| Age | Commit message (Collapse) | Author |
|---|
|
As `/run` gets recreated every reboot and we can't specify dependencies
for launchd, creating the `workDir` every reboot will require extra
complexity with a separate daemon that runs as `root` otherwise it won't
have sufficient privileges.
As we clean the `workDir` when the service first starts anyway, it ends
up being the same.
|
|
This reverts commit fe99aa9699e7dd4ce6a81a8a623d010cedbe7eef.
|
|
|
|
|
|
module : `jankyborders` for window borders Configuration
|
|
- Added the jankyborders service.
- Introduced changes for whitelist and blacklist options and assertions.
- emoved path reference from launchd argument.
- Corrected missing trailing newline in default.nix.
|
|
|
|
|
|
Stricter launchd -> StartCalendarInterval type:
- Verify that the integers passed to `Minute`, `Hour`, etc. are within
range.
- When provided, the value for StartCalendarInterval must be a non-empty
list of calendar intervals and must not contain duplicates entries
(throw an error otherwise).
- For increased flexibility and backwards-compatibility, allow an
attrset to be passed as well (which will be type-checked and is
functionally equivalent to passing a singleton list). Allowing an
attrset or list is precisely in-line with what `launchd.plist(5)`
accepts for StartCalendarInterval.
Migrate `nix.gc.interval` and `nix.optimise.interval` over to use this
new type, and update their defaults to run weekly instead of daily.
Create `modules/launchd/types.nix` file for easier/modular use of
launchd types needed in multiple files.
Documentation:
- Update and improve wording/documentation of launchd's
`StartCalendarInterval`.
- Improve wording/documentation of `nix.gc.interval` and
`nix.optimise.interval` ("time interval" can be misleading as it's
actually a "calendar interval"; e.g. `{ Hour = 3; Minute = 15;}`
runs daily, not every 3.25 hours).
|
|
this applies the same fix that was used for the cachix agent in e043606b50526f4b9eb14d983f406acec9548962
|
|
One of cachix-agent's dependencies, `hs-certificate`, makes calls to
`security`. This lives in `/usr/bin`, which isn't available from
launchd. This commit makes the system paths available to cachix-agent.
Fixes #924.
|
|
1048576 matches the nixos/nix plist
https://github.com/NixOS/nix/blob/e3a4e40a354e1c2d177541d24d6a86a001fa87c7/misc/launchd/org.nixos.nix-daemon.plist.in#L29
|
|
|
|
|
|
|
|
a few fixes for ipfs module
|
|
While #859 added basic support for configuring GitHub runners through
nix-darwin, it did not yet support all of the options the NixOS module
offers.
I am aware that this is a rather big overhaul. I think, however, that
it's worth it:
- Copies the `options.nix` from the [NixOS module] with only minor
adaptations. This should help to keep track of any changes to it.
- Respect the `workDir` config option. So far, the implementation didn't
even read the value of the option.
- Allow configuring a custom user and group.
If both are `null`, nix-darwin manages the `_github-runner` user
shared among all instances. Take care of creating your own users if
that's not what you want.
- Also creates the necessary directories for state, logs and the working
directory (unless `workDir != null`). It uses the following locations:
* state: `/var/lib/github-runners/${name}`
* logs: `/var/log/github-runners/${name}`
* work: The value of `workDir` or `/var/run/github-runners/${name}`
if (`workDir == null`).
We have to create the logs directory before starting the service since
launchd expects that the `Standard{Error,Out}Path` exist. We do this
by prepending to [`system.activationScripts.launchd.text`].
All directories belong to the configured `user` and `group`.
- Warn if a `tokenFile` points to the Nix store.
[NixOS module]: https://github.com/NixOS/nixpkgs/blob/3c30c56/nixos/modules/services/continuous-integration/github-runner/options.nix
[`system.activationScripts.launchd.text`]: https://github.com/LnL7/nix-darwin/blob/bbde06b/modules/system/launchd.nix#L99-L123
|
|
github-runners: init module
|
|
enableScriptingAddition no longer triggers IFD
by using runCommand to generate sudoers.d/yabai,
instead of builtins.hashFile and interpolating the string in nix.
|
|
services/yabai: Remove --check-sa and --install-sa flags
|
|
Adds a new module which allows to configure multiple GitHub self-hosted
runners on Darwin. The module is heavily inspired by the nixpkgs NixOS
module. Its implementation differs in some ways:
- There's currently no way to configure the user/group which runs the
runner. All configured runners share the same user and group.
- No automatic cleanup.
- No advanced sandboxing apart from user/group isolation
|
|
Allow admins to execute `yabai --load-sa` as the root user without
having to enter a password
|
|
Made is possible to disable the management of
/etc/ssl/certs/ca-certificates.crt by Nix darwin.
|
|
The --check-sa and --install-sa flags were removed in favor of
--load-sa as of version 5.0.0 of Yabai.
https://github.com/koekeishiya/yabai/blob/ee0137f37ded4309cb40b7f38817b5abd90fb592/CHANGELOG.md?plain=1#L83
|
|
|
|
|
|
Fix #581
|
|
See https://github.com/LnL7/nix-darwin/pull/745#discussion_r1272806159
|
|
- don't daemonize program
- disable keep alive
these settings are consistent with the configuration in the project
repository:
https://github.com/MisterTea/EternalTerminal/blob/1d9cd2be9dc1ec7694e9472004b7910bbb5c34cf/init/launchd/homebrew.mxcl.et.plist
|
|
Adds an eternal-terminal module. Much of the implementation is borrowed
from the corresponding nixos module:
https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/eternal-terminal.nix
|
|
`mkEnableOption` wraps its argument in a complete sentence with a
terminating full stop; an additional newline will add an incorrect
space before the end of the sentence in the rendered documentation,
and any additional verbiage that doesn't fit into the form "Whether to
enable [...]." is also incorrect. In the latter case, the description
can be overridden manually.
|
|
etc: check for existing files during checks stage
|
|
This ensures that activation fails early if there are any `/etc` files
with unexpected state, rather than leaving the system half-activated.
|
|
This allows setting the option definition in multiple locations.
The final value will be all definitions concatenated with `\n`.
|
|
Co-authored-by: Michael Hoang <Enzime@users.noreply.github.com>
|
|
|
|
|
|
|
|
This adds a small module for configuring the trezor-bridge service,
trezord. This service enables users to interact with their Trezor
hardware wallet through the trezor suite web interface, or to use the
device for U2F auth, SSH login, GPG or password mgmt.
https://trezor.io/learn/a/what-is-trezor-bridge
The options were copied directly from the nixos service module here:
https://github.com/NixOS/nixpkgs/blob/9d6e454b857fb472fa35fc8b098fa5ac307a0d7d/nixos/modules/services/hardware/trezord.nix#L16
The implementation was adapted from the nixos module's systemd service
to a launchd user agent.
Tested successfully locally on an Air M2.
|
|
|
|
buildkite-agent: fix launchd daemon environment
|
|
This process was automated by [my fork of `nix-doc-munge`]; thanks
to @pennae for writing this tool! It automatically checks that the
resulting documentation doesn't change, although my fork loosens
this a little to ignore some irrelevant whitespace and typographical
differences.
As of this commit there is no DocBook remaining in the options
documentation.
You can play along at home if you want to reproduce this commit:
$ NIX_PATH=nixpkgs=flake:nixpkgs/c1bca7fe84c646cfd4ebf3482c0e6317a0b13f22 \
nix shell nixpkgs#coreutils \
-c find . -name '*.nix' \
-exec nix run github:emilazy/nix-doc-munge/0a7190f600027bf7baf6cb7139e4d69ac2f51062 \
{} +
[my fork of `nix-doc-munge`]: https://github.com/emilazy/nix-doc-munge
|
|
These all use DocBook markup too complex for `nix-doc-munge` to handle,
have syntax that clashes with Markdown, or already contain Markdown
syntax that currently isn't rendering correctly.
Converting DocBook list syntax makes me think that maybe Markdown
isn't so bad after all.
|
|
The argument to `mkEnableOption` is automatically wrapped in a full
sentence.
|
|
These help `nix-munge-doc` automate more of the Markdown conversion
process. See the following nixpkgs commits for explanations of many
of these changes:
* https://github.com/NixOS/nixpkgs/commit/275a34e0d8a937a81b267e47302dd8a92fa781df
* https://github.com/NixOS/nixpkgs/commit/694d5b19d30bf66687b42fb77f43ea7cd1002a62
* https://github.com/NixOS/nixpkgs/commit/f1d39b6d6187997b630647400c5efe5b01e06a23
* https://github.com/NixOS/nixpkgs/commit/16102dce2fbad670bd47dd75c860a8daa5fe47ad
I couldn't think of any particularly good way to format the
`system.defaults` breadcrumbs, so I just made them standalone
paragraphs. They weren't rendering correctly in DocBook anyway.
|
|
All exposed options should have documentation, and `nixosOptionDoc`
will give an error if it's missing.
|
|
Add missing 'NIX_SSL_CERT_FILE'
|
|
|
|
This might be useful when some non-nix packages need to be provided,
e.g. 'brew'.
|
|
Update module to look it similar to what it currently present in
'nixpkgs'. Mainly, to provide support for running multiple
buildkite-agents.
|
