nix-darwin install

[will]

Hey thanks for the new installer, I've been trying it out for some new VMs and I like that it turns on flakes and command by default.

The changes though to nix.conf make the default nix-darwin install fail (at least with the flake path nix run nix-darwin -- switch --flake ~/.config/nix-darwin) since it sees things it's not expecting. It advises you to move the nix.conf file, which then of course removes setting flakes+command being enabled. This is all easy enough to work around if you know what you're doing, but it feels like a bit of a stumbling block.

Would it be out of line for this installer to also set up a default nix-darwin flake and set up nix-darwin too? Or maybe have that be an option?

[Hoverbear]

I've managed to follow the flakes install with success before from https://github.com/LnL7/nix-darwin#flakes-experimental.

Here's one instance where I was debugging an uninstall issue: #528 (comment)

This seems to be a regular issue folks raise, I wonder how we can better help guide folks... Maybe some nix-darwin specific doc pointers.

[will]

Yeah, I don't have any strong opinions on what the best thing to do is, just wanted to share what I ran into. I'm not having any problems right now, so please feel free to close this out if you want. I'd close it myself, but also maybe you want to keep it as a reminder.

[vamega]

Just in case anyone else does run into this and want to know how to go about installing nix-darwin, I thought I'd document this here.

After renaming /etc/nix/nix.conf to /etc/nix/nix.conf.before-nix-darwin, you can run the installer with

nix --extra-experimental-features "nix-command flakes auto-allocate-uids" \                    ~
    run nix-darwin -- switch --flake ~/.config/nix-darwin#simple

That enables the experimental features that the installer had enabled in the nix.conf file.

[mamcx]

I run that command and auto-allocate-uids not show:

➜ cat /etc/nix/nix.conf
# WARNING: this file is generated from the nix.* options in
# your nix-darwin configuration. Do not edit it!
allowed-users = *
auto-optimise-store = false
build-users-group = nixbld
builders =
cores = 0
experimental-features = nix-command flakes
extra-sandbox-paths =
max-jobs = auto
require-sigs = true
sandbox = false
sandbox-fallback = false
substituters = https://cache.nixos.org/
trusted-public-keys = cache.nixos.org-1:.....=
trusted-substituters =
trusted-users = root

[Hoverbear]

Note you do not want auto-allocate-uids on Mac (We reverted this) as you won't be able to build software that tries to create or inquire about the current user.

[Enzime]

Currently, nix-darwin uses SHA256 hashes to recognize known versions of nix.conf that it is willing to replace, but this is causing issues with DeterminateSystems' installer as the nix.conf generated isn't deterministic as I've observed the options can get generated in different orders as well as the comment header includes the version of nix-installer used.

On the nix-darwin side, we'd really appreciate if the nix.conf that's generated was more deterministic so we could add the hashes to our existing infrastructure. We do plan to put more work into the nix-darwin installation process, one improvement we're thinking about is adding messaging to direct users to set environment.etc."nix.conf".knownSha256Hashes.

[Hoverbear]

Related to #562

[Hoverbear]

Noting this is a good workaround in the meantime: #608 (comment)

[Hoverbear]

This should help: #620

[akavel]

FWIW, #620 seems to have been reverted. This ticket's issue seems to still be unresolved for me as of nix-installer 0.14.0 (version as seen in /nix/receipt.conf).

[dhess]

So as someone who's considering switching to this installer for future Nix installs on macOS, what is the current status of this issue? Does nix-darwin install without hacky workarounds if one has used this installer to install Nix?

[grahamc]

I just installed Nix about a hundred times, and got the same hash for the config every time. This was largely because we updated the nix-config-parser crate to use an ordered HashMap, instead of the regular HashMap. The remaining variability in here will be from the version number in the comment, and any custom configuration the user has specified.

Let's remove the version number from the comment and instead suggest looking at the receipt.json or nix-installer binary for the version number.

I think that should solve this issue!

[dhess]

FYI, I used dac0adc to install Nix on a fresh macOS install (14.1.1). The initial nix-darwin flake install complained about unrecognized content in /etc/zshenv etc., which I was able to work around and get nix-darwin installed.

Now, after a reboot, I'm getting the same complaint about /etc/zshenv, /etc/bashrc, and /etc/zshrc (and now it's not apparent how to fix it, I'm currently stuck), so I would say that nix-darwin is still completely broken with this installer :\

[grahamc]

For clarity, our position is that our installer does the best job it can to produce a working system, nicely configured for users. What that means will change over time. Since nix-darwin is trying to detect (by hash) a known config to replace it with something else, it is always going to have periods of time where our config is updated for one reason or another and nix-darwin has to catch up.

It'd probably be good to open an issue on nix-darwin about how to handle the issue better. I'm a bit surprised to hear it described as completely broken, though. If that is the case, nix-darwin probably needs to do a bit more work to convey to the user what is wrong and how to repair it.

[dhess]

I think that, at the very least, the conflict between what this installer does and what nix-darwin expects should be mentioned in this project's README as a caveat for anyone who wants to subsequently install nix-darwin. After reading this issue (and a few others in this repo) and seeing that it was closed, I assumed that everything was hunky-dory.

[will]

I understand it's out of the current scope of this tool, but maybe it could optionally also install popular things like nix-darwin and home-manager? And set them up with the a flake-based approach from the start. While it's not that hard to do, there is so much existing content that assumes nix with channels.

[Enzime]

Now that LnL7/nix-darwin#809 is merged on the nix-darwin side, the latest version of DetSys's nix-installer should be working again, feel free to file issues on the nix-darwin side as well if you still run into issues

[grahamc]

🎉 thank you a lot Will and Enzime and everyone for helping to get this sorted for nix-darwin users :). We'll sort out the next bits around the "survival mode" overwriting the rc files ...

[s01868]

Just tried to install nix-darwin by nix run nix-darwin -- switch --flake ~/.config/nix-darwin but got the following error:

warning: Git tree '/Users/boda/.config' is dirty
warning: creating lock file '/Users/boda/.config/nix-darwin/flake.lock'
warning: Git tree '/Users/boda/.config' is dirty
building the system configuration...
warning: Git tree '/Users/boda/.config' is dirty
Password:
setting up /run via /etc/synthetic.conf...
error: Unexpected files in /etc, aborting activation
The following files have unrecognized content and would be overwritten:

  /etc/zshenv

Please check there is nothing critical in these files, rename them by adding .before-nix-darwin to the end, and then try again.

By checking /etc/zshenv, I see:

boda@ip-192-168-1-112 ~ % cat /etc/zshenv

# Set up Nix only on SSH connections
# See: https://github.com/DeterminateSystems/nix-installer/pull/714
if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ] && [ -n "${SSH_CONNECTION}" ] && [ "${SHLVL}" -eq 1 ]; then
    . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
fi
# End Nix

Is the workaround to rename /etc/zshenv file like the error suggested?

Installed nix with nix-installer 0.15.1

[Hoverbear]

That should be OK, yes. You can also probably delete it safely. (An uninstall may report an erorr but it should be fine)