feat: system tools can be configured individually #1331
Conversation
modules/nix/nix-darwin.nix
Outdated
| inherit (nix-tools) darwin-option darwin-rebuild darwin-version; | ||
| mkToolModule = { name, package ? nix-tools.${name} }: { config, ... }: { | ||
| options.system.tools.${name}.enable = lib.mkEnableOption "${name} script" // { | ||
| default = config.nix.enable && ! config.system.disableInstallerTools; |
There was a problem hiding this comment.
I think that most users with nix.enable = false; will be using an unmanaged system Nix rather than deploying a configuration with no Nix installation at all (since that’s kinda hard on macOS). So we probably want this to be on by default even if !config.nix.enable. I don’t have a super principled justification for this divergence from NixOS, but I think it’s okay to expect people to manually disable system.disableInstallerTools if they want them gone.
| (mkToolModule { name = "darwin-option"; }) | ||
| (mkToolModule { name = "darwin-rebuild"; }) | ||
| (mkToolModule { name = "darwin-version"; }) | ||
| (mkToolModule { name = "darwin-uninstaller"; package = darwin-uninstaller; }) |
There was a problem hiding this comment.
Maybe we should move darwin-uninstaller to nix-tools. cc @Enzime
| Disable installer tools, such as darwin-rebuild and darwin-option. This | ||
| is useful to shrink systems which are not expected to rebuild or | ||
| reconfigure themselves. Use at your own risk! |
There was a problem hiding this comment.
I feel like “installer tools” is a bit of a weird term here when we don’t even have nixos-install. But the option name is already what it is, so eh…
pkgs/darwin-uninstaller/default.nix
Outdated
| system.tools.darwin-uninstaller.enable = false; | ||
| system.tools.darwin-rebuild.enable = true; |
There was a problem hiding this comment.
The uninstaller only uses darwin-rebuild activate, which is kinda disjoint from the vast majority of other darwin-rebuild behaviour. I’m hoping to encourage third‐party deployment tools to use it more, so its removal breaking our own installer feels a bit awkward. This would be fixed by removing the config.nix.enable condition, though.
In an ideal world we’d have an apply script like has been worked on for NixOS but we don’t currently. Maybe the uninstaller should just invoke the activation scripts directly for now, and then we could disable installer tools in its configuration.nix.
With the merging of #1313, it makes it easier to port the tools module from nixpkgs, https://github.com/NixOS/nixpkgs/blob/3fd6fcf0a896c789573955df6e674e7dad64da67/nixos/modules/installer/tools/tools.nix#L234 which is a almost exact copy.