Skip to content

Commit

Permalink
Merge pull request #56 from DeterminateSystems/split-modules
Browse files Browse the repository at this point in the history 
Move modules into separate files
  • Loading branch information
@cole-h
cole-h authored Jan 21, 2025
2 parents fe0c0c3 + c47250b commit 352f03a
Show file tree
Hide file tree
Showing 4 changed files with 214 additions and 196 deletions.
199 changes: 3 additions & 196 deletions flake.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,7 @@

outputs = { self, nixpkgs, ... } @ inputs:
let
lastModifiedDate = self.lastModifiedDate or self.lastModified or "19700101";

version = "${builtins.substring 0 8 lastModifiedDate}-${self.shortRev or "dirty"}";
supportedSystems = [ "x86_64-linux" "aarch64-linux" "aarch64-darwin" "x86_64-darwin" ];

pkgsFor = system: import nixpkgs {
inherit system;
Expand All @@ -33,73 +31,10 @@
};
};

supportedSystems = [ "x86_64-linux" "aarch64-linux" "aarch64-darwin" "x86_64-darwin" ];

forAllSystems = f: nixpkgs.lib.genAttrs supportedSystems (system: f {
inherit system;
pkgs = pkgsFor system;
});

# Stronger than mkDefault (1000), weaker than mkForce (50) and the "default override priority"
# (100).
mkPreferable = inputs.nixpkgs.lib.mkOverride 750;

# Stronger than the "default override priority", as the upstream module uses that, and weaker than mkForce (50).
mkMorePreferable = inputs.nixpkgs.lib.mkOverride 75;

# Common settings that are shared between NixOS and nix-darwin modules.
# The settings configured in this module must be generally settable by users both trusted and
# untrusted by the Nix daemon. Settings that require being a trusted user belong in the
# `restrictedSettingsModule` below.
commonSettingsModule = { config, pkgs, lib, ... }: {
nix.package = inputs.nix.packages."${pkgs.stdenv.system}".default;

nix.registry.nixpkgs = {
exact = true;

from = {
type = "indirect";
id = "nixpkgs";
};

# NOTE(cole-h): The NixOS module exposes a `flake` option that is a fancy wrapper around
# setting `to` -- we don't want to clobber this if users have set it on their own
to = lib.mkIf (config.nix.registry.nixpkgs.flake or null == null) (mkPreferable {
type = "tarball";
url = "https://flakehub.com/f/DeterminateSystems/nixpkgs-weekly/0.1.0.tar.gz";
});
};

nix.settings = {
bash-prompt-prefix = "(nix:$name)\\040";
extra-experimental-features = [ "nix-command" "flakes" ];
extra-nix-path = [ "nixpkgs=flake:nixpkgs" ];
extra-substituters = [ "https://cache.flakehub.com" ];
};
};

# Restricted settings that are shared between NixOS and nix-darwin modules.
# The settings configured in this module require being a user trusted by the Nix daemon.
restrictedSettingsModule = { ... }: {
nix.settings = restrictedNixSettings;
};

# Nix settings that require being a trusted user to configure.
restrictedNixSettings = {
always-allow-substitutes = true;
netrc-file = "/nix/var/determinate/netrc";
upgrade-nix-store-path-url = "https://install.determinate.systems/nix-upgrade/stable/universal";
extra-trusted-public-keys = [
"cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM="
"cache.flakehub.com-4:Asi8qIv291s0aYLyH6IOnr5Kf6+OF14WVjkE6t3xMio="
"cache.flakehub.com-5:zB96CRlL7tiPtzA9/WKyPkp3A2vqxqgdgyTVNGShPDU="
"cache.flakehub.com-6:W4EGFwAGgBj3he7c5fNh9NkOXw0PUVaxygCVKeuvaqU="
"cache.flakehub.com-7:mvxJ2DZVHn/kRxlIaxYNMuDG1OvMckZu32um1TadOR8="
"cache.flakehub.com-8:moO+OVS0mnTjBTcOUh2kYLQEd59ExzyoW1QgQ8XAARQ="
"cache.flakehub.com-9:wChaSeTI6TeCuV/Sg2513ZIM9i0qJaYsF+lZCXg0J6o="
"cache.flakehub.com-10:2GqeNlIp6AKp4EF2MVbE1kBOp9iBSyo0UPR9KoR0o1Y="
];
};
in
{
packages = forAllSystems ({ system, pkgs, ... }: {
Expand Down Expand Up @@ -127,136 +62,8 @@
};
});

darwinModules.default = { lib, config, pkgs, ... }: {
imports = [
commonSettingsModule
restrictedSettingsModule
];

config = {
# Make Nix use the Nix daemon
nix.useDaemon = true;

# Make sure that the user can't enable the nix-daemon in their own nix-darwin config
services.nix-daemon.enable = lib.mkForce false;

system.activationScripts.nix-daemon = lib.mkForce { enable = false; text = ""; };
system.activationScripts.launchd.text = lib.mkBefore ''
if test -e /Library/LaunchDaemons/org.nixos.nix-daemon.plist; then
echo "Unloading org.nixos.nix-daemon"
launchctl bootout system /Library/LaunchDaemons/org.nixos.nix-daemon.plist || true
mv /Library/LaunchDaemons/org.nixos.nix-daemon.plist /Library/LaunchDaemons/.before-determinate-nixd.org.nixos.nix-daemon.plist.skip
fi
if test -e /Library/LaunchDaemons/org.nixos.darwin-store.plist; then
echo "Unloading org.nixos.darwin-store"
launchctl bootout system /Library/LaunchDaemons/org.nixos.darwin-store.plist || true
mv /Library/LaunchDaemons/org.nixos.darwin-store.plist /Library/LaunchDaemons/.before-determinate-nixd.org.nixos.darwin-store.plist.skip
fi
install -d -m 755 -o root -g wheel /usr/local/bin
cp ${self.packages.${pkgs.stdenv.system}.default}/bin/determinate-nixd /usr/local/bin/.determinate-nixd.next
chmod +x /usr/local/bin/.determinate-nixd.next
mv /usr/local/bin/.determinate-nixd.next /usr/local/bin/determinate-nixd
'';

launchd.daemons.determinate-nixd-store.serviceConfig = {
Label = "systems.determinate.nix-store";
RunAtLoad = true;
darwinModules.default = import ./modules/nix-darwin.nix inputs;

StandardErrorPath = lib.mkForce "/var/log/determinate-nix-init.log";
StandardOutPath = lib.mkForce "/var/log/determinate-nix-init.log";

ProgramArguments = lib.mkForce [
"/usr/local/bin/determinate-nixd"
"--nix-bin"
"${config.nix.package}/bin"
"init"
];
};

launchd.daemons.determinate-nixd.serviceConfig = {
Label = "systems.determinate.nix-daemon";

StandardErrorPath = lib.mkForce "/var/log/determinate-nix-daemon.log";
StandardOutPath = lib.mkForce "/var/log/determinate-nix-daemon.log";

ProgramArguments = lib.mkForce [
"/usr/local/bin/determinate-nixd"
"--nix-bin"
"${config.nix.package}/bin"
"daemon"
];

Sockets = {
"determinate-nixd.socket" = {
# We'd set `SockFamily = "Unix";`, but nix-darwin automatically sets it with SockPathName
SockPassive = true;
SockPathName = "/var/run/determinate-nixd.socket";
};

"nix-daemon.socket" = {
# We'd set `SockFamily = "Unix";`, but nix-darwin automatically sets it with SockPathName
SockPassive = true;
SockPathName = "/var/run/nix-daemon.socket";
};
};

SoftResourceLimits = {
NumberOfFiles = mkPreferable 1048576;
NumberOfProcesses = mkPreferable 1048576;
Stack = mkPreferable 67108864;
};
HardResourceLimits = {
NumberOfFiles = mkPreferable 1048576;
NumberOfProcesses = mkPreferable 1048576;
Stack = mkPreferable 67108864;
};
};
};
};


nixosModules.default = { lib, pkgs, config, ... }: {
imports = [
commonSettingsModule
restrictedSettingsModule
];

config = {
environment.systemPackages = [
self.packages.${pkgs.stdenv.system}.default
];

systemd.services.nix-daemon.serviceConfig = {
ExecStart = [
""
"@${self.packages.${pkgs.stdenv.system}.default}/bin/determinate-nixd determinate-nixd --nix-bin ${config.nix.package}/bin daemon"
];
KillMode = mkPreferable "process";
LimitNOFILE = mkMorePreferable 1048576;
LimitSTACK = mkPreferable "64M";
TasksMax = mkPreferable 1048576;
};

systemd.sockets.nix-daemon.socketConfig.FileDescriptorName = "nix-daemon.socket";
systemd.sockets.determinate-nixd = {
description = "Determinate Nixd Daemon Socket";
wantedBy = [ "sockets.target" ];
before = [ "multi-user.target" ];

unitConfig = {
RequiresMountsFor = [ "/nix/store" "/nix/var/determinate" ];
};

socketConfig = {
Service = "nix-daemon.service";
FileDescriptorName = "determinate-nixd.socket";
ListenStream = "/nix/var/determinate/determinate-nixd.socket";
DirectoryMode = "0755";
};
};
};
};
nixosModules.default = import ./modules/nixos.nix inputs;
};
}
97 changes: 97 additions & 0 deletions modules/nix-darwin.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
inputs:
{ lib, config, pkgs, ... }:
let
inherit (import ./shared.nix inputs)
commonNixSettingsModule
restrictedNixSettingsModule
mkPreferable
;
in
{
imports = [
commonNixSettingsModule
restrictedNixSettingsModule
];

config = {
# Make Nix use the Nix daemon
nix.useDaemon = true;

# Make sure that the user can't enable the nix-daemon in their own nix-darwin config
services.nix-daemon.enable = lib.mkForce false;

system.activationScripts.nix-daemon = lib.mkForce { enable = false; text = ""; };
system.activationScripts.launchd.text = lib.mkBefore ''
if test -e /Library/LaunchDaemons/org.nixos.nix-daemon.plist; then
echo "Unloading org.nixos.nix-daemon"
launchctl bootout system /Library/LaunchDaemons/org.nixos.nix-daemon.plist || true
mv /Library/LaunchDaemons/org.nixos.nix-daemon.plist /Library/LaunchDaemons/.before-determinate-nixd.org.nixos.nix-daemon.plist.skip
fi
if test -e /Library/LaunchDaemons/org.nixos.darwin-store.plist; then
echo "Unloading org.nixos.darwin-store"
launchctl bootout system /Library/LaunchDaemons/org.nixos.darwin-store.plist || true
mv /Library/LaunchDaemons/org.nixos.darwin-store.plist /Library/LaunchDaemons/.before-determinate-nixd.org.nixos.darwin-store.plist.skip
fi
install -d -m 755 -o root -g wheel /usr/local/bin
cp ${inputs.self.packages.${pkgs.stdenv.system}.default}/bin/determinate-nixd /usr/local/bin/.determinate-nixd.next
chmod +x /usr/local/bin/.determinate-nixd.next
mv /usr/local/bin/.determinate-nixd.next /usr/local/bin/determinate-nixd
'';

launchd.daemons.determinate-nixd-store.serviceConfig = {
Label = "systems.determinate.nix-store";
RunAtLoad = true;

StandardErrorPath = lib.mkForce "/var/log/determinate-nix-init.log";
StandardOutPath = lib.mkForce "/var/log/determinate-nix-init.log";

ProgramArguments = lib.mkForce [
"/usr/local/bin/determinate-nixd"
"--nix-bin"
"${config.nix.package}/bin"
"init"
];
};

launchd.daemons.determinate-nixd.serviceConfig = {
Label = "systems.determinate.nix-daemon";

StandardErrorPath = lib.mkForce "/var/log/determinate-nix-daemon.log";
StandardOutPath = lib.mkForce "/var/log/determinate-nix-daemon.log";

ProgramArguments = lib.mkForce [
"/usr/local/bin/determinate-nixd"
"--nix-bin"
"${config.nix.package}/bin"
"daemon"
];

Sockets = {
"determinate-nixd.socket" = {
# We'd set `SockFamily = "Unix";`, but nix-darwin automatically sets it with SockPathName
SockPassive = true;
SockPathName = "/var/run/determinate-nixd.socket";
};

"nix-daemon.socket" = {
# We'd set `SockFamily = "Unix";`, but nix-darwin automatically sets it with SockPathName
SockPassive = true;
SockPathName = "/var/run/nix-daemon.socket";
};
};

SoftResourceLimits = {
NumberOfFiles = mkPreferable 1048576;
NumberOfProcesses = mkPreferable 1048576;
Stack = mkPreferable 67108864;
};
HardResourceLimits = {
NumberOfFiles = mkPreferable 1048576;
NumberOfProcesses = mkPreferable 1048576;
Stack = mkPreferable 67108864;
};
};
};
}
51 changes: 51 additions & 0 deletions modules/nixos.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
inputs:
{ lib, pkgs, config, ... }:
let
inherit (import ./shared.nix inputs)
commonNixSettingsModule
restrictedNixSettingsModule
mkPreferable
mkMorePreferable
;
in
{
imports = [
commonNixSettingsModule
restrictedNixSettingsModule
];

config = {
environment.systemPackages = [
inputs.self.packages.${pkgs.stdenv.system}.default
];

systemd.services.nix-daemon.serviceConfig = {
ExecStart = [
""
"@${inputs.self.packages.${pkgs.stdenv.system}.default}/bin/determinate-nixd determinate-nixd --nix-bin ${config.nix.package}/bin daemon"
];
KillMode = mkPreferable "process";
LimitNOFILE = mkMorePreferable 1048576;
LimitSTACK = mkPreferable "64M";
TasksMax = mkPreferable 1048576;
};

systemd.sockets.nix-daemon.socketConfig.FileDescriptorName = "nix-daemon.socket";
systemd.sockets.determinate-nixd = {
description = "Determinate Nixd Daemon Socket";
wantedBy = [ "sockets.target" ];
before = [ "multi-user.target" ];

unitConfig = {
RequiresMountsFor = [ "/nix/store" "/nix/var/determinate" ];
};

socketConfig = {
Service = "nix-daemon.service";
FileDescriptorName = "determinate-nixd.socket";
ListenStream = "/nix/var/determinate/determinate-nixd.socket";
DirectoryMode = "0755";
};
};
};
}
Loading

0 comments on commit 352f03a

Please sign in to comment.