should be ok

Makefile

@@ -5,14 +5,15 @@ BUILDER_EXEC:=
 ADD_CERT_CMD:=cp /tmp/pebble-ca.pem /etc/ssl/certs/pebble-ca.pem
 ifeq ($(shell uname -s),Darwin)
    # set variable for Darwin
-   BUILDER_EXEC:=nix develop .\#builder --extra-experimental-features flakes --extra-experimental-features nix-command --command
+   BUILDER_EXEC:=nix --extra-experimental-features nix-command --extra-experimental-features flakes \
+	 develop .\#builder --command
 endif
 
 bootstrap:
 	@$(BUILDER_EXEC) echo "Started build environment"
 
 build:
-	@$(BUILDER_EXEC) nix build .#nixosConfigurations.x86_64-darwin.default --system x86_64-linux $(ARGS)
+	@$(BUILDER_EXEC) nix build .#nixosConfigurations.aarch64-darwin.default --system aarch64-linux $(ARGS)
 
 #### Terraform
 

README.md

@@ -17,7 +17,9 @@ Compatibility Matrix :
 Nix installation :
 
 ```bash
-sh <(curl -L https://nixos.org/nix/install)
+curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
+
+echo '. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish' >> ~/.config/fish/config.fish
 ```
 
 ### Build

flake.nix

@@ -39,7 +39,7 @@
       };
     in
     {
-      lib = inputs.nixpkgs-srvos.lib.extend (_: _: {
+      lib = inputs.nixpkgs-stable-darwin.lib.extend (_: _: {
         mkDarwinSystem = import ./nix-lib/mkDarwinSystem.nix inputs;
       });
 
@@ -170,6 +170,7 @@
               inherit (pkgs) nil bashInteractive;
             };
             shellHook = (if pkgs.system == "aarch64-darwin" then ''
+              set -e
               nix build .#darwinConfigurations.builder.system
               ./result/sw/bin/darwin-rebuild switch --flake .#builder
               '' else "echo 'Linux not implemented'");

nixos-darwin/configuration.nix

@@ -1,14 +1,48 @@
 { pkgs, lib, config, ... }:
+# let builderWithOverrides = pkgs.darwin.linux-builder-x86_64.override {
+#     modules = [{
+#       virtualisation.docker.enable = true;
+#       virtualisation.docker.daemon.settings = {
+#         hosts = [ "tcp://0.0.0.0:2375" ];
+#       };
+#       networking.firewall.enable = lib.mkForce false;
+#       virtualisation.forwardPorts = lib.mkForce [
+#         { from = "host"; guest.port = 22; host.port = 31022; }
+#         { from = "host"; guest.port = 2375; host.port = 2375; }
+#       ];
+#       security.sudo.wheelNeedsPassword = false;
+#       users.users.builder.extraGroups = lib.mkForce [ "docker" "wheel" ];
+#     }];
+#   };
 {
   programs.fish.enable = true;
   programs.bash.enable = true;
   environment.systemPackages = [ pkgs.bashInteractive ];
-  launchd.daemons.linux-builder = {
-    serviceConfig = {
-      StandardOutPath = "/var/log/darwin-builder.log";
-      StandardErrorPath = "/var/log/darwin-builder.log";
-    };
-  };
+  # launchd.daemons.linux-builder = {
+  #   command = "${builderWithOverrides}/bin/create-builder";
+
+  #   serviceConfig = {
+  #     KeepAlive = true;
+  #     RunAtLoad = true;
+  #     StandardOutPath = "/var/log/darwin-builder.log";
+  #     StandardErrorPath = "/var/log/darwin-builder.log";
+  #     WorkingDirectory = "/etc/nix/";
+  #   };
+  # };
+
+  # nix.distributedBuilds = true;
+  # nix.buildMachines = [
+  #   {
+  #     hostName = "localhost";
+  #     sshUser = "builder";
+  #     publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUpCV2N4Yi9CbGFxdDFhdU90RStGOFFVV3JVb3RpQzVxQkorVXVFV2RWQ2Igcm9vdEBuaXhvcwo=";
+  #     system = "linux-x86_6";
+  #     maxJobs = 4;
+  #     supportedFeatures = ["kvm" "benchmark" "big-parallel"];
+  #     protocol = "ssh-ng";
+  #   }
+  # ];
+
   services.dnsmasq = {
     enable = true;
     addresses = {
@@ -66,7 +100,7 @@
   security.pki.certificateFiles = [
     "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
     ./pebble/cert.pem
-  ] ++ builtins.map (cert: builtins.fetchurl { inherit (cert) url sha256; }) config.k3s-paas.certs;
+  ];
   environment.etc."pebble/config.json".text = builtins.toJSON {
     pebble = {
       listenAddress = "0.0.0.0:14000";
@@ -81,11 +115,15 @@
   };
   environment.etc."resolver/${config.k3s-paas.dns.name}".text = "nameserver ${config.k3s-paas.dns.dest-ip}";
   nix.settings = {
-    trusted-users = [ "staff" "admin" "nixbld"];
+    trusted-users = [ "staff" "admin" "nixbld" "loic"];
     keep-derivations = true;
     keep-outputs = false;
     # https://github.com/NixOS/nix/issues/7273
     auto-optimise-store = false;
+    system-features = [
+      "nixos-test"
+      "apple-virt"
+    ];
   };
   nix.gc = {
     automatic = true;
@@ -98,21 +136,20 @@
     package = pkgs.darwin.linux-builder-x86_64;
     ephemeral = true;
     config = ({ pkgs, ... }: {
-      virtualisation.docker.enable = true;
-      virtualisation.docker.daemon.settings = {
-        hosts = [ "tcp://0.0.0.0:2375" ];
-      };
-      networking.firewall.enable = lib.mkForce false;
-      virtualisation.forwardPorts = lib.mkForce [
-        { from = "host"; guest.port = 22; host.port = 31022; }
-        { from = "host"; guest.port = 2375; host.port = 2375; }
-      ];
-      security.sudo.wheelNeedsPassword = false;
-      users.users.builder.extraGroups = lib.mkForce [ "docker" "wheel" ];
+      # virtualisation.docker.enable = true;
+      # virtualisation.docker.daemon.settings = {
+      #   hosts = [ "tcp://0.0.0.0:2375" ];
+      # };
+      #networking.firewall.enable = lib.mkForce false;
+      # virtualisation.forwardPorts = lib.mkForce [
+      #   { from = "host"; guest.port = 22; host.port = 31022; }
+      #   { from = "host"; guest.port = 2375; host.port = 2375; }
+      # ];
+      # security.sudo.wheelNeedsPassword = false;
+      # users.users.builder.extraGroups = lib.mkForce [ "docker" "wheel" ];
     });
   };
   nix.configureBuildUsers = true;
-  nix.distributedBuilds = true;
   services.nix-daemon.enable = true;
   nix.settings.experimental-features = "nix-command flakes";
 }