Merge branch 'LnL7:master' into masterHEADmaster

5 files changed, 124 insertions, 270 deletions

diff --git a/pkgs/darwin-installer/default.nix b/pkgs/darwin-installer/default.nix
deleted file mode 100644
index 36643a3..0000000
--- a/pkgs/darwin-installer/default.nix
+++ /dev/null
@@ -1,147 +0,0 @@
-{ stdenv, nix, pkgs, nix-darwin }:
-
-let
-  nixPath = pkgs.lib.concatStringsSep ":" [
-    "darwin=${nix-darwin}"
-    "nixpkgs=${pkgs.path}"
-    "$HOME/.nix-defexpr/channels"
-    "/nix/var/nix/profiles/per-user/root/channels"
-    "$NIX_PATH"
-  ];
-in
-
-stdenv.mkDerivation {
-  name = "darwin-installer";
-  preferLocalBuild = true;
-
-  unpackPhase = ":";
-
-  installPhase = ''
-    mkdir -p $out/bin
-    echo "$shellHook" > $out/bin/darwin-installer
-    chmod +x $out/bin/darwin-installer
-  '';
-
-  shellHook = ''
-    #!${stdenv.shell}
-    set -e
-
-    _PATH=$PATH
-    export PATH=/nix/var/nix/profiles/default/bin:${nix}/bin:${pkgs.gnused}/bin:${pkgs.openssh}/bin:/usr/bin:/bin:/usr/sbin:/sbin
-
-    action=switch
-    while [ "$#" -gt 0 ]; do
-        i="$1"; shift 1
-        case "$i" in
-            --help)
-                echo "darwin-installer: [--help] [--check]"
-                exit
-                ;;
-            --check)
-                action=check
-                ;;
-        esac
-    done
-
-    echo >&2
-    echo >&2 "Installing nix-darwin..."
-    echo >&2
-
-    config="$HOME/.nixpkgs/darwin-configuration.nix"
-    if ! test -f "$config"; then
-        echo "copying example configuration.nix" >&2
-        mkdir -p "$HOME/.nixpkgs"
-        cp "${../../modules/examples/simple.nix}" "$config"
-        chmod u+w "$config"
-
-        # Enable nix-daemon service for multi-user installs.
-        if [ ! -w /nix/var/nix/db ]; then
-            sed -i 's/# services.nix-daemon.enable/services.nix-daemon.enable/' "$config"
-        fi
-    fi
-
-    # Skip when stdin is not a tty, eg.
-    # $ yes | darwin-installer
-    if test -t 0; then
-        read -p "Would you like to edit the default configuration.nix before starting? [y/N] " i
-        case "$i" in
-            y|Y)
-                PATH=$_PATH ''${EDITOR:-nano} "$config"
-                ;;
-        esac
-    fi
-
-    i=y
-    darwinPath=$(NIX_PATH=$HOME/.nix-defexpr/channels nix-instantiate --eval -E '<darwin>' 2> /dev/null) || true
-    if ! test -e "$darwinPath"; then
-        if test -t 0; then
-            read -p "Would you like to manage <darwin> with nix-channel? [y/N] " i
-        fi
-        case "$i" in
-            y|Y)
-                nix-channel --add https://github.com/LnL7/nix-darwin/archive/master.tar.gz darwin
-                nix-channel --update
-                ;;
-        esac
-    fi
-
-    export NIX_PATH=${nixPath}
-    system=$(nix-build '<darwin>' -I "darwin-config=$config" -A system --no-out-link --show-trace)
-
-    export PATH=$system/sw/bin:$PATH
-    darwin-rebuild "$action" -I "darwin-config=$config"
-
-    echo >&2
-    echo >&2 "    Open '$config' to get started."
-    echo >&2 "    See the README for more information: https://github.com/LnL7/nix-darwin/blob/master/README.md"
-    echo >&2
-    echo >&2 "    Don't forget to start a new shell or source /etc/static/bashrc."
-    echo >&2
-    exit
-  '';
-
-  passthru.check = stdenv.mkDerivation {
-     name = "run-darwin-test";
-     shellHook = ''
-        set -e
-        echo >&2 "running installer tests..."
-        echo >&2
-
-        echo >&2 "checking configuration.nix"
-        test -f ~/.nixpkgs/darwin-configuration.nix
-        test -w ~/.nixpkgs/darwin-configuration.nix
-        echo >&2 "checking darwin channel"
-        readlink ~/.nix-defexpr/channels/darwin
-        test -e ~/.nix-defexpr/channels/darwin
-        echo >&2 "checking /etc"
-        readlink /etc/static
-        test -e /etc/static
-        echo >&2 "checking profile"
-        cat /etc/profile
-        grep -v nix-daemon.sh /etc/profile
-        echo >&2 "checking /run/current-system"
-        readlink /run
-        test -e /run
-        readlink /run/current-system
-        test -e /run/current-system
-        echo >&2 "checking system profile"
-        readlink /nix/var/nix/profiles/system
-        test -e /nix/var/nix/profiles/system
-
-        echo >&2 "checking bash environment"
-        env -i USER=john HOME=/Users/john bash -li -c 'echo $PATH'
-        env -i USER=john HOME=/Users/john bash -li -c 'echo $PATH' | grep /Users/john/.nix-profile/bin:/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin
-        env -i USER=john HOME=/Users/john bash -li -c 'echo $NIX_PATH'
-        env -i USER=john HOME=/Users/john bash -li -c 'echo $NIX_PATH' | grep darwin-config=/Users/john/.nixpkgs/darwin-configuration.nix:/nix/var/nix/profiles/per-user/root/channels
-
-        echo >&2 "checking zsh environment"
-        env -i USER=john HOME=/Users/john zsh -l -c 'echo $PATH'
-        env -i USER=john HOME=/Users/john zsh -l -c 'echo $PATH' | grep /Users/john/.nix-profile/bin:/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin
-        env -i USER=john HOME=/Users/john zsh -l -c 'echo $NIX_PATH'
-        env -i USER=john HOME=/Users/john zsh -l -c 'echo $NIX_PATH' | grep darwin-config=/Users/john/.nixpkgs/darwin-configuration.nix:/nix/var/nix/profiles/per-user/root/channels
-
-        echo >&2 ok
-        exit
-    '';
-  };
-}
diff --git a/pkgs/darwin-uninstaller/configuration.nix b/pkgs/darwin-uninstaller/configuration.nix
index 6487774..295477a 100644
--- a/pkgs/darwin-uninstaller/configuration.nix
+++ b/pkgs/darwin-uninstaller/configuration.nix
@@ -1,4 +1,4 @@
-{ lib, ... }:
+{ lib, pkgs, ... }:
 
 with lib;
 
@@ -7,46 +7,49 @@ with lib;
   assertions = mkForce [];
   system.activationScripts.checks.text = mkForce "";
 
-  # Disable etc, launchd, ...
   environment.etc = mkForce {};
   launchd.agents = mkForce {};
   launchd.daemons = mkForce {};
   launchd.user.agents = mkForce {};
 
+  # Don't try to reload `nix-daemon`
+  nix.useDaemon = mkForce false;
+
   system.activationScripts.postUserActivation.text = mkAfter ''
-    if test -L ~/.nix-defexpr/channels/darwin; then
+    if [[ -L ~/.nix-defexpr/channels/darwin ]]; then
         nix-channel --remove darwin || true
     fi
   '';
 
   system.activationScripts.postActivation.text = mkAfter ''
-    if test -L /Applications/Nix\ Apps; then
+    if [[ -L /Applications/Nix\ Apps ]]; then
         rm /Applications/Nix\ Apps
     fi
 
-    if test -L /etc/static; then
+    if [[ -L /etc/static ]]; then
         rm /etc/static
     fi
 
-    if test -O /nix/store; then
-        if ! test -e /Library/LaunchDaemons/org.nixos.nix-daemon.plist; then
-            sudo rm /Library/LaunchDaemons/org.nixos.nix-daemon.plist || true
-            sudo launchctl remove org.nixos.nix-daemon 2> /dev/null || true
+    # If the Nix Store is owned by root then we're on a multi-user system
+    if [[ -O /nix/store ]]; then
+        if [[ -e /nix/var/nix/profiles/default/Library/LaunchDaemons/org.nixos.nix-daemon.plist ]]; then
             sudo cp /nix/var/nix/profiles/default/Library/LaunchDaemons/org.nixos.nix-daemon.plist /Library/LaunchDaemons/org.nixos.nix-daemon.plist
             sudo launchctl load -w /Library/LaunchDaemons/org.nixos.nix-daemon.plist
         fi
-
-        if ! grep -q etc/profile.d/nix-daemon.sh /etc/bashrc; then
-            echo >&2 "Found no nix-daemon.sh reference in /etc/bashrc"
-            echo >&2 "add this snippet back to /etc/bashrc:"
-            echo >&2
-            echo >&2 "    # Nix"
-            echo >&2 "    if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then"
-            echo >&2 "      . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'"
-            echo >&2 "    fi"
-            echo >&2 "    # End Nix"
-            echo >&2
-        fi
     fi
+
+    # grep will return 1 when no lines matched which makes this line fail with `set -eo pipefail`
+    dscl . -list /Users UserShell | { grep "\s/run/" || true; } | awk '{print $1}' | while read -r user; do
+      shell=$(dscl . -read /Users/"$user" UserShell)
+      if [[ "$shell" != */bin/zsh ]]; then
+        echo >&2 "warning: changing $user's shell from $shell to /bin/zsh"
+      fi
+
+      dscl . -create /Users/"$user" UserShell /bin/zsh
+    done
+
+    while IFS= read -r -d "" file; do
+      mv "$file" "''${file%.*}"
+    done < <(find /etc -name '*.before-nix-darwin' -follow -print0)
   '';
 }
diff --git a/pkgs/darwin-uninstaller/default.nix b/pkgs/darwin-uninstaller/default.nix
index 3eb2c24..da58682 100644
--- a/pkgs/darwin-uninstaller/default.nix
+++ b/pkgs/darwin-uninstaller/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib, pkgs }:
+{ lib, path, stdenv, writeShellApplication }:
 
 let
   uninstallSystem = import ../../eval-config.nix {
@@ -6,39 +6,23 @@ let
     modules = [
       ./configuration.nix
       {
-        nixpkgs.source = pkgs.path;
-        nixpkgs.hostPlatform = pkgs.stdenv.hostPlatform.system;
+        nixpkgs.source = path;
+        nixpkgs.hostPlatform = stdenv.hostPlatform.system;
         system.includeUninstaller = false;
       }
     ];
   };
-in
-
-stdenv.mkDerivation {
+in writeShellApplication {
   name = "darwin-uninstaller";
-  preferLocalBuild = true;
-
-  unpackPhase = ":";
-
-  installPhase = ''
-    mkdir -p $out/bin
-    echo "$shellHook" > $out/bin/darwin-uninstaller
-    chmod +x $out/bin/darwin-uninstaller
-  '';
-
-  shellHook = ''
-    #!${stdenv.shell}
-    set -e
-
-    action=switch
+  text = ''
     while [ "$#" -gt 0 ]; do
-        i="$1"; shift 1
-        case "$i" in
-            --help)
-                echo "darwin-uninstaller: [--help]"
-                exit
-                ;;
-        esac
+      i="$1"; shift 1
+      case "$i" in
+        --help)
+          echo "darwin-uninstaller: [--help]"
+          exit
+          ;;
+      esac
     done
 
     echo >&2
@@ -47,54 +31,67 @@ stdenv.mkDerivation {
     echo >&2 "    - remove /Applications/Nix Apps symlink"
     echo >&2 "    - cleanup static /etc files"
     echo >&2 "    - disable and remove all launchd services managed by nix-darwin"
-    echo >&2 "    - restore daemon service from nix installer (only when this is a multi-user install)"
+    if [[ $(stat -f '%Su' /nix/store) == "root" ]]; then
+      echo >&2 "    - restore nix-daemon service from nix installer as this is a multi-user install"
+    fi
     echo >&2
 
-    if test -t 0; then
-        read -p "Proceed? [y/n] " i
-        case "$i" in
-            y|Y)
-                ;;
-            *)
-                exit 3
-                ;;
-        esac
+    if [[ -t 0 ]]; then
+      read -r -p "Proceed? [y/n] " i
+      case "$i" in
+        y|Y)
+          ;;
+        *)
+          exit 3
+          ;;
+      esac
     fi
 
     ${uninstallSystem.system}/sw/bin/darwin-rebuild activate
 
-    if test -L /run/current-system; then
+    if [[ -L /run/current-system ]]; then
       sudo rm /run/current-system
     fi
 
+    if [[ -L /run ]]; then
+      if [[ -e /etc/synthetic.conf ]]; then
+        sudo sed -i -E '/^run[[:space:]]/d' /etc/synthetic.conf
+        sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B &>/dev/null || true
+        sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t &>/dev/null || true
+        echo >&2 "NOTE: the /run symlink will be removed on reboot"
+      else
+        sudo rm /run
+      fi
+    fi
+
     echo >&2
     echo >&2 "NOTE: The /nix/var/nix/profiles/system* profiles still exist and won't be garbage collected."
     echo >&2
     echo >&2 "Done!"
     echo >&2
-    exit
   '';
 
-  passthru.check = stdenv.mkDerivation {
-     name = "run-darwin-test";
-     shellHook = ''
-        set -e
-        echo >&2 "running uninstaller tests..."
-        echo >&2
+  derivationArgs.passthru.tests.uninstaller = writeShellApplication {
+    name = "post-uninstall-test";
+    text = ''
+      echo >&2 "running uninstaller tests..."
+      echo >&2
 
-        echo >&2 "checking darwin channel"
-        ! test -e ~/.nix-defexpr/channels/darwin
-        echo >&2 "checking /etc"
-        ! test -e /etc/static
-        echo >&2 "checking /run/current-system"
-        ! test -e /run/current-system
-        echo >&2 "checking nix-daemon service (assuming a multi-user install)"
-        sudo launchctl list | grep org.nixos.nix-daemon || echo "FIXME? sudo launchctl list | grep org.nixos.nix-daemon"
-        pgrep -l nix-daemon || echo "FIXME? pgrep -l nix-daemon"
-        readlink /Library/LaunchDaemons/org.nixos.nix-daemon.plist || echo "FIXME? readlink /Library/LaunchDaemons/org.nixos.nix-daemon.plist"
-        grep /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt /Library/LaunchDaemons/org.nixos.nix-daemon.plist || echo "FIXME? grep /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt /Library/LaunchDaemons/org.nixos.nix-daemon.plist"
-        echo >&2 ok
-        exit
+      echo >&2 "checking darwin channel"
+      test -e ~/.nix-defexpr/channels/darwin && exit 1
+      echo >&2 "checking /etc"
+      test -e /etc/static && exit 1
+      echo >&2 "checking /run/current-system"
+      test -e /run/current-system && exit 1
+      if [[ $(stat -f '%Su' /nix/store) == "root" ]]; then
+        echo >&2 "checking nix-daemon service"
+        launchctl print system/org.nixos.nix-daemon
+        pgrep -l nix-daemon
+        test -e /Library/LaunchDaemons/org.nixos.nix-daemon.plist
+        [[ "$(shasum -a 256 /Library/LaunchDaemons/org.nixos.nix-daemon.plist | awk '{print $1}')" == "$(shasum -a 256 /Library/LaunchDaemons/org.nixos.nix-daemon.plist | awk '{print $1}')" ]]
+        nix-store --store daemon -q --hash ${stdenv.shell}
+      fi
+      echo >&2 ok
     '';
   };
 }
diff --git a/pkgs/nix-tools/darwin-rebuild.sh b/pkgs/nix-tools/darwin-rebuild.sh
index 6422262..7824913 100644
--- a/pkgs/nix-tools/darwin-rebuild.sh
+++ b/pkgs/nix-tools/darwin-rebuild.sh
@@ -9,16 +9,25 @@ showSyntax() {
   echo "               [--list-generations] [{--profile-name | -p} name] [--rollback]" >&2
   echo "               [{--switch-generation | -G} generation] [--verbose...] [-v...]" >&2
   echo "               [-Q] [{--max-jobs | -j} number] [--cores number] [--dry-run]" >&2
-  echo "               [--keep-going] [-k] [--keep-failed] [-K] [--fallback] [--show-trace]" >&2
-  echo "               [-I path] [--option name value] [--arg name value] [--argstr name value]" >&2
-  echo "               [--flake flake] [--update-input input flake] [--impure] [--recreate-lock-file]" >&2
-  echo "               [--no-update-lock-file] [--refresh] ..." >&2
+  echo "               [--keep-going | -k] [--keep-failed | -K] [--fallback] [--show-trace]" >&2
+  echo "               [--print-build-logs | -L] [--impure] [-I path]" >&2
+  echo "               [--option name value] [--arg name value] [--argstr name value]" >&2
+  echo "               [--no-flake | [--flake flake]" >&2
+  echo "                             [--commit-lock-file] [--recreate-lock-file]" >&2
+  echo "                             [--no-update-lock-file] [--no-write-lock-file]" >&2
+  echo "                             [--override-input input flake] [--update-input input]" >&2
+  echo "                             [--no-registries] [--offline] [--refresh]]" >&2
+  echo "               [--substituters substituters-list] ..." >&2
   exit 1
 }
 
 sudo() {
+  # REMOVEME when support for macOS 10.13 is dropped
+  # macOS 10.13 does not support sudo --preserve-env so we make this conditional
   if command sudo --help | grep -- --preserve-env= >/dev/null; then
-    command sudo -H --preserve-env=PATH env "$@"
+    # We use `env` before our command to ensure the preserved PATH gets checked
+    # when trying to resolve the command to execute
+    command sudo -H --preserve-env=PATH --preserve-env=SSH_CONNECTION env "$@"
   else
     command sudo -H "$@"
   fi
@@ -33,6 +42,7 @@ extraProfileFlags=()
 profile=@profile@
 action=
 flake=
+noFlake=
 
 while [ $# -gt 0 ]; do
   i=$1; shift 1
@@ -43,7 +53,7 @@ while [ $# -gt 0 ]; do
     edit|switch|activate|build|check|changelog)
       action=$i
       ;;
-    --show-trace|--keep-going|--keep-failed|--verbose|-v|-vv|-vvv|-vvvv|-vvvvv|--fallback)
+    --show-trace|--keep-going|--keep-failed|--verbose|-v|-vv|-vvv|-vvvv|-vvvvv|--fallback|--offline)
       extraMetadataFlags+=("$i")
       extraBuildFlags+=("$i")
       ;;
@@ -76,6 +86,9 @@ while [ $# -gt 0 ]; do
       flake=$1
       shift 1
       ;;
+    --no-flake)
+      noFlake=1
+      ;;
     -L|-vL|--print-build-logs|--impure|--recreate-lock-file|--no-update-lock-file|--no-write-lock-file|--no-registries|--commit-lock-file|--refresh)
       extraLockFlags+=("$i")
       ;;
@@ -116,6 +129,15 @@ while [ $# -gt 0 ]; do
       fi
       shift 1
       ;;
+    --substituters)
+      if [ -z "$1" ]; then
+        echo "$0: '$i' requires an argument"
+        exit 1
+      fi
+      j=$1; shift 1
+      extraMetadataFlags+=("$i" "$j")
+      extraBuildFlags+=("$i" "$j")
+      ;;
     *)
       echo "$0: unknown option '$i'"
       exit 1
@@ -127,41 +149,23 @@ if [ -z "$action" ]; then showSyntax; fi
 
 flakeFlags=(--extra-experimental-features 'nix-command flakes')
 
-if [ -n "$flake" ]; then
-    # Offical regex from https://www.rfc-editor.org/rfc/rfc3986#appendix-B
-    if [[ "${flake}" =~ ^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))? ]]; then
-       scheme=${BASH_REMATCH[1]} # eg. http:
-       authority=${BASH_REMATCH[3]} # eg. //www.ics.uci.edu
-       path=${BASH_REMATCH[5]} # eg. /pub/ietf/uri/
-       queryWithQuestion=${BASH_REMATCH[6]}
-       fragment=${BASH_REMATCH[9]}
-
-       flake=${scheme}${authority}${path}${queryWithQuestion}
-       flakeAttr=${fragment}
-    fi
-    if [ -z "$flakeAttr" ]; then
-      flakeAttr=$(scutil --get LocalHostName)
-    fi
-    flakeAttr=darwinConfigurations.${flakeAttr}
+# Use /etc/nix-darwin/flake.nix if it exists. It can be a symlink to the
+# actual flake.
+if [[ -z $flake && -e /etc/nix-darwin/flake.nix && -z $noFlake ]]; then
+  flake="$(dirname "$(readlink -f /etc/nix-darwin/flake.nix)")"
 fi
 
-if [ -n "$flake" ]; then
-    if nix "${flakeFlags[@]}" flake metadata --version &>/dev/null; then
-        cmd=metadata
-    else
-        cmd=info
+# For convenience, use the hostname as the default configuration to
+# build from the flake.
+if [[ -n "$flake" ]]; then
+    if [[ $flake =~ ^(.*)\#([^\#\"]*)$ ]]; then
+       flake="${BASH_REMATCH[1]}"
+       flakeAttr="${BASH_REMATCH[2]}"
     fi
-
-    metadata=$(nix "${flakeFlags[@]}" flake "$cmd" --json "${extraMetadataFlags[@]}" "${extraLockFlags[@]}" -- "$flake")
-    flake=$(jq -r .url <<<"${metadata}")
-
-    if [ "$(jq -r .resolved.submodules <<<"${metadata}")" = "true" ]; then
-      if [[ "$flake" == *'?'* ]]; then
-        flake="${flake}&submodules=1"
-      else
-        flake="${flake}?submodules=1"
-      fi
+    if [[ -z "$flakeAttr" ]]; then
+      flakeAttr=$(scutil --get LocalHostName)
     fi
+    flakeAttr=darwinConfigurations.${flakeAttr}
 fi
 
 if [ "$action" != build ]; then
@@ -181,7 +185,7 @@ if [ "$action" = edit ]; then
   fi
 fi
 
-if [ "$action" = switch ] || [ "$action" = build ] || [ "$action" = check ]; then
+if [ "$action" = switch ] || [ "$action" = build ] || [ "$action" = check ] || [ "$action" = changelog ]; then
   echo "building the system configuration..." >&2
   if [ -z "$flake" ]; then
     systemConfig="$(nix-build '<darwin>' "${extraBuildFlags[@]}" -A system)"
@@ -230,11 +234,7 @@ if [ "$action" = switch ] || [ "$action" = activate ] || [ "$action" = rollback
 fi
 
 if [ "$action" = changelog ]; then
-  echo >&2
-  echo "CHANGELOG" >&2
-  echo >&2
-  head -n 32 "$systemConfig/darwin-changes"
-  echo >&2
+  ${PAGER:-less} -- "$systemConfig/darwin-changes"
 fi
 
 if [ "$action" = check ]; then
diff --git a/pkgs/nix-tools/default.nix b/pkgs/nix-tools/default.nix
index 4e4336a..5fdc382 100644
--- a/pkgs/nix-tools/default.nix
+++ b/pkgs/nix-tools/default.nix
@@ -17,6 +17,7 @@ let
       inherit name src;
       dir = "bin";
       isExecutable = true;
+      meta.mainProgram = name;
     } // env);
 
   path = "${extraPath}:${systemPath}";