diff --git a/README.md b/README.md
index 97200d69c..2419f391a 100644
--- a/README.md
+++ b/README.md
@@ -1,231 +1,3 @@
-[
](https://github.com/LnL7/nix-darwin)
-
# nix-darwin
-[](https://github.com/LnL7/nix-darwin/actions/workflows/test.yml)
-
-Nix modules for darwin, `/etc/nixos/configuration.nix` for macOS.
-
-This project aims to bring the convenience of a declarative system approach to macOS.
-nix-darwin is built up around [Nixpkgs](https://github.com/NixOS/nixpkgs), quite similar to [NixOS](https://nixos.org/).
-
-## Prerequisites
-
-The only prerequisite is a Nix implementation, both Nix and Lix are supported.
-
-As the official Nix installer does not include an automated uninstaller, and manual uninstallation on macOS is a complex process, we recommend using one of the following installers instead:
-
-- The [Nix installer from Determinate Systems](https://github.com/DeterminateSystems/nix-installer?tab=readme-ov-file#determinate-nix-installer) is only recommended for use with flake-based setups. **Make sure you use it without the `--determinate` flag**. The `--determinate` flag installs the Determinate Nix distribution which does not work out of the box with nix-darwin.
-* The [Lix installer](https://lix.systems/install/#on-any-other-linuxmacos-system) supports both flake-based and channel-based setups.
-
-
-
-## Getting started
-
-Despite being an experimental feature in Nix currently, nix-darwin recommends that beginners use flakes to manage their nix-darwin configurations.
-
-
-Flakes (Recommended for beginners)
-
-### Step 1. Creating `flake.nix`
-
-
-Getting started from scratch
-
-
-If you don't have an existing `configuration.nix`, you can run the following commands to generate a basic `flake.nix` inside `~/.config/nix-darwin`:
-
-```bash
-mkdir -p ~/.config/nix-darwin
-cd ~/.config/nix-darwin
-
-# To use Nixpkgs unstable:
-nix flake init -t nix-darwin/master
-# To use Nixpkgs 24.11:
-nix flake init -t nix-darwin/nix-darwin-24.11
-
-sed -i '' "s/simple/$(scutil --get LocalHostName)/" flake.nix
-```
-
-Make sure to change `nixpkgs.hostPlatform` to `aarch64-darwin` if you are using Apple Silicon.
-
-
-
-
-Migrating from an existing configuration.nix
-
-
-Add the following to `flake.nix` in the same folder as `configuration.nix`:
-
-```nix
-{
- description = "John's darwin system";
-
- inputs = {
- # Use `github:NixOS/nixpkgs/nixpkgs-24.11-darwin` to use Nixpkgs 24.11.
- nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
- # Use `github:LnL7/nix-darwin/nix-darwin-24.11` to use Nixpkgs 24.11.
- nix-darwin.url = "github:LnL7/nix-darwin/master";
- nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
- };
-
- outputs = inputs@{ self, nix-darwin, nixpkgs }: {
- darwinConfigurations."Johns-MacBook" = nix-darwin.lib.darwinSystem {
- modules = [ ./configuration.nix ];
- };
- };
-}
-```
-
-Make sure to replace `Johns-MacBook` with your hostname which you can find by running `scutil --get LocalHostName`.
-
-Make sure to set `nixpkgs.hostPlatform` in your `configuration.nix` to either `x86_64-darwin` (Intel) or `aarch64-darwin` (Apple Silicon).
-
-
-
-### Step 2. Installing `nix-darwin`
-
-Unlike NixOS, `nix-darwin` does not have an installer, you can just run `darwin-rebuild switch` to install nix-darwin. As `darwin-rebuild` won't be installed in your `PATH` yet, you can use the following command:
-
-```bash
-nix run nix-darwin -- switch --flake ~/.config/nix-darwin
-```
-
-### Step 3. Using `nix-darwin`
-
-After installing, you can run `darwin-rebuild` to apply changes to your system:
-
-```bash
-darwin-rebuild switch --flake ~/.config/nix-darwin
-```
-
-#### Using flake inputs
-
-Inputs from the flake can also be passed into `darwinSystem`. These inputs are then
-accessible as an argument `inputs`, similar to `pkgs` and `lib`, inside the configuration.
-
-```nix
-# in flake.nix
-nix-darwin.lib.darwinSystem {
- modules = [ ./configuration.nix ];
- specialArgs = { inherit inputs; };
-}
-```
-
-```nix
-# in configuration.nix
-{ pkgs, lib, inputs }:
-# inputs.self, inputs.nix-darwin, and inputs.nixpkgs can be accessed here
-```
-
-
-
-Channels
-
-### Step 1. Creating `configuration.nix`
-
-Copy the [simple](./modules/examples/simple.nix) example to `~/.config/nix-darwin/configuration.nix`.
-
-### Step 2. Adding `nix-darwin` channel
-
-```bash
-# If you use Nixpkgs unstable (the default):
-sudo nix-channel --add https://github.com/LnL7/nix-darwin/archive/master.tar.gz darwin
-# If you use Nixpkgs 24.11:
-sudo nix-channel --add https://github.com/LnL7/nix-darwin/archive/nix-darwin-24.11.tar.gz darwin
-
-sudo nix-channel --update
-```
-
-### Step 3. Installing `nix-darwin`
-
-To install `nix-darwin`, you can just run `darwin-rebuild switch` to install nix-darwin. As `darwin-rebuild` won't be installed in your `PATH` yet, you can use the following command:
-
-```bash
-# If you use Nixpkgs unstable (the default):
-nix-build https://github.com/LnL7/nix-darwin/archive/master.tar.gz -A darwin-rebuild
-# If you use Nixpkgs 24.11:
-nix-build https://github.com/LnL7/nix-darwin/archive/nix-darwin-24.11.tar.gz -A darwin-rebuild
-
-./result/bin/darwin-rebuild switch -I darwin-config=$HOME/.config/nix-darwin/configuration.nix
-```
-
-### Step 4. Using `nix-darwin`
-
-After installing, you can run `darwin-rebuild` to apply changes to your system:
-
-```bash
-darwin-rebuild switch
-```
-
-### Step 5. Updating `nix-darwin`
-
-You can update Nixpkgs and `nix-darwin` using the following command:
-
-```bash
-sudo nix-channel --update
-```
-
-
-## Documentation
-
-`darwin-help` will open up a local copy of the reference documentation, it can also be found online [here](https://daiderd.com/nix-darwin/manual/index.html).
-
-The documentation is also available as manpages by running `man 5 configuration.nix`.
-
-## Uninstalling
-
-To run the latest version of the uninstaller, you can run the following command:
-
-```
-nix --extra-experimental-features "nix-command flakes" run nix-darwin#darwin-uninstaller
-```
-
-If that command doesn't work for you, you can try the locally installed uninstaller:
-
-```
-darwin-uninstaller
-```
-
-## Tests
-
-There are basic tests that run sanity checks for some of the modules,
-you can run them like this:
-
-```bash
-# run all tests
-nix-build release.nix -A tests
-# or just a subset
-nix-build release.nix -A tests.environment-path
-```
-
-## Contributing
-
-Let's make Nix on macOS awesome!
-
-Don't hesitate to contribute modules or open an issue.
-
-To build your configuration with local changes you can run this. This
-flag can also be used to override darwin-config or nixpkgs, for more
-information on the `-I` flag look at the nix-build [manpage](https://nixos.org/manual/nix/stable/command-ref/nix-build.html).
-
-```bash
-darwin-rebuild switch -I darwin=.
-```
-
-If you're adding a module, please add yourself to `meta.maintainers`, for example
-
-```nix
- meta.maintainers = [
- lib.maintainers.alice or "alice"
- ];
-
- options.services.alicebot = # ...
-```
-
-The `or` operator takes care of graceful degradation when `lib` from Nixpkgs
-goes out of sync.
-
-Also feel free to contact me if you have questions,
-- Matrix - @daiderd:matrix.org, you can find me in [#macos:nixos.org](https://matrix.to/#/#macos:nixos.org)
-- @LnL7 on twitter
+This is the 24.11 release branch of nix-darwin. See [the main readme](https://github.com/LnL7/nix-darwin#readme) for documentation.
diff --git a/modules/networking/default.nix b/modules/networking/default.nix
index 7a81ca1c8..b53a9e4a7 100644
--- a/modules/networking/default.nix
+++ b/modules/networking/default.nix
@@ -118,7 +118,6 @@ in
echo "configuring networking..." >&2
${optionalString (cfg.computerName != null) ''
- # shellcheck disable=SC1112
scutil --set ComputerName ${escapeShellArg cfg.computerName}
''}
${optionalString (cfg.hostName != null) ''
diff --git a/modules/nix/default.nix b/modules/nix/default.nix
index 8d8ffc8d5..817bfc0ef 100644
--- a/modules/nix/default.nix
+++ b/modules/nix/default.nix
@@ -134,6 +134,26 @@ let
namedPaths ++ searchPaths;
};
+ handleUnmanaged = managedConfig: mkMerge [
+ (mkIf cfg.enable managedConfig)
+ (mkIf (!cfg.enable) {
+ system.activationScripts.nix-daemon.text = ''
+ # Restore unmanaged Nix daemon if present
+ unmanagedNixProfile=/nix/var/nix/profiles/default
+ if [[
+ -e /run/current-system/Library/LaunchDaemons/org.nixos.nix-daemon.plist
+ && -e $unmanagedNixProfile/Library/LaunchDaemons/org.nixos.nix-daemon.plist
+ ]]; then
+ printf >&2 'restoring unmanaged Nix daemon...\n'
+ cp \
+ "$unmanagedNixProfile/Library/LaunchDaemons/org.nixos.nix-daemon.plist" \
+ /Library/LaunchDaemons
+ launchctl load -w /Library/LaunchDaemons/org.nixos.nix-daemon.plist
+ fi
+ '';
+ })
+ ];
+
in
{
@@ -144,7 +164,6 @@ in
in
[
# Only ever in NixOS
- (mkRemovedOptionModule [ "nix" "enable" ] "No `nix-darwin` equivalent to this NixOS option.")
(mkRemovedOptionModule [ "nix" "daemonCPUSchedPolicy" ] (altOption "nix.daemonProcessType"))
(mkRemovedOptionModule [ "nix" "daemonIOSchedClass" ] (altOption "nix.daemonProcessType"))
(mkRemovedOptionModule [ "nix" "daemonIOSchedPriority" ] (altOption "nix.daemonIOLowPriority"))
@@ -165,9 +184,36 @@ in
nix = {
+ enable = lib.mkOption {
+ type = lib.types.bool;
+ default = true;
+ description = ''
+ Whether to enable Nix.
+
+ Disabling this will stop nix-darwin from managing the
+ installed version of Nix, the nix-daemon launchd daemon, and
+ the settings in {file}`/etc/nix/nix.conf`.
+
+ This allows you to use nix-darwin without it taking over your
+ system installation of Nix. Some nix-darwin functionality
+ that relies on managing the Nix installation, like the
+ `nix.*` options to adjust Nix settings or configure a Linux
+ builder, will be unavailable. You will also have to upgrade
+ Nix yourself, as nix-darwin will no longer do so.
+
+ ::: {.warning}
+ If you have already removed your global system installation
+ of Nix, this will break nix-darwin and you will have to
+ reinstall Nix to fix it.
+ :::
+ '';
+ };
+
package = mkOption {
type = types.package;
- default = pkgs.nix;
+ default = warnIf (!cfg.enable)
+ "nix.package: accessed when `nix.enable` is off; this is a bug"
+ pkgs.nix;
defaultText = literalExpression "pkgs.nix";
description = ''
This option specifies the Nix package instance to use throughout the system.
@@ -177,7 +223,16 @@ in
# Not in NixOS module
useDaemon = mkOption {
type = types.bool;
- default = false;
+ # We assume that unmanaged Nix installations use the daemon by
+ # default, to match the logic in nix-darwin 25.05. This is
+ # weird, but it matches the default behaviour in practice
+ # (since `services.nix-daemon.enable` is on by default and sets
+ # `nix.useDaemon` to true), and since `nix.enable` didn’t
+ # previously exist, it’s not a backwards‐compatibility concern;
+ # we can consequently avoid bifurcating the user experience
+ # across the release branches.
+ default = !config.nix.enable;
+ defaultText = literalExpression "!config.nix.enable";
description = ''
If set, Nix will use the daemon to perform operations.
Use this instead of services.nix-daemon.enable if you don't want the
@@ -678,7 +733,7 @@ in
###### implementation
- config = {
+ config = handleUnmanaged {
environment.systemPackages =
[
nixPackage
@@ -759,7 +814,7 @@ in
# Not in NixOS module
{ assertion = elem "nixbld" config.users.knownGroups -> elem "nixbld" createdGroups; message = "refusing to delete group nixbld in users.knownGroups, this would break nix"; }
- { assertion = elem "_nixbld1" config.users.knownGroups -> elem "_nixbld1" createdUsers; message = "refusing to delete user _nixbld1 in users.knownUsers, this would break nix"; }
+ { assertion = elem "_nixbld1" config.users.knownUsers -> elem "_nixbld1" createdUsers; message = "refusing to delete user _nixbld1 in users.knownUsers, this would break nix"; }
{ assertion = config.users.groups ? "nixbld" -> config.users.groups.nixbld.members != []; message = "refusing to remove all members from nixbld group, this would break nix"; }
{
@@ -853,9 +908,7 @@ in
fi
done
if [[ ! $nixCustomConfIsKnown ]]; then
- # shellcheck disable=SC2016
printf >&2 '\e[1;31merror: custom settings in `/etc/nix/nix.custom.conf`, aborting activation\e[0m\n'
- # shellcheck disable=SC2016
printf >&2 'You will need to migrate these to nix-darwin `nix.*` settings if you\n'
printf >&2 'wish to keep them. Check the manual for the appropriate settings and\n'
printf >&2 'add them to your system configuration, then run:\n'
diff --git a/modules/nix/nix-darwin.nix b/modules/nix/nix-darwin.nix
index 4a989d791..2766b1126 100644
--- a/modules/nix/nix-darwin.nix
+++ b/modules/nix/nix-darwin.nix
@@ -4,7 +4,7 @@ let
nix-tools = pkgs.callPackage ../../pkgs/nix-tools {
inherit (config.system) profile;
inherit (config.environment) systemPath;
- nixPackage = config.nix.package;
+ nixPackage = if config.nix.enable then config.nix.package else null;
};
darwin-uninstaller = pkgs.callPackage ../../pkgs/darwin-uninstaller { };
diff --git a/modules/services/nix-daemon.nix b/modules/services/nix-daemon.nix
index ffc7e651b..df3fa310e 100644
--- a/modules/services/nix-daemon.nix
+++ b/modules/services/nix-daemon.nix
@@ -10,7 +10,7 @@ in
options = {
services.nix-daemon.enable = mkOption {
type = types.bool;
- default = true;
+ default = config.nix.enable;
description = "Whether to enable the nix-daemon service.";
};
diff --git a/modules/system/activation-scripts.nix b/modules/system/activation-scripts.nix
index 5f8916cc7..b051972b5 100644
--- a/modules/system/activation-scripts.nix
+++ b/modules/system/activation-scripts.nix
@@ -13,6 +13,32 @@ let
mkTextDerivation = name: text: pkgs.writeScript "activate-${name}" text;
};
+ activationPath =
+ lib.makeBinPath [
+ pkgs.gnugrep
+ pkgs.coreutils
+ ]
+ + lib.optionalString (!config.nix.enable) ''
+ $(
+ # If `nix.enable` is off, there might be an unmanaged Nix
+ # installation (say in `/nix/var/nix/profiles/default`) that
+ # activation scripts (such as Home Manager) want to find on the
+ # `$PATH`. Search for it directly to avoid polluting the
+ # activation script environment with everything on the
+ # `environment.systemPath`.
+ if nixEnvPath=$(
+ PATH="${config.environment.systemPath}" command -v nix-env
+ ); then
+ printf ':'
+ ${lib.getExe' pkgs.coreutils "dirname"} -- "$(
+ ${lib.getExe' pkgs.coreutils "readlink"} \
+ --canonicalize-missing \
+ -- "$nixEnvPath"
+ )"
+ fi
+ )''
+ + ":@out@/sw/bin:/usr/bin:/bin:/usr/sbin:/sbin";
+
in
{
@@ -40,7 +66,9 @@ in
#! ${stdenv.shell}
set -e
set -o pipefail
- export PATH="${pkgs.gnugrep}/bin:${pkgs.coreutils}/bin:@out@/sw/bin:/usr/bin:/bin:/usr/sbin:/sbin"
+
+ PATH="${activationPath}"
+ export PATH
systemConfig=@out@
@@ -91,7 +119,9 @@ in
#! ${stdenv.shell}
set -e
set -o pipefail
- export PATH="${pkgs.gnugrep}/bin:${pkgs.coreutils}/bin:@out@/sw/bin:/usr/bin:/bin"
+
+ PATH="${activationPath}"
+ export PATH
systemConfig=@out@
diff --git a/modules/system/checks.nix b/modules/system/checks.nix
index a5fd44a81..17f6467db 100644
--- a/modules/system/checks.nix
+++ b/modules/system/checks.nix
@@ -31,6 +31,23 @@ let
fi
'';
+ determinate = ''
+ if [[ -e /usr/local/bin/determinate-nixd ]]; then
+ printf >&2 '\e[1;31merror: Determinate detected, aborting activation\e[0m\n'
+ printf >&2 'Determinate uses its own daemon to manage the Nix installation that\n'
+ printf >&2 'conflicts with nix-darwin’s native Nix management.\n'
+ printf >&2 '\n'
+ printf >&2 'To turn off nix-darwin’s management of the Nix installation, set:\n'
+ printf >&2 '\n'
+ printf >&2 ' nix.enable = false;\n'
+ printf >&2 '\n'
+ printf >&2 'This will allow you to use nix-darwin with Determinate. Some nix-darwin\n'
+ printf >&2 'functionality that relies on managing the Nix installation, like the\n'
+ printf >&2 '`nix.*` options to adjust Nix settings or configure a Linux builder,\n'
+ printf >&2 'will be unavailable.\n'
+ exit 2
+ fi
+ '';
oldBuildUsers = ''
if dscl . -list /Users | grep -q '^nixbld'; then
@@ -118,7 +135,6 @@ let
printf >&2 'Possible causes include setting up a new Nix installation with an\n'
printf >&2 'existing nix-darwin configuration, setting up a new nix-darwin\n'
printf >&2 'installation with an existing Nix installation, or manually increasing\n'
- # shellcheck disable=SC2016
printf >&2 'your `system.stateVersion` setting.\n'
printf >&2 '\n'
printf >&2 'You can set the configured group ID to match the actual value:\n'
@@ -139,7 +155,6 @@ let
printf >&2 '\n'
printf >&2 ' services.nix-daemon.enable = false;\n'
printf >&2 '\n'
- # shellcheck disable=SC2016
printf >&2 'and remove `nix.useDaemon` from your configuration if it is present.\n'
printf >&2 '\n'
exit 2
@@ -279,7 +294,6 @@ let
if [[ -d /etc/ssh/authorized_keys.d ]]; then
printf >&2 '\e[1;31merror: /etc/ssh/authorized_keys.d exists, aborting activation\e[0m\n'
printf >&2 'SECURITY NOTICE: The previous implementation of the\n'
- # shellcheck disable=SC2016
printf >&2 '`users.users..openssh.authorizedKeys.*` options would not delete\n'
printf >&2 'authorized keys files when the setting for a given user was removed.\n'
printf >&2 '\n'
@@ -302,7 +316,6 @@ let
echo "Homebrew doesn't seem to be installed. Please install homebrew separately." >&2
echo "You can install homebrew using the following command:" >&2
echo >&2
- # shellcheck disable=SC2016
echo ' /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"' >&2
echo >&2
exit 2
@@ -323,21 +336,22 @@ in
options = {
system.checks.verifyNixPath = mkOption {
type = types.bool;
- default = true;
+ default = config.nix.enable;
description = "Whether to run the NIX_PATH validation checks.";
};
system.checks.verifyNixChannels = mkOption {
type = types.bool;
- default = config.nix.channel.enable;
+ default = config.nix.enable && config.nix.channel.enable;
description = "Whether to run the nix-channels validation checks.";
};
system.checks.verifyBuildUsers = mkOption {
type = types.bool;
default =
- (config.nix.useDaemon && !(config.nix.settings.auto-allocate-uids or false))
- || config.nix.configureBuildUsers;
+ config.nix.enable &&
+ ((config.nix.useDaemon && !(config.nix.settings.auto-allocate-uids or false))
+ || config.nix.configureBuildUsers);
description = "Whether to run the Nix build users validation checks.";
};
@@ -353,11 +367,12 @@ in
system.checks.text = mkMerge [
darwinChanges
runLink
+ (mkIf config.nix.enable determinate)
(mkIf (cfg.verifyBuildUsers && !config.nix.configureBuildUsers) oldBuildUsers)
(mkIf cfg.verifyBuildUsers buildUsers)
(mkIf cfg.verifyBuildUsers preSequoiaBuildUsers)
(mkIf config.nix.configureBuildUsers buildGroupID)
- nixDaemon
+ (mkIf config.nix.enable nixDaemon)
nixStore
(mkIf (config.nix.gc.automatic && config.nix.gc.user == null) nixGarbageCollector)
(mkIf (config.nix.optimise.automatic && config.nix.optimise.user == null) nixStoreOptimiser)
diff --git a/modules/system/default.nix b/modules/system/default.nix
index a1862faee..8351dcc66 100644
--- a/modules/system/default.nix
+++ b/modules/system/default.nix
@@ -135,7 +135,10 @@ in
chmod u+x $out/activate-user
unset activationUserScript
- shellcheck $out/activate $out/activate-user
+ # We exclude the warnings for `…` in single‐quote strings and
+ # non‐ASCII quotation marks as they are noisy and lead to a lot
+ # of false positives in our user‐facing output:
+ shellcheck --exclude=SC2016,SC1112 $out/activate $out/activate-user
echo -n "$systemConfig" > $out/systemConfig
diff --git a/modules/users/default.nix b/modules/users/default.nix
index 574f5a4eb..ecce2af3b 100644
--- a/modules/users/default.nix
+++ b/modules/users/default.nix
@@ -149,7 +149,6 @@ in
if ! sudo dscl . -change /Users/nobody NFSHomeDirectory "$homeDirectory" "$homeDirectory" &> /dev/null; then
if [[ -n "$SSH_CONNECTION" ]]; then
printf >&2 '\e[1;31merror: users cannot be %s over SSH without Full Disk Access, aborting activation\e[0m\n' "$2"
- # shellcheck disable=SC2016
printf >&2 'The user %s could not be %s as `darwin-rebuild` was not executed with Full Disk Access over SSH.\n' "$1" "$2"
printf >&2 'You can either:\n'
printf >&2 '\n'
@@ -157,7 +156,6 @@ in
printf >&2 '\n'
printf >&2 'or\n'
printf >&2 '\n'
- # shellcheck disable=SC2016
printf >&2 ' run `darwin-rebuild` in a graphical session.\n'
printf >&2 '\n'
printf >&2 'The option "Allow full disk access for remote users" can be found by\n'
@@ -171,11 +169,9 @@ in
if ! sudo dscl . -change /Users/nobody NFSHomeDirectory "$homeDirectory" "$homeDirectory" &> /dev/null; then
printf >&2 '\e[1;31merror: permission denied when trying to %s user %s, aborting activation\e[0m\n' "$2" "$1"
- # shellcheck disable=SC2016
printf >&2 '`darwin-rebuild` requires permissions to administrate your computer,\n'
printf >&2 'please accept the dialog that pops up.\n'
printf >&2 '\n'
- # shellcheck disable=SC2016
printf >&2 'If you do not wish to be prompted every time `darwin-rebuild updates your users,\n'
printf >&2 'you can grant Full Disk Access to your terminal emulator in System Settings.\n'
printf >&2 '\n'
@@ -224,7 +220,6 @@ in
if [ "$u" -gt 501 ]; then
# TODO: add `darwin.primaryUser` as well
if [[ ${name} == "$USER" ]]; then
- # shellcheck disable=SC2016
printf >&2 '\e[1;31merror: refusing to delete the user calling `darwin-rebuild` (%s), aborting activation\e[0m\n', ${name}
exit 1
fi
diff --git a/pkgs/darwin-uninstaller/configuration.nix b/pkgs/darwin-uninstaller/configuration.nix
index 295477a68..419db71d2 100644
--- a/pkgs/darwin-uninstaller/configuration.nix
+++ b/pkgs/darwin-uninstaller/configuration.nix
@@ -12,8 +12,8 @@ with lib;
launchd.daemons = mkForce {};
launchd.user.agents = mkForce {};
- # Don't try to reload `nix-daemon`
- nix.useDaemon = mkForce false;
+ # Restore any unmanaged `nix-daemon`.
+ nix.enable = false;
system.activationScripts.postUserActivation.text = mkAfter ''
if [[ -L ~/.nix-defexpr/channels/darwin ]]; then
@@ -30,14 +30,6 @@ with lib;
rm /etc/static
fi
- # If the Nix Store is owned by root then we're on a multi-user system
- if [[ -O /nix/store ]]; then
- if [[ -e /nix/var/nix/profiles/default/Library/LaunchDaemons/org.nixos.nix-daemon.plist ]]; then
- sudo cp /nix/var/nix/profiles/default/Library/LaunchDaemons/org.nixos.nix-daemon.plist /Library/LaunchDaemons/org.nixos.nix-daemon.plist
- sudo launchctl load -w /Library/LaunchDaemons/org.nixos.nix-daemon.plist
- fi
- fi
-
# grep will return 1 when no lines matched which makes this line fail with `set -eo pipefail`
dscl . -list /Users UserShell | { grep "\s/run/" || true; } | awk '{print $1}' | while read -r user; do
shell=$(dscl . -read /Users/"$user" UserShell)
diff --git a/pkgs/darwin-uninstaller/default.nix b/pkgs/darwin-uninstaller/default.nix
index da58682e3..dc5938973 100644
--- a/pkgs/darwin-uninstaller/default.nix
+++ b/pkgs/darwin-uninstaller/default.nix
@@ -31,8 +31,11 @@ in writeShellApplication {
echo >&2 " - remove /Applications/Nix Apps symlink"
echo >&2 " - cleanup static /etc files"
echo >&2 " - disable and remove all launchd services managed by nix-darwin"
- if [[ $(stat -f '%Su' /nix/store) == "root" ]]; then
- echo >&2 " - restore nix-daemon service from nix installer as this is a multi-user install"
+ if [[
+ -e /run/current-system/Library/LaunchDaemons/org.nixos.nix-daemon.plist
+ && -e /nix/var/nix/profiles/default/Library/LaunchDaemons/org.nixos.nix-daemon.plist
+ ]]; then
+ echo >&2 " - restore nix-daemon service from the Nix installer"
fi
echo >&2
@@ -88,7 +91,7 @@ in writeShellApplication {
launchctl print system/org.nixos.nix-daemon
pgrep -l nix-daemon
test -e /Library/LaunchDaemons/org.nixos.nix-daemon.plist
- [[ "$(shasum -a 256 /Library/LaunchDaemons/org.nixos.nix-daemon.plist | awk '{print $1}')" == "$(shasum -a 256 /Library/LaunchDaemons/org.nixos.nix-daemon.plist | awk '{print $1}')" ]]
+ [[ "$(shasum -a 256 /Library/LaunchDaemons/org.nixos.nix-daemon.plist | awk '{print $1}')" == "$(shasum -a 256 /nix/var/nix/profiles/default/Library/LaunchDaemons/org.nixos.nix-daemon.plist | awk '{print $1}')" ]]
nix-store --store daemon -q --hash ${stdenv.shell}
fi
echo >&2 ok
diff --git a/release.nix b/release.nix
index b3e2df7ed..52b3c2aa7 100644
--- a/release.nix
+++ b/release.nix
@@ -88,6 +88,7 @@ in {
tests.launchd-setenv = makeTest ./tests/launchd-setenv.nix;
tests.networking-hostname = makeTest ./tests/networking-hostname.nix;
tests.networking-networkservices = makeTest ./tests/networking-networkservices.nix;
+ tests.nix-enable = makeTest ./tests/nix-enable.nix;
tests.nixpkgs-overlays = makeTest ./tests/nixpkgs-overlays.nix;
tests.programs-ssh = makeTest ./tests/programs-ssh.nix;
tests.programs-tmux = makeTest ./tests/programs-tmux.nix;
diff --git a/tests/nix-enable.nix b/tests/nix-enable.nix
new file mode 100644
index 000000000..0828834f1
--- /dev/null
+++ b/tests/nix-enable.nix
@@ -0,0 +1,17 @@
+{ config, ... }:
+
+{
+ nix.enable = false;
+ nix.package = throw "`nix.package` used when `nix.enable` is turned off";
+
+ test = ''
+ printf >&2 'checking for unexpected Nix binary in /sw/bin\n'
+ [[ -e ${config.out}/sw/bin/nix-env ]] && exit 1
+
+ printf >&2 'checking for unexpected nix-daemon plist in /Library/LaunchDaemons\n'
+ [[ -e ${config.out}/Library/LaunchDaemons/org.nixos.nix-daemon.plist ]] && exit 1
+
+ printf >&2 'checking for late‐bound Nix lookup in /activate\n'
+ grep nixEnvPath= ${config.out}/activate
+ '';
+}