nixd Daemon Socket";
+ wantedBy = [ "sockets.target" ];
+ before = [ "multi-user.target" ];
+
+ unitConfig = {
+ RequiresMountsFor = [
+ "/nix/store"
+ "/nix/var/determinate"
+ ];
+ };
+
+ socketConfig = {
+ Service = "nix-daemon.service";
+ FileDescriptorName = "determinate-nixd.socket";
+ ListenStream = "/nix/var/determinate/determinate-nixd.socket";
+ DirectoryMode = "0755";
+ };
+ };
+
+ nix-daemon.socketConfig = {
+ FileDescriptorName = "nix-daemon.socket";
+ };
+ };
+ };
+ })
+ ]
+ );
+}
diff --git a/modules/shared/traits/default.nix b/modules/shared/traits/default.nix
index ad1ecb0..9da1352 100644
--- a/modules/shared/traits/default.nix
+++ b/modules/shared/traits/default.nix
@@ -1,5 +1,6 @@
{
imports = [
+ ./determinate.nix
./home-manager.nix
./locale.nix
./users
diff --git a/modules/shared/traits/determinate.nix b/modules/shared/traits/determinate.nix
new file mode 100644
index 0000000..fc96fe1
--- /dev/null
+++ b/modules/shared/traits/determinate.nix
@@ -0,0 +1,51 @@
+{
+ config,
+ lib,
+ pkgs,
+ inputs,
+ ...
+}:
+
+let
+ cfg = config.traits.determinate;
+
+ nixPackage = inputs.determinate.inputs.nix.packages.${pkgs.stdenv.hostPlatform.system}.default;
+in
+
+{
+ options.traits.determinate = {
+ enable = lib.mkEnableOption "Determinate with a bit less Determinate";
+
+ determinate-nix.enable = lib.mkEnableOption "Determinate Nix";
+ determinate-nixd.enable = lib.mkEnableOption "determinate-nixd" // {
+ default = true;
+ };
+ flakehub-cache.enable = lib.mkEnableOption "the FlakeHub cache" // {
+ default = true;
+ };
+ };
+
+ config = lib.mkIf cfg.enable (
+ lib.mkMerge [
+ (lib.mkIf cfg.determinate-nix.enable {
+ nix.package = lib.mkDefault nixPackage;
+ })
+
+ (lib.mkIf cfg.flakehub-cache.enable {
+ nix.settings = {
+ extra-trusted-substituters = [ "https://cache.flakehub.com" ];
+ extra-trusted-public-keys = [
+ "cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM="
+ "cache.flakehub.com-4:Asi8qIv291s0aYLyH6IOnr5Kf6+OF14WVjkE6t3xMio="
+ "cache.flakehub.com-5:zB96CRlL7tiPtzA9/WKyPkp3A2vqxqgdgyTVNGShPDU="
+ "cache.flakehub.com-6:W4EGFwAGgBj3he7c5fNh9NkOXw0PUVaxygCVKeuvaqU="
+ "cache.flakehub.com-7:mvxJ2DZVHn/kRxlIaxYNMuDG1OvMckZu32um1TadOR8="
+ "cache.flakehub.com-8:moO+OVS0mnTjBTcOUh2kYLQEd59ExzyoW1QgQ8XAARQ="
+ "cache.flakehub.com-9:wChaSeTI6TeCuV/Sg2513ZIM9i0qJaYsF+lZCXg0J6o="
+ "cache.flakehub.com-10:2GqeNlIp6AKp4EF2MVbE1kBOp9iBSyo0UPR9KoR0o1Y="
+ ];
+ };
+ })
+ ]
+ );
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 20:12:15 +0000