Merge pull request #490 from malob/update-nix-module

Bring `nix` module back in sync with the NixOS module (as much as possible)

CHANGELOG

@@ -1,3 +1,26 @@
+2022-08-14
+- nix module updated to bring it back in sync with it's NixOS counterpart
+  It should now be much more fiesable to share code for this module between
+  `nix-darwin` and NixOS configs.
+
+  `nix-darwin` now requires Nix >= 2.2.
+
+  `nix.package` can no longer be a path to a profile.
+
+  `nix.version` option has been removed. Use `nix.package.version` if you want
+  to reference the version Nix installed/used by your config.
+
+  Many options moved/renamed from `nix.*` to `nix.settings.*`. For example
+  `nix.binaryCaches` is now `nix.settings.substituters`.
+
+  You can use `nix.settings` to set any option in `nix.conf`.
+
+  `users.nix.*` options moved to `nix.*`.
+
+  `nix.daemonIONice` was renamed to `nix.daemonIOLowPriority`, and
+  `nix.daemonNiceLevel` was removed in favor a new option
+  `nix.nix.daemonProcessType`.
+
 2021-01-16
 - Added `homebrew` module, to manage formulas installed by Homebrew via `brew bundle`.
 

modules/alias.nix

@@ -10,7 +10,6 @@ in
   options = {
 
     networking.networkservices = mkOption { internal = true; default = null; };
-    nix.profile = mkOption { internal = true; default = null; };
     security.enableAccessibilityAccess = mkOption { internal = true; default = null; };
     security.accessibilityPrograms = mkOption { internal = true; default = null; };
 
@@ -19,8 +18,7 @@ in
   config = {
 
     assertions =
-      [ { assertion = config.nix.profile == null; message = "nix.profile was renamed to nix.package"; }
-        { assertion = config.security.enableAccessibilityAccess == null; message = "security.enableAccessibilityAccess was removed, it's broken since 10.12 because of SIP"; }
+      [ { assertion = config.security.enableAccessibilityAccess == null; message = "security.enableAccessibilityAccess was removed, it's broken since 10.12 because of SIP"; }
         { assertion = config.system.activationScripts.extraPostActivation.text == ""; message = "system.activationScripts.extraPostActivation was renamed to system.activationScripts.postActivation"; }
         { assertion = config.system.activationScripts.extraUserPostActivation.text == ""; message = "system.activationScripts.extraUserPostActivation was renamed to system.activationScripts.postUserActivation"; }
       ];
@@ -31,8 +29,6 @@ in
 
     networking.knownNetworkServices = mkIf (config.networking.networkservices != null) config.networking.networkservices;
 
-    nix.package = mkIf (config.nix.profile != null) config.nix.profile;
-
     system.activationScripts.extraPostActivation.text = mkDefault "";
     system.activationScripts.extraUserPostActivation.text = mkDefault "";
 

modules/examples/hydra.nix

@@ -19,10 +19,10 @@ in
 
   services.nix-daemon.enable = true;
 
-  nix.binaryCaches = [ http://cache1 ];
-  nix.binaryCachePublicKeys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ];
+  nix.settings.substituters = [ http://cache1 ];
+  nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ];
 
-  nix.trustedUsers = [ "@admin" "@hydra" ];
+  nix.settings.trusted-users = [ "@admin" "@hydra" ];
 
   nix.extraOptions = ''
     pre-build-hook =

modules/examples/lnl.nix

@@ -93,11 +93,11 @@
     log-lines = 128
   '';
 
-  nix.binaryCachePublicKeys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ];
-  nix.trustedBinaryCaches = [ https://d3i7ezr9vxxsfy.cloudfront.net ];
+  nix.settings.trusted-public-keys = [ "cache.daiderd.com-1:R8KOWZ8lDaLojqD+v9dzXAqGn29gEzPTTbr/GIpCTrI=" ];
+  nix.settings.trusted-substituters = [ https://d3i7ezr9vxxsfy.cloudfront.net ];
 
-  nix.useSandbox = true;
-  nix.sandboxPaths = [ "/private/tmp" "/private/var/tmp" "/usr/bin/env" ];
+  nix.settings.sandbox = true;
+  nix.settings.extra-sandbox-paths = [ "/private/tmp" "/private/var/tmp" "/usr/bin/env" ];
 
   programs.nix-index.enable = true;
 
@@ -357,6 +357,6 @@
   #     path = /etc/per-user/lnl/gitconfig
   # environment.etc."per-user/lnl/gitconfig".text = builtins.readFile "${inputs.dotfiles}/git/gitconfig";
 
-  users.nix.configureBuildUsers = true;
-  users.nix.nrBuildUsers = 32;
+  nix.configureBuildUsers = true;
+  nix.nrBuildUsers = 32;
 }

modules/misc/ids.nix

@@ -0,0 +1,50 @@
+# Based on: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/misc/ids.nix
+
+# This module defines the global list of uids and gids.  We keep a
+# central list to prevent id collisions.
+
+# IMPORTANT!
+# We only add static uids and gids for services where it is not feasible
+# to change uids/gids on service start, in example a service with a lot of
+# files.
+
+{ lib, ... }:
+
+let
+  inherit (lib) types;
+in
+{
+  options = {
+
+    ids.uids = lib.mkOption {
+      internal = true;
+      description = ''
+        The user IDs used in NixOS.
+      '';
+      type = types.attrsOf types.int;
+    };
+
+    ids.gids = lib.mkOption {
+      internal = true;
+      description = ''
+        The group IDs used in NixOS.
+      '';
+      type = types.attrsOf types.int;
+    };
+
+  };
+
+
+  config = {
+
+    ids.uids = {
+      nixbld = 300;
+    };
+
+    ids.gids = {
+      nixbld = 30000;
+    };
+
+  };
+
+}

modules/module-list.nix

@@ -1,6 +1,7 @@
 [
   ./alias.nix
   ./documentation
+  ./misc/ids.nix
   ./misc/lib.nix
   ./security/pki
   ./security/sandbox
@@ -34,7 +35,6 @@
   ./networking
   ./nix
   ./nix/nix-darwin.nix
-  ./nix/nix-info.nix
   ./nix/nixpkgs.nix
   ./environment
   ./fonts
@@ -77,5 +77,4 @@
   ./programs/zsh
   ./homebrew.nix
   ./users
-  ./users/nixbld
 ]

modules/nix/nix-info.nix

@@ -1,15 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  nix-info = pkgs.nix-info or null;
-in
-
-{
-  config = {
-
-    environment.systemPackages = mkIf (nix-info != null) [ nix-info ];
-
-  };
-}

modules/services/nix-daemon.nix

@@ -48,9 +48,8 @@ in
         "/bin/sh" "-c"
         "/bin/wait4path ${config.nix.package}/bin/nix-daemon && exec ${config.nix.package}/bin/nix-daemon"
       ];
-      serviceConfig.ProcessType = mkDefault "Interactive";
-      serviceConfig.LowPriorityIO = config.nix.daemonIONice;
-      serviceConfig.Nice = config.nix.daemonNiceLevel;
+      serviceConfig.ProcessType = config.nix.daemonProcessType;
+      serviceConfig.LowPriorityIO = config.nix.daemonIOLowPriority;
       serviceConfig.Label = "org.nixos.nix-daemon"; # must match daemon installed by Nix regardless of the launchd label Prefix
       serviceConfig.SoftResourceLimits.NumberOfFiles = mkDefault 4096;
       serviceConfig.StandardErrorPath = cfg.logFile;

modules/services/nix-gc/default.nix

@@ -1,4 +1,6 @@
-{ config, lib, pkgs, ... }:
+# Based off: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/misc/nix-gc.nix
+# When making changes please try to keep it in sync.
+{ config, lib, ... }:
 
 with lib;
 
@@ -7,36 +9,54 @@ let
 in
 
 {
+  imports = [
+    (mkRemovedOptionModule [ "nix" "gc" "dates" ] "Use `nix.gc.interval` instead.")
+    (mkRemovedOptionModule [ "nix" "gc" "randomizedDelaySec" ] "No `nix-darwin` equivilant to this NixOS option.")
+    (mkRemovedOptionModule [ "nix" "gc" "persistent" ] "No `nix-darwin` equivilant to this NixOS option.")
+  ];
+
+  ###### interface
+
   options = {
-    nix.gc.automatic = mkOption {
-      type = types.bool;
-      default = false;
-      description = "Automatically run the garbage collector at a specific time.";
+
+    nix.gc = {
+
+      automatic = mkOption {
+        default = false;
+        type = types.bool;
+        description = "Automatically run the garbage collector at a specific time.";
+      };
+
+      # Not in NixOS module
+      user = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        description = "User that runs the garbage collector.";
+      };
+
+      interval = mkOption {
+        type = types.attrs;
+        default = { Hour = 3; Minute = 15; };
+        description = "The time interval at which the garbage collector will run.";
+      };
+
+      options = mkOption {
+        default = "";
+        example = "--max-freed $((64 * 1024**3))";
+        type = types.str;
+        description = ''
+          Options given to <filename>nix-collect-garbage</filename> when the
+          garbage collector is run automatically.
+        '';
+      };
+
     };
 
-    nix.gc.user = mkOption {
-      type = types.nullOr types.str;
-      default = null;
-      description = "User that runs the garbage collector.";
-    };
-
-    nix.gc.interval = mkOption {
-      type = types.attrs;
-      default = { Hour = 3; Minute = 15; };
-      description = "The time interval at which the garbage collector will run.";
-    };
-
-    nix.gc.options = mkOption {
-      type = types.str;
-      default = "";
-      example = "--max-freed $((64 * 1024**3))";
-      description = ''
-        Options given to <filename>nix-collect-garbage</filename> when the
-        garbage collector is run automatically.
-      '';
-    };
   };
 
+
+  ###### implementation
+
   config = mkIf cfg.automatic {
 
     launchd.daemons.nix-gc = {

modules/system/checks.nix

@@ -54,7 +54,7 @@ let
         echo >&2
         echo "or enable to automatically manage the users" >&2
         echo >&2
-        echo "    users.nix.configureBuildUsers = true;" >&2
+        echo "    nix.configureBuildUsers = true;" >&2
         echo >&2
     fi
   '';
@@ -125,7 +125,9 @@ let
   '';
 
   nixPath = ''
-    darwinConfig=$(NIX_PATH=${concatStringsSep ":" config.nix.nixPath} nix-instantiate --find-file darwin-config) || true
+    nixPath=${concatStringsSep ":" config.nix.nixPath}:$HOME/.nix-defexpr/channels
+
+    darwinConfig=$(NIX_PATH=$nixPath nix-instantiate --find-file darwin-config) || true
     if ! test -e "$darwinConfig"; then
         echo "error: Changed <darwin-config> but target does not exist, aborting activation" >&2
         echo "Create ''${darwinConfig:-~/.nixpkgs/darwin-configuration.nix} or set environment.darwinConfig:" >&2
@@ -139,7 +141,7 @@ let
         exit 2
     fi
 
-    darwinPath=$(NIX_PATH=${concatStringsSep ":" config.nix.nixPath} nix-instantiate --find-file darwin) || true
+    darwinPath=$(NIX_PATH=$nixPath nix-instantiate --find-file darwin) || true
     if ! test -e "$darwinPath"; then
         echo "error: Changed <darwin> but target does not exist, aborting activation" >&2
         echo "Add the darwin repo as a channel or set nix.nixPath:" >&2
@@ -153,7 +155,7 @@ let
         exit 2
     fi
 
-    nixpkgsPath=$(NIX_PATH=${concatStringsSep ":" config.nix.nixPath} nix-instantiate --find-file nixpkgs) || true
+    nixpkgsPath=$(NIX_PATH=$nixPath nix-instantiate --find-file nixpkgs) || true
     if ! test -e "$nixpkgsPath"; then
         echo "error: Changed <nixpkgs> but target does not exist, aborting activation" >&2
         echo "Add a nixpkgs channel or set nix.nixPath:" >&2

modules/users/nixbld/default.nix

@@ -1,70 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.users;
-
-  named = xs: listToAttrs (map (x: { name = x.name; value = x; }) xs);
-
-  createdGroups = mapAttrsToList (n: v: v.name) cfg.groups;
-  createdUsers = mapAttrsToList (n: v: v.name) cfg.users;
-
-  mkUsers = f: genList (x: f (x + 1)) cfg.nix.nrBuildUsers;
-
-  buildUsers = mkUsers (i: {
-    name = "_nixbld${toString i}";
-    uid = 300 + i;
-    gid = 300;
-    description = "Nix build user ${toString i}";
-  });
-
-  buildGroups = [{
-    name = "nixbld";
-    gid = 30000;
-    description = "Nix build group for nix-daemon";
-    members = map (v: v.name) buildUsers;
-  }];
-in
-
-{
-  options = {
-    users.nix.configureBuildUsers = mkOption {
-      type = types.bool;
-      default = false;
-      description = ''
-        Configuration for nixbld group and users.
-        NOTE: This does not work unless knownGroups/knownUsers is set.
-      '';
-    };
-
-    users.nix.nrBuildUsers = mkOption {
-      type = mkOptionType {
-        name = "integer";
-        check = t: isInt t && t > 1;
-      };
-      default = 32;
-      description = "Number of nixbld user accounts created to perform secure concurrent builds.";
-    };
-  };
-
-  config = {
-
-    assertions = [
-      { assertion = elem "nixbld" cfg.knownGroups -> elem "nixbld" createdGroups; message = "refusing to delete group nixbld in users.knownGroups, this would break nix"; }
-      { assertion = elem "_nixbld1" cfg.knownUsers -> elem "_nixbld1" createdUsers; message = "refusing to delete user _nixbld1 in users.knownUsers, this would break nix"; }
-      { assertion = cfg.groups ? "nixbld" -> cfg.groups.nixbld.members != []; message = "refusing to remove all members from nixbld group, this would break nix"; }
-    ];
-
-    users.groups = mkIf cfg.nix.configureBuildUsers (named buildGroups);
-    users.users = mkIf cfg.nix.configureBuildUsers (named buildUsers);
-
-    users.knownGroups = mkIf cfg.nix.configureBuildUsers [ "nixbld" ];
-    users.knownUsers = mkIf cfg.nix.configureBuildUsers (mkMerge [
-      (mkUsers (i: "_nixbld${toString i}"))
-      (mkUsers (i: "nixbld${toString i}"))  # delete old style nixbld users
-    ]);
-
-  };
-}
-

pkgs/darwin-installer/configuration.nix

@@ -5,6 +5,6 @@ with lib;
 {
   imports = [ <user-darwin-config> ./installer.nix ];
 
-  users.nix.configureBuildUsers = true;
+  nix.configureBuildUsers = true;
   users.knownGroups = [ "nixbld" ];
 }

pkgs/darwin-installer/default.nix

@@ -145,13 +145,13 @@ stdenv.mkDerivation {
         env -i USER=john HOME=/Users/john bash -li -c 'echo $PATH'
         env -i USER=john HOME=/Users/john bash -li -c 'echo $PATH' | grep /Users/john/.nix-profile/bin:/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin
         env -i USER=john HOME=/Users/john bash -li -c 'echo $NIX_PATH'
-        env -i USER=john HOME=/Users/john bash -li -c 'echo $NIX_PATH' | grep darwin-config=/Users/john/.nixpkgs/darwin-configuration.nix:/nix/var/nix/profiles/per-user/root/channels:/Users/john/.nix-defexpr/channels
+        env -i USER=john HOME=/Users/john bash -li -c 'echo $NIX_PATH' | grep darwin-config=/Users/john/.nixpkgs/darwin-configuration.nix:/nix/var/nix/profiles/per-user/root/channels
 
         echo >&2 "checking zsh environment"
         env -i USER=john HOME=/Users/john zsh -l -c 'echo $PATH'
         env -i USER=john HOME=/Users/john zsh -l -c 'echo $PATH' | grep /Users/john/.nix-profile/bin:/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin
-        env -i USER=john HOME=/Users/john zsh -l -c 'echo $NIX_PATH' | grep darwin-config=/Users/john/.nixpkgs/darwin-configuration.nix:/nix/var/nix/profiles/per-user/root/channels:/Users/john/.nix-defexpr/channels
         env -i USER=john HOME=/Users/john zsh -l -c 'echo $NIX_PATH'
+        env -i USER=john HOME=/Users/john zsh -l -c 'echo $NIX_PATH' | grep darwin-config=/Users/john/.nixpkgs/darwin-configuration.nix:/nix/var/nix/profiles/per-user/root/channels
 
         echo >&2 ok
         exit

tests/checks-nix-gc.nix

@@ -1,7 +1,7 @@
 { config, pkgs, ... }:
 
 let
-  nix = pkgs.runCommand "nix-0.0.0" {} "mkdir -p $out";
+  nix = pkgs.runCommand "nix-2.2" {} "mkdir -p $out";
 in
 
 {

tests/services-nix-daemon.nix

@@ -2,7 +2,7 @@
 
 let
   cacert = pkgs.runCommand "cacert-0.0.0" {} "mkdir -p $out";
-  nix = pkgs.runCommand "nix-0.0.0" { version = "1.11.6"; } "mkdir -p $out";
+  nix = pkgs.runCommand "nix-2.2" {} "mkdir -p $out";
 in
 
 {

tests/services-nix-gc.nix

@@ -1,7 +1,7 @@
 { config, pkgs, ... }:
 
 let
-  nix = pkgs.runCommand "nix-0.0.0" {} "mkdir -p $out";
+  nix = pkgs.runCommand "nix-2.2" {} "mkdir -p $out";
 in
 
 {

tests/sockets-nix-daemon.nix

@@ -1,7 +1,7 @@
 { config, pkgs, ... }:
 
 let
-  nix = pkgs.runCommand "nix-0.0.0" {} "mkdir -p $out";
+  nix = pkgs.runCommand "nix-2.2" {} "mkdir -p $out";
 in
 
 {