Skip to content

Latest commit

 

History

History
63 lines (49 loc) · 1.95 KB

README.md

File metadata and controls

63 lines (49 loc) · 1.95 KB

nix-rosetta-builder

A Rosetta 2-enabled, Apple silicon (macOS/Darwin)-hosted Linux Nix builder.

Runs on aarch64-darwin and builds aarch64-linux (natively) and x86_64-linux (quickly using Rosetta 2).

Features

Advantages over nix-darwin's built in nix.linux-builder (which is based on pkgs.darwin.linux-builder):

  • x86_64-linux support enabled by default and much faster (using Rosetta 2)
  • Multi-core by default
  • More secure:
    • VM runs with minimum permissions (runs as a non-root/admin/wheel user/service account)
    • VM doesn't accept remote connections (it binds to the loopback interface (127.0.0.1))
    • VM cannot be impersonated (its private SSH host key is not publicly-known)

nix-darwin flake setup

flake.nix:

{
  description = "Configure macOS using nix-darwin with rosetta-builder";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
    nix-darwin = {
      url = "github:lnl7/nix-darwin";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nix-rosetta-builder = {
      url = "github:cpick/nix-rosetta-builder";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = inputs@{ self, nix-darwin, nix-rosetta-builder, nixpkgs }: {
    darwinConfigurations."${hostname}" = nix-darwin.lib.darwinSystem {
      modules = [ nix-rosetta-builder.darwinModules.default ];
    };
  };
}

Uninstall

Remove nix-rosetta-builder from nix-darwin's flake.nix, darwin-rebuild, and then:

sudo rm -r /var/lib/rosetta-builder
sudo dscl . -delete /Users/_rosettabuilder
sudo dscl . -delete /Groups/rosettabuilder

Contributing

Feature requests, bug reports, and pull requests are all welcome.