| Age | Commit message (Collapse) | Author |
|---|
|
Change `uninstaller` to `darwin-uninstaller` to match flake attribute
|
|
|
|
switches to
Co-Authored-By: Michael Hoang <enzime@users.noreply.github.com>
|
|
This is a big change that disentangles a lot of mistaken assumptions
about mixing multiple versions of Nixpkgs, treating external flake
inputs as gospel for the source of Nixpkgs and nix-darwin, etc.;
the end result should be much simpler conceptually, but it will be a
breaking change for anyone using `eval-config.nix` directly. Hopefully
that shouldn't be a big issue, as it is more of an internal API and
it's quite likely that existing uses may have been broken in the same
way the internal ones were.
It was previously easy to get into a state where your `lib` comes
from nix-darwin's `nixpkgs` input or a global channel and your
`pkgs` comes from another major version of Nixpkgs. This is pretty
fundamentally broken due to the coupling of `pkgs` to its corresponding
`lib`, but the brokenness was hidden much of the time until something
surfaced it. Now there is exactly one mandatory `lib` input to system
evaluation, and the handling of various additional options like `pkgs`
and `system` can be done modularly; maintaining backwards compatibility
with the previous calling convention is punted to the `default.nix`
and `lib.darwinSystem` entry points. `inputs` is no longer read by
nix-darwin or special in any way, merely a convention for user code,
and the argument is retained in the entry points only for backwards
compatibility.
All correct invocations of the entry points should keep working
after this change, and some previously-broken ones should be fixed
too. The documentation and template have been adjusted to show the
newly-recommended modular way of specifying various things, but no
deprecation warnings have been introduced yet by this change.
There is one potential, mostly cosmetic regression:
`system.nixpkgsRevision` and related options are less likely to be
set than before, in cases where it is not possible to determine the
origin of the package set. Setting `nixpkgs.source` explicitly will
make this work again, and I hope to look into sending changes upstream
to Nixpkgs to make `lib.trivial.revisionWithDefault` behave properly
under flakes, which would fix this regression and potentially allow
reducing some of the complexity.
Fixes: #669
|
|
This increases the odds of automatically setting system.nixpkgsRevision,
which makes the links in the manual nice.
|
|
This allows us to specify what kind of darwinSystem we want to build,
rather than determining it at evaluation time.
|
|
|
|
This makes sure the `darwin-installer` and `darwin-uninstaller`
packages can be nix copied to any target and reliably be executed
there.
|
|
The _module attribute was renamed in https://github.com/NixOS/nixpkgs/commits/dcdd232939232d04c1132b4cc242dd3dac44be8c.
|
|
|
|
This could be used outside of nix-darwin, but this is mainly useful for
services since all of the inputs are known there.
{
# $ /usr/bin/sandbox-exec -f $profile $coreutils/bin/ls /
# ls: cannot access '/': Operation not permitted
security.sandbox.profiles.example.closure = [ pkgs.coreutils ];
}
|
|
This makes NIX_SSL_CERT_FILE configurable and makes
/etc/ssl/certs/ca-certificates.crt available like nixos.
|
|
|
|
|
|
|
|
|
|
|
|
Fixes #77.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Fixes #55
|
|
|
|
|
|
|
|
|
|
The accessibility database has been protected with SIP since macOS
10.12 and there doesn't seem to be another way to configure this
programmatically.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Adds an idea for networking module
|
|
The idea is to follow: https://nixos.org/nixos/options.html#networking so we can
share even more configuration ideas from NixOS.
|
|
Adds support for ChunkWM
|
|
|
|
|
