diff options
| author | Seth Flynn <[email protected]> | 2025-01-29 15:32:09 -0500 |
|---|---|---|
| committer | Seth Flynn <[email protected]> | 2025-01-30 05:13:44 -0500 |
| commit | 90827099fcabc17e3bb4137ab1d843ce108cd686 (patch) | |
| tree | 678778aa7a417c913127bd81f7913421fc111860 /modules | |
| parent | 191568c62559e8d9d9fe949a6942d0693d53affc (diff) | |
nixos+darwin/determinate: init
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/darwin/traits/default.nix | 1 | ||||
| -rw-r--r-- | modules/darwin/traits/determinate.nix | 119 | ||||
| -rw-r--r-- | modules/nixos/traits/default.nix | 1 | ||||
| -rw-r--r-- | modules/nixos/traits/determinate.nix | 63 | ||||
| -rw-r--r-- | modules/shared/traits/default.nix | 1 | ||||
| -rw-r--r-- | modules/shared/traits/determinate.nix | 51 |
6 files changed, 236 insertions, 0 deletions
diff --git a/modules/darwin/traits/default.nix b/modules/darwin/traits/default.nix index 3664eb7..2bc544a 100644 --- a/modules/darwin/traits/default.nix +++ b/modules/darwin/traits/default.nix @@ -1,5 +1,6 @@ { imports = [ + ./determinate.nix ./home-manager.nix ./users ]; diff --git a/modules/darwin/traits/determinate.nix b/modules/darwin/traits/determinate.nix new file mode 100644 index 0000000..9d6367a --- /dev/null +++ b/modules/darwin/traits/determinate.nix @@ -0,0 +1,119 @@ +{ + config, + lib, + inputs', + ... +}: + +let + cfg = config.traits.determinate; + + package = inputs'.determinate.packages.default; +in + +{ + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + (lib.mkIf cfg.determinate-nixd.enable { + assertions = [ + { + assertion = config.nix.daemon; + message = "`nix.daemon` must be `true` when using `traits.determinate`"; + } + + { + assertion = !config.services.nix-daemon.enable; + message = "`services.nix-daemon` and `traits.determinate` conflict"; + } + ]; + + launchd.daemons = { + determinate-nixd-store.serviceConfig = { + Label = "systems.determinate.nix-store"; + RunAtLoad = true; + + StandardErrorPath = lib.mkForce "/var/log/determinate-nix-init.log"; + StandardOutPath = lib.mkForce "/var/log/determinate-nix-init.log"; + + ProgramArguments = lib.mkForce [ + "/usr/local/bin/determinate-nixd" + "--nix-bin" + "${config.nix.package}/bin" + "init" + ]; + }; + + determinate-nixd.serviceConfig = { + Label = "systems.determinate.nix-daemon"; + + StandardErrorPath = lib.mkForce "/var/log/determinate-nix-daemon.log"; + StandardOutPath = lib.mkForce "/var/log/determinate-nix-daemon.log"; + + ProgramArguments = lib.mkForce [ + "/usr/local/bin/determinate-nixd" + "--nix-bin" + "${config.nix.package}/bin" + "daemon" + ]; + + Sockets = { + "determinate-nixd.socket" = { + # We'd set `SockFamily = "Unix";`, but nix-darwin automatically sets it with SockPathName + SockPassive = true; + SockPathName = "/var/run/determinate-nixd.socket"; + }; + + "nix-daemon.socket" = { + # We'd set `SockFamily = "Unix";`, but nix-darwin automatically sets it with SockPathName + SockPassive = true; + SockPathName = "/var/run/nix-daemon.socket"; + }; + }; + + SoftResourceLimits = { + NumberOfFiles = lib.mkDefault 1048576; + NumberOfProcesses = lib.mkDefault 1048576; + Stack = lib.mkDefault 67108864; + }; + + HardResourceLimits = { + NumberOfFiles = lib.mkDefault 1048576; + NumberOfProcesses = lib.mkDefault 1048576; + Stack = lib.mkDefault 67108864; + }; + }; + }; + + nix.useDaemon = true; + + services.nix-daemon.enable = false; + + system.activationScripts = { + launchd.text = lib.mkBefore '' + if test -e /Library/LaunchDaemons/org.nixos.nix-daemon.plist; then + echo "Unloading org.nixos.nix-daemon" + launchctl bootout system /Library/LaunchDaemons/org.nixos.nix-daemon.plist || true + mv /Library/LaunchDaemons/org.nixos.nix-daemon.plist /Library/LaunchDaemons/.before-determinate-nixd.org.nixos.nix-daemon.plist.skip + fi + + if test -e /Library/LaunchDaemons/org.nixos.darwin-store.plist; then + echo "Unloading org.nixos.darwin-store" + launchctl bootout system /Library/LaunchDaemons/org.nixos.darwin-store.plist || true + mv /Library/LaunchDaemons/org.nixos.darwin-store.plist /Library/LaunchDaemons/.before-determinate-nixd.org.nixos.darwin-store.plist.skip + fi + + install -d -m 755 -o root -g wheel /usr/local/bin + cp ${lib.getExe package "determinate-nixd"} /usr/local/bin/.determinate-nixd.next + chmod +x /usr/local/bin/.determinate-nixd.next + mv /usr/local/bin/.determinate-nixd.next /usr/local/bin/determinate-nixd + ''; + + nix-daemon = lib.mkForce { + enable = false; + text = ""; + }; + }; + }) + ] + ); +} diff --git a/modules/nixos/traits/default.nix b/modules/nixos/traits/default.nix index a7357ee..e8117ab 100644 --- a/modules/nixos/traits/default.nix +++ b/modules/nixos/traits/default.nix @@ -3,6 +3,7 @@ ./arm-builder.nix ./auto-upgrade.nix ./containers.nix + ./determinate.nix ./home-manager.nix ./locale.nix ./mac-builder.nix diff --git a/modules/nixos/traits/determinate.nix b/modules/nixos/traits/determinate.nix new file mode 100644 index 0000000..459b128 --- /dev/null +++ b/modules/nixos/traits/determinate.nix @@ -0,0 +1,63 @@ +{ + config, + lib, + inputs', + ... +}: + +let + cfg = config.traits.determinate; + + package = inputs'.determinate.packages.default; +in + +{ + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + (lib.mkIf cfg.determinate-nixd.enable { + environment.systemPackages = [ + package + ]; + + systemd = { + services.nix-daemon.serviceConfig = { + ExecStart = [ + "" + "@${lib.getExe' package "determinate-nixd"} determinate-nixd --nix-bin ${config.nix.package}/bin daemon" + ]; + KillMode = lib.mkDefault "process"; + LimitNOFILE = lib.mkDefault 1048576; + LimitSTACK = lib.mkDefault "64M"; + TasksMax = lib.mkDefault 1048576; + }; + + sockets = { + determinate-nixd = { + description = "Determinate Nixd Daemon Socket"; + wantedBy = [ "sockets.target" ]; + before = [ "multi-user.target" ]; + + unitConfig = { + RequiresMountsFor = [ + "/nix/store" + "/nix/var/determinate" + ]; + }; + + socketConfig = { + Service = "nix-daemon.service"; + FileDescriptorName = "determinate-nixd.socket"; + ListenStream = "/nix/var/determinate/determinate-nixd.socket"; + DirectoryMode = "0755"; + }; + }; + + nix-daemon.socketConfig = { + FileDescriptorName = "nix-daemon.socket"; + }; + }; + }; + }) + ] + ); +} diff --git a/modules/shared/traits/default.nix b/modules/shared/traits/default.nix index ad1ecb0..9da1352 100644 --- a/modules/shared/traits/default.nix +++ b/modules/shared/traits/default.nix @@ -1,5 +1,6 @@ { imports = [ + ./determinate.nix ./home-manager.nix ./locale.nix ./users diff --git a/modules/shared/traits/determinate.nix b/modules/shared/traits/determinate.nix new file mode 100644 index 0000000..fc96fe1 --- /dev/null +++ b/modules/shared/traits/determinate.nix @@ -0,0 +1,51 @@ +{ + config, + lib, + pkgs, + inputs, + ... +}: + +let + cfg = config.traits.determinate; + + nixPackage = inputs.determinate.inputs.nix.packages.${pkgs.stdenv.hostPlatform.system}.default; +in + +{ + options.traits.determinate = { + enable = lib.mkEnableOption "Determinate with a bit less Determinate"; + + determinate-nix.enable = lib.mkEnableOption "Determinate Nix"; + determinate-nixd.enable = lib.mkEnableOption "determinate-nixd" // { + default = true; + }; + flakehub-cache.enable = lib.mkEnableOption "the FlakeHub cache" // { + default = true; + }; + }; + + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + (lib.mkIf cfg.determinate-nix.enable { + nix.package = lib.mkDefault nixPackage; + }) + + (lib.mkIf cfg.flakehub-cache.enable { + nix.settings = { + extra-trusted-substituters = [ "https://cache.flakehub.com" ]; + extra-trusted-public-keys = [ + "cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM=" + "cache.flakehub.com-4:Asi8qIv291s0aYLyH6IOnr5Kf6+OF14WVjkE6t3xMio=" + "cache.flakehub.com-5:zB96CRlL7tiPtzA9/WKyPkp3A2vqxqgdgyTVNGShPDU=" + "cache.flakehub.com-6:W4EGFwAGgBj3he7c5fNh9NkOXw0PUVaxygCVKeuvaqU=" + "cache.flakehub.com-7:mvxJ2DZVHn/kRxlIaxYNMuDG1OvMckZu32um1TadOR8=" + "cache.flakehub.com-8:moO+OVS0mnTjBTcOUh2kYLQEd59ExzyoW1QgQ8XAARQ=" + "cache.flakehub.com-9:wChaSeTI6TeCuV/Sg2513ZIM9i0qJaYsF+lZCXg0J6o=" + "cache.flakehub.com-10:2GqeNlIp6AKp4EF2MVbE1kBOp9iBSyo0UPR9KoR0o1Y=" + ]; + }; + }) + ] + ); +} |