From 3a2a22f50343b887a85cf18fca4720f751eeafb8 Mon Sep 17 00:00:00 2001 From: Seth Flynn Date: Thu, 13 Feb 2025 18:48:58 -0500 Subject: modules/determinate: make dedicated module --- modules/darwin/default.nix | 1 + modules/darwin/services/default.nix | 5 ++ modules/darwin/services/determinate.nix | 119 ++++++++++++++++++++++++++++++++ modules/darwin/traits/default.nix | 1 - modules/darwin/traits/determinate.nix | 119 -------------------------------- modules/nixos/services/default.nix | 5 +- modules/nixos/services/determinate.nix | 68 ++++++++++++++++++ modules/nixos/traits/default.nix | 1 - modules/nixos/traits/determinate.nix | 68 ------------------ modules/shared/default.nix | 1 + modules/shared/services/default.nix | 5 ++ modules/shared/services/determinate.nix | 51 ++++++++++++++ modules/shared/traits/default.nix | 1 - modules/shared/traits/determinate.nix | 51 -------------- 14 files changed, 254 insertions(+), 242 deletions(-) create mode 100644 modules/darwin/services/default.nix create mode 100644 modules/darwin/services/determinate.nix delete mode 100644 modules/darwin/traits/determinate.nix create mode 100644 modules/nixos/services/determinate.nix delete mode 100644 modules/nixos/traits/determinate.nix create mode 100644 modules/shared/services/default.nix create mode 100644 modules/shared/services/determinate.nix delete mode 100644 modules/shared/traits/determinate.nix (limited to 'modules') diff --git a/modules/darwin/default.nix b/modules/darwin/default.nix index 6145e27..4ee4b7e 100644 --- a/modules/darwin/default.nix +++ b/modules/darwin/default.nix @@ -7,6 +7,7 @@ ./desktop ./mixins ./profiles + ./services ./traits ]; }; diff --git a/modules/darwin/services/default.nix b/modules/darwin/services/default.nix new file mode 100644 index 0000000..499a418 --- /dev/null +++ b/modules/darwin/services/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./determinate.nix + ]; +} diff --git a/modules/darwin/services/determinate.nix b/modules/darwin/services/determinate.nix new file mode 100644 index 0000000..2716150 --- /dev/null +++ b/modules/darwin/services/determinate.nix @@ -0,0 +1,119 @@ +{ + config, + lib, + inputs', + ... +}: + +let + cfg = config.services.determinate; + + package = inputs'.determinate.packages.default; +in + +{ + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + (lib.mkIf cfg.determinate-nixd.enable { + assertions = [ + { + assertion = config.nix.daemon; + message = "`nix.daemon` must be `true` when using `traits.determinate`"; + } + + { + assertion = !config.services.nix-daemon.enable; + message = "`services.nix-daemon` and `traits.determinate` conflict"; + } + ]; + + launchd.daemons = { + determinate-nixd-store.serviceConfig = { + Label = "systems.determinate.nix-store"; + RunAtLoad = true; + + StandardErrorPath = lib.mkForce "/var/log/determinate-nix-init.log"; + StandardOutPath = lib.mkForce "/var/log/determinate-nix-init.log"; + + ProgramArguments = lib.mkForce [ + "/usr/local/bin/determinate-nixd" + "--nix-bin" + "${config.nix.package}/bin" + "init" + ]; + }; + + determinate-nixd.serviceConfig = { + Label = "systems.determinate.nix-daemon"; + + StandardErrorPath = lib.mkForce "/var/log/determinate-nix-daemon.log"; + StandardOutPath = lib.mkForce "/var/log/determinate-nix-daemon.log"; + + ProgramArguments = lib.mkForce [ + "/usr/local/bin/determinate-nixd" + "--nix-bin" + "${config.nix.package}/bin" + "daemon" + ]; + + Sockets = { + "determinate-nixd.socket" = { + # We'd set `SockFamily = "Unix";`, but nix-darwin automatically sets it with SockPathName + SockPassive = true; + SockPathName = "/var/run/determinate-nixd.socket"; + }; + + "nix-daemon.socket" = { + # We'd set `SockFamily = "Unix";`, but nix-darwin automatically sets it with SockPathName + SockPassive = true; + SockPathName = "/var/run/nix-daemon.socket"; + }; + }; + + SoftResourceLimits = { + NumberOfFiles = lib.mkDefault 1048576; + NumberOfProcesses = lib.mkDefault 1048576; + Stack = lib.mkDefault 67108864; + }; + + HardResourceLimits = { + NumberOfFiles = lib.mkDefault 1048576; + NumberOfProcesses = lib.mkDefault 1048576; + Stack = lib.mkDefault 67108864; + }; + }; + }; + + nix.useDaemon = true; + + services.nix-daemon.enable = false; + + system.activationScripts = { + launchd.text = lib.mkBefore '' + if test -e /Library/LaunchDaemons/org.nixos.nix-daemon.plist; then + echo "Unloading org.nixos.nix-daemon" + launchctl bootout system /Library/LaunchDaemons/org.nixos.nix-daemon.plist || true + mv /Library/LaunchDaemons/org.nixos.nix-daemon.plist /Library/LaunchDaemons/.before-determinate-nixd.org.nixos.nix-daemon.plist.skip + fi + + if test -e /Library/LaunchDaemons/org.nixos.darwin-store.plist; then + echo "Unloading org.nixos.darwin-store" + launchctl bootout system /Library/LaunchDaemons/org.nixos.darwin-store.plist || true + mv /Library/LaunchDaemons/org.nixos.darwin-store.plist /Library/LaunchDaemons/.before-determinate-nixd.org.nixos.darwin-store.plist.skip + fi + + install -d -m 755 -o root -g wheel /usr/local/bin + cp ${lib.getExe package "determinate-nixd"} /usr/local/bin/.determinate-nixd.next + chmod +x /usr/local/bin/.determinate-nixd.next + mv /usr/local/bin/.determinate-nixd.next /usr/local/bin/determinate-nixd + ''; + + nix-daemon = lib.mkForce { + enable = false; + text = ""; + }; + }; + }) + ] + ); +} diff --git a/modules/darwin/traits/default.nix b/modules/darwin/traits/default.nix index 2ed5427..14812ea 100644 --- a/modules/darwin/traits/default.nix +++ b/modules/darwin/traits/default.nix @@ -1,6 +1,5 @@ { imports = [ - ./determinate.nix ./users ]; } diff --git a/modules/darwin/traits/determinate.nix b/modules/darwin/traits/determinate.nix deleted file mode 100644 index 9d6367a..0000000 --- a/modules/darwin/traits/determinate.nix +++ /dev/null @@ -1,119 +0,0 @@ -{ - config, - lib, - inputs', - ... -}: - -let - cfg = config.traits.determinate; - - package = inputs'.determinate.packages.default; -in - -{ - config = lib.mkIf cfg.enable ( - lib.mkMerge [ - (lib.mkIf cfg.determinate-nixd.enable { - assertions = [ - { - assertion = config.nix.daemon; - message = "`nix.daemon` must be `true` when using `traits.determinate`"; - } - - { - assertion = !config.services.nix-daemon.enable; - message = "`services.nix-daemon` and `traits.determinate` conflict"; - } - ]; - - launchd.daemons = { - determinate-nixd-store.serviceConfig = { - Label = "systems.determinate.nix-store"; - RunAtLoad = true; - - StandardErrorPath = lib.mkForce "/var/log/determinate-nix-init.log"; - StandardOutPath = lib.mkForce "/var/log/determinate-nix-init.log"; - - ProgramArguments = lib.mkForce [ - "/usr/local/bin/determinate-nixd" - "--nix-bin" - "${config.nix.package}/bin" - "init" - ]; - }; - - determinate-nixd.serviceConfig = { - Label = "systems.determinate.nix-daemon"; - - StandardErrorPath = lib.mkForce "/var/log/determinate-nix-daemon.log"; - StandardOutPath = lib.mkForce "/var/log/determinate-nix-daemon.log"; - - ProgramArguments = lib.mkForce [ - "/usr/local/bin/determinate-nixd" - "--nix-bin" - "${config.nix.package}/bin" - "daemon" - ]; - - Sockets = { - "determinate-nixd.socket" = { - # We'd set `SockFamily = "Unix";`, but nix-darwin automatically sets it with SockPathName - SockPassive = true; - SockPathName = "/var/run/determinate-nixd.socket"; - }; - - "nix-daemon.socket" = { - # We'd set `SockFamily = "Unix";`, but nix-darwin automatically sets it with SockPathName - SockPassive = true; - SockPathName = "/var/run/nix-daemon.socket"; - }; - }; - - SoftResourceLimits = { - NumberOfFiles = lib.mkDefault 1048576; - NumberOfProcesses = lib.mkDefault 1048576; - Stack = lib.mkDefault 67108864; - }; - - HardResourceLimits = { - NumberOfFiles = lib.mkDefault 1048576; - NumberOfProcesses = lib.mkDefault 1048576; - Stack = lib.mkDefault 67108864; - }; - }; - }; - - nix.useDaemon = true; - - services.nix-daemon.enable = false; - - system.activationScripts = { - launchd.text = lib.mkBefore '' - if test -e /Library/LaunchDaemons/org.nixos.nix-daemon.plist; then - echo "Unloading org.nixos.nix-daemon" - launchctl bootout system /Library/LaunchDaemons/org.nixos.nix-daemon.plist || true - mv /Library/LaunchDaemons/org.nixos.nix-daemon.plist /Library/LaunchDaemons/.before-determinate-nixd.org.nixos.nix-daemon.plist.skip - fi - - if test -e /Library/LaunchDaemons/org.nixos.darwin-store.plist; then - echo "Unloading org.nixos.darwin-store" - launchctl bootout system /Library/LaunchDaemons/org.nixos.darwin-store.plist || true - mv /Library/LaunchDaemons/org.nixos.darwin-store.plist /Library/LaunchDaemons/.before-determinate-nixd.org.nixos.darwin-store.plist.skip - fi - - install -d -m 755 -o root -g wheel /usr/local/bin - cp ${lib.getExe package "determinate-nixd"} /usr/local/bin/.determinate-nixd.next - chmod +x /usr/local/bin/.determinate-nixd.next - mv /usr/local/bin/.determinate-nixd.next /usr/local/bin/determinate-nixd - ''; - - nix-daemon = lib.mkForce { - enable = false; - text = ""; - }; - }; - }) - ] - ); -} diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 038c3a6..a6a10ea 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -1,3 +1,6 @@ { - imports = [ ./github-mirror ]; + imports = [ + ./determinate.nix + ./github-mirror + ]; } diff --git a/modules/nixos/services/determinate.nix b/modules/nixos/services/determinate.nix new file mode 100644 index 0000000..6aa599e --- /dev/null +++ b/modules/nixos/services/determinate.nix @@ -0,0 +1,68 @@ +{ + config, + lib, + inputs', + ... +}: + +let + cfg = config.services.determinate; + + package = inputs'.determinate.packages.default; +in + +{ + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + (lib.mkIf cfg.determinate-nixd.enable { + environment = { + # `determinate-nixd` overrides /etc/nix/nix.conf with it's own + etc."nix/nix.custom.conf" = { inherit (config.environment.etc."nix/nix.conf") source; }; + + systemPackages = [ + package + ]; + }; + + systemd = { + services.nix-daemon.serviceConfig = { + ExecStart = [ + "" + "@${lib.getExe' package "determinate-nixd"} determinate-nixd --nix-bin ${config.nix.package}/bin daemon" + ]; + KillMode = lib.mkDefault "process"; + LimitNOFILE = lib.mkDefault 1048576; + LimitSTACK = lib.mkDefault "64M"; + TasksMax = lib.mkDefault 1048576; + }; + + sockets = { + determinate-nixd = { + description = "Determinate Nixd Daemon Socket"; + wantedBy = [ "sockets.target" ]; + before = [ "multi-user.target" ]; + + unitConfig = { + RequiresMountsFor = [ + "/nix/store" + "/nix/var/determinate" + ]; + }; + + socketConfig = { + Service = "nix-daemon.service"; + FileDescriptorName = "determinate-nixd.socket"; + ListenStream = "/nix/var/determinate/determinate-nixd.socket"; + DirectoryMode = "0755"; + }; + }; + + nix-daemon.socketConfig = { + FileDescriptorName = "nix-daemon.socket"; + }; + }; + }; + }) + ] + ); +} diff --git a/modules/nixos/traits/default.nix b/modules/nixos/traits/default.nix index 7301952..abea86a 100644 --- a/modules/nixos/traits/default.nix +++ b/modules/nixos/traits/default.nix @@ -1,7 +1,6 @@ { imports = [ ./arm-builder.nix - ./determinate.nix ./locale.nix ./mac-builder.nix ./nvd-diff.nix diff --git a/modules/nixos/traits/determinate.nix b/modules/nixos/traits/determinate.nix deleted file mode 100644 index 11e637e..0000000 --- a/modules/nixos/traits/determinate.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ - config, - lib, - inputs', - ... -}: - -let - cfg = config.traits.determinate; - - package = inputs'.determinate.packages.default; -in - -{ - config = lib.mkIf cfg.enable ( - lib.mkMerge [ - (lib.mkIf cfg.determinate-nixd.enable { - environment = { - # `determinate-nixd` overrides /etc/nix/nix.conf with it's own - etc."nix/nix.custom.conf" = { inherit (config.environment.etc."nix/nix.conf") source; }; - - systemPackages = [ - package - ]; - }; - - systemd = { - services.nix-daemon.serviceConfig = { - ExecStart = [ - "" - "@${lib.getExe' package "determinate-nixd"} determinate-nixd --nix-bin ${config.nix.package}/bin daemon" - ]; - KillMode = lib.mkDefault "process"; - LimitNOFILE = lib.mkDefault 1048576; - LimitSTACK = lib.mkDefault "64M"; - TasksMax = lib.mkDefault 1048576; - }; - - sockets = { - determinate-nixd = { - description = "Determinate Nixd Daemon Socket"; - wantedBy = [ "sockets.target" ]; - before = [ "multi-user.target" ]; - - unitConfig = { - RequiresMountsFor = [ - "/nix/store" - "/nix/var/determinate" - ]; - }; - - socketConfig = { - Service = "nix-daemon.service"; - FileDescriptorName = "determinate-nixd.socket"; - ListenStream = "/nix/var/determinate/determinate-nixd.socket"; - DirectoryMode = "0755"; - }; - }; - - nix-daemon.socketConfig = { - FileDescriptorName = "nix-daemon.socket"; - }; - }; - }; - }) - ] - ); -} diff --git a/modules/shared/default.nix b/modules/shared/default.nix index 3b105df..68faa70 100644 --- a/modules/shared/default.nix +++ b/modules/shared/default.nix @@ -2,6 +2,7 @@ imports = [ ./defaults ./mixins + ./services ./traits ]; } diff --git a/modules/shared/services/default.nix b/modules/shared/services/default.nix new file mode 100644 index 0000000..499a418 --- /dev/null +++ b/modules/shared/services/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./determinate.nix + ]; +} diff --git a/modules/shared/services/determinate.nix b/modules/shared/services/determinate.nix new file mode 100644 index 0000000..469306e --- /dev/null +++ b/modules/shared/services/determinate.nix @@ -0,0 +1,51 @@ +{ + config, + lib, + pkgs, + inputs, + ... +}: + +let + cfg = config.services.determinate; + + nixPackage = inputs.determinate.inputs.nix.packages.${pkgs.stdenv.hostPlatform.system}.default; +in + +{ + options.services.determinate = { + enable = lib.mkEnableOption "Determinate with a bit less Determinate"; + + determinate-nix.enable = lib.mkEnableOption "Determinate Nix"; + determinate-nixd.enable = lib.mkEnableOption "determinate-nixd" // { + default = true; + }; + flakehub-cache.enable = lib.mkEnableOption "the FlakeHub cache" // { + default = true; + }; + }; + + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + (lib.mkIf cfg.determinate-nix.enable { + nix.package = lib.mkDefault nixPackage; + }) + + (lib.mkIf cfg.flakehub-cache.enable { + nix.settings = { + extra-substituters = [ "https://cache.flakehub.com" ]; + extra-trusted-public-keys = [ + "cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM=" + "cache.flakehub.com-4:Asi8qIv291s0aYLyH6IOnr5Kf6+OF14WVjkE6t3xMio=" + "cache.flakehub.com-5:zB96CRlL7tiPtzA9/WKyPkp3A2vqxqgdgyTVNGShPDU=" + "cache.flakehub.com-6:W4EGFwAGgBj3he7c5fNh9NkOXw0PUVaxygCVKeuvaqU=" + "cache.flakehub.com-7:mvxJ2DZVHn/kRxlIaxYNMuDG1OvMckZu32um1TadOR8=" + "cache.flakehub.com-8:moO+OVS0mnTjBTcOUh2kYLQEd59ExzyoW1QgQ8XAARQ=" + "cache.flakehub.com-9:wChaSeTI6TeCuV/Sg2513ZIM9i0qJaYsF+lZCXg0J6o=" + "cache.flakehub.com-10:2GqeNlIp6AKp4EF2MVbE1kBOp9iBSyo0UPR9KoR0o1Y=" + ]; + }; + }) + ] + ); +} diff --git a/modules/shared/traits/default.nix b/modules/shared/traits/default.nix index de3ca6c..8fdce85 100644 --- a/modules/shared/traits/default.nix +++ b/modules/shared/traits/default.nix @@ -1,6 +1,5 @@ { imports = [ - ./determinate.nix ./locale.nix ./users ]; diff --git a/modules/shared/traits/determinate.nix b/modules/shared/traits/determinate.nix deleted file mode 100644 index 8e56db1..0000000 --- a/modules/shared/traits/determinate.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ - config, - lib, - pkgs, - inputs, - ... -}: - -let - cfg = config.traits.determinate; - - nixPackage = inputs.determinate.inputs.nix.packages.${pkgs.stdenv.hostPlatform.system}.default; -in - -{ - options.traits.determinate = { - enable = lib.mkEnableOption "Determinate with a bit less Determinate"; - - determinate-nix.enable = lib.mkEnableOption "Determinate Nix"; - determinate-nixd.enable = lib.mkEnableOption "determinate-nixd" // { - default = true; - }; - flakehub-cache.enable = lib.mkEnableOption "the FlakeHub cache" // { - default = true; - }; - }; - - config = lib.mkIf cfg.enable ( - lib.mkMerge [ - (lib.mkIf cfg.determinate-nix.enable { - nix.package = lib.mkDefault nixPackage; - }) - - (lib.mkIf cfg.flakehub-cache.enable { - nix.settings = { - extra-substituters = [ "https://cache.flakehub.com" ]; - extra-trusted-public-keys = [ - "cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM=" - "cache.flakehub.com-4:Asi8qIv291s0aYLyH6IOnr5Kf6+OF14WVjkE6t3xMio=" - "cache.flakehub.com-5:zB96CRlL7tiPtzA9/WKyPkp3A2vqxqgdgyTVNGShPDU=" - "cache.flakehub.com-6:W4EGFwAGgBj3he7c5fNh9NkOXw0PUVaxygCVKeuvaqU=" - "cache.flakehub.com-7:mvxJ2DZVHn/kRxlIaxYNMuDG1OvMckZu32um1TadOR8=" - "cache.flakehub.com-8:moO+OVS0mnTjBTcOUh2kYLQEd59ExzyoW1QgQ8XAARQ=" - "cache.flakehub.com-9:wChaSeTI6TeCuV/Sg2513ZIM9i0qJaYsF+lZCXg0J6o=" - "cache.flakehub.com-10:2GqeNlIp6AKp4EF2MVbE1kBOp9iBSyo0UPR9KoR0o1Y=" - ]; - }; - }) - ] - ); -} -- cgit v1.2.3