evan/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

build: add determinate nix support for darwin

Browse Source 
- Add determinateSystems/determinate flake input
- Include determinate darwin modules in configuration
- Disable legacy nix module configuration
- Remove modules/darwin/nix/default.nix
- Add mac-va-mbp-work system using determinate nix
This commit is contained in:
Evan Reichard
2026-02-08 11:02:36 -05:00
parent d685773604
commit f47505af0b
6 changed files with 230 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

217
flake.lock generated
View File

@@ -42,9 +42,67 @@
"type": "github"
}
},
"determinate": {
"inputs": {
"determinate-nixd-aarch64-darwin": "determinate-nixd-aarch64-darwin",
"determinate-nixd-aarch64-linux": "determinate-nixd-aarch64-linux",
"determinate-nixd-x86_64-linux": "determinate-nixd-x86_64-linux",
"nix": "nix",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1770325739,
"narHash": "sha256-TPDWnhzKW/1+FPMiagZ9mZiQN0aKcGC09yYSUBuv8Mo=",
"owner": "determinatesystems",
"repo": "determinate",
"rev": "1b3259b71c81508ffd409114525df6a55c0f337f",
"type": "github"
},
"original": {
"owner": "determinatesystems",
"repo": "determinate",
"type": "github"
}
},
"determinate-nixd-aarch64-darwin": {
"flake": false,
"locked": {
"narHash": "sha256-zK2dgNHh/p92rk5jN+Y1LOMn0HEdTsS+7XXwb2g52oM=",
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/macOS"
},
"original": {
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/macOS"
}
},
"determinate-nixd-aarch64-linux": {
"flake": false,
"locked": {
"narHash": "sha256-ckvZP0zFcbzLXWYOJUqYXkKBt0b2IZcQEr7YjEVtwOI=",
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/aarch64-linux"
},
"original": {
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/aarch64-linux"
}
},
"determinate-nixd-x86_64-linux": {
"flake": false,
"locked": {
"narHash": "sha256-8dLtm8FJrpyBmrNpspJj30/6I5HGEfjjXuFqURcZ8pk=",
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/x86_64-linux"
},
"original": {
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/x86_64-linux"
}
},
"disko": {
"inputs": {
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1769524058,
@@ -98,6 +156,22 @@
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1650374568,
@@ -113,6 +187,27 @@
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"determinate",
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1748821116,
"narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=",
"rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1",
"revCount": 377,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/hercules-ci/flake-parts/0.1.377%2Brev-49f0870db23e8c1ca0b5259734a02cd9e1e371a1/01972f28-554a-73f8-91f4-d488cc502f08/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
@@ -150,6 +245,32 @@
"type": "github"
}
},
"git-hooks-nix": {
"inputs": {
"flake-compat": "flake-compat_2",
"gitignore": [
"determinate",
"nix"
],
"nixpkgs": [
"determinate",
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1747372754,
"narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=",
"rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46",
"revCount": 1026,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/cachix/git-hooks.nix/0.1.1026%2Brev-80479b6ec16fefd9c1db3ea13aeb038c60530f46/0196d79a-1b35-7b8e-a021-c894fb62163d/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/cachix/git-hooks.nix/0.1.941"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@@ -171,6 +292,27 @@
"type": "github"
}
},
"nix": {
"inputs": {
"flake-parts": "flake-parts",
"git-hooks-nix": "git-hooks-nix",
"nixpkgs": "nixpkgs",
"nixpkgs-23-11": "nixpkgs-23-11",
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1768960381,
"narHash": "sha256-32oMe1y+kwvIJNiJsIvozTuSmDxcwST06i+0ak+L4AU=",
"rev": "45ce621408cb8c9a724193d5fe858eb839662db8",
"revCount": 24453,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.15.2/019bde75-b4ee-74b2-a812-28dc2ee83d58/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A"
}
},
"nixlib": {
"locked": {
"lastModified": 1736643958,
@@ -209,17 +351,47 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1769330179,
"narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=",
"lastModified": 1761597516,
"narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=",
"rev": "daf6dc47aa4b44791372d6139ab7b25269184d55",
"revCount": 811874,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.811874%2Brev-daf6dc47aa4b44791372d6139ab7b25269184d55/019a3494-3498-707e-9086-1fb81badc7fe/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505"
}
},
"nixpkgs-23-11": {
"locked": {
"lastModified": 1717159533,
"narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe",
"rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
"type": "github"
}
},
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
@@ -240,6 +412,36 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1768783163,
"narHash": "sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo+w8KsY4=",
"rev": "bde09022887110deb780067364a0818e89258968",
"revCount": 930106,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nixpkgs-weekly/0.1.930106%2Brev-bde09022887110deb780067364a0818e89258968/019bd9ed-5f0b-7074-afb0-8bb5e13a7598/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/DeterminateSystems/nixpkgs-weekly/0.1"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1769330179,
"narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1770056022,
"narHash": "sha256-yvCz+Qmci1bVucXEyac3TdoSPMtjqVJmVy5wro6j/70=",
@@ -259,11 +461,12 @@
"inputs": {
"apple-silicon": "apple-silicon",
"darwin": "darwin",
"determinate": "determinate",
"disko": "disko",
"firefox-addons": "firefox-addons",
"home-manager": "home-manager",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs_4",
"nixpkgs-unstable": "nixpkgs-unstable",
"snowfall-lib": "snowfall-lib",
"sops-nix": "sops-nix"
@@ -271,7 +474,7 @@
},
"snowfall-lib": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat_3",
"flake-utils-plus": "flake-utils-plus",
"nixpkgs": [
"nixpkgs"

2
flake.nix
View File

@@ -5,6 +5,7 @@
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
disko.url = "github:nix-community/disko";
determinate.url = "github:determinatesystems/determinate";
snowfall-lib = {
url = "github:snowfallorg/lib";
inputs.nixpkgs.follows = "nixpkgs";
@@ -73,6 +74,7 @@
./modules/nixos/common
];
darwin = with inputs; [
determinate.darwinModules.default
home-manager.darwinModules.home-manager
sops-nix.darwinModules.sops
];

1
modules/darwin/default.nix
View File

@@ -1,5 +1,6 @@
{
config = {
nix.enable = false;
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;

103
modules/darwin/nix/default.nix
View File

@@ -1,103 +0,0 @@
{ config, lib, pkgs, inputs, namespace, host, ... }:
let
inherit (lib) types mkIf;
inherit (lib.${namespace}) mkBoolOpt mkOpt;
cfg = config.${namespace}.nix;
in
{
options.${namespace}.nix = {
enable = mkBoolOpt true "Whether or not to manage nix configuration.";
usingDeterminate = mkBoolOpt false "Whether we're using determinate nix";
package = mkOpt types.package pkgs.nixVersions.latest "Which nix package to use.";
};
config = mkIf cfg.enable {
nix =
let
mappedRegistry = lib.pipe inputs [
(lib.filterAttrs (_: lib.isType "flake"))
(lib.mapAttrs (_: flake: { inherit flake; }))
(x: x // {
nixpkgs.flake = if pkgs.stdenv.hostPlatform.isLinux then inputs.nixpkgs else inputs.nixpkgs-unstable;
})
(x: if pkgs.stdenv.hostPlatform.isDarwin then lib.removeAttrs x [ "nixpkgs-unstable" ] else x)
];
users = [
"root"
"@wheel"
"nix-builder"
"evanreichard"
];
in
{
inherit (cfg) package;
buildMachines = lib.optional (config.${namespace}.security.sops.enable && host != "nixos-builder") {
hostName = "10.0.50.130";
systems = [ "x86_64-linux" ];
sshUser = "evanreichard";
protocol = "ssh";
sshKey = config.sops.secrets.builder_ssh_key.path;
supportedFeatures = [
"benchmark"
"big-parallel"
"nixos-test"
"kvm"
];
};
checkConfig = true;
distributedBuilds = true;
optimise.automatic = !cfg.usingDeterminate;
registry = lib.mkForce mappedRegistry;
gc = {
automatic = !cfg.usingDeterminate;
options = "--delete-older-than 7d";
};
settings = {
connect-timeout = 5;
allowed-users = users;
max-jobs = "auto";
auto-optimise-store = pkgs.stdenv.hostPlatform.isLinux;
builders-use-substitutes = true;
experimental-features = [
"nix-command"
"flakes "
];
flake-registry = "/etc/nix/registry.json";
http-connections = 50;
keep-derivations = true;
keep-going = true;
keep-outputs = true;
log-lines = 50;
sandbox = true;
trusted-users = users;
warn-dirty = false;
use-xdg-base-directories = true;
substituters = [
"https://anyrun.cachix.org"
"https://cache.nixos.org"
"https://hyprland.cachix.org"
"https://nix-community.cachix.org"
"https://nixpkgs-unfree.cachix.org"
"https://nixpkgs-wayland.cachix.org"
"https://numtide.cachix.org"
];
trusted-public-keys = [
"anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs="
"nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
"numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE="
];
};
};
};
}

11
systems/aarch64-darwin/mac-va-mbp-personal/default.nix
View File

@@ -1,12 +1,13 @@
{
system.stateVersion = 6;
nix.enable = false;
# System Config
determinateNix = {
enable = true;
nixosVmBasedLinuxBuilder.enable = true;
};
# System Config
reichard = {
nix = {
enable = true;
usingDeterminate = true;
};
};
}

11
systems/aarch64-darwin/mac-va-mbp-work/default.nix Normal file
View File

@@ -0,0 +1,11 @@
{
system.stateVersion = 6;
# System Config
determinateNix = {
enable = true;
nixosVmBasedLinuxBuilder.enable = true;
};
reichard = { };
}