diff --git a/Makefile b/Makefile index 08d23c48..7bfa8428 100644 --- a/Makefile +++ b/Makefile @@ -5,14 +5,15 @@ BUILDER_EXEC:= ADD_CERT_CMD:=cp /tmp/pebble-ca.pem /etc/ssl/certs/pebble-ca.pem ifeq ($(shell uname -s),Darwin) # set variable for Darwin - BUILDER_EXEC:=nix develop .\#builder --extra-experimental-features flakes --extra-experimental-features nix-command --command + BUILDER_EXEC:=nix --extra-experimental-features nix-command --extra-experimental-features flakes \ + develop .\#builder --command endif bootstrap: @$(BUILDER_EXEC) echo "Started build environment" build: - @$(BUILDER_EXEC) nix build .#nixosConfigurations.x86_64-darwin.default --system x86_64-linux $(ARGS) + @$(BUILDER_EXEC) nix build .#nixosConfigurations.aarch64-darwin.default --system aarch64-linux $(ARGS) #### Terraform diff --git a/README.md b/README.md index 04c442a4..d961693e 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,9 @@ Compatibility Matrix : Nix installation : ```bash -sh <(curl -L https://nixos.org/nix/install) +curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install + +echo '. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish' >> ~/.config/fish/config.fish ``` ### Build diff --git a/flake.nix b/flake.nix index e8d90634..bcee40c8 100644 --- a/flake.nix +++ b/flake.nix @@ -39,7 +39,7 @@ }; in { - lib = inputs.nixpkgs-srvos.lib.extend (_: _: { + lib = inputs.nixpkgs-stable-darwin.lib.extend (_: _: { mkDarwinSystem = import ./nix-lib/mkDarwinSystem.nix inputs; }); @@ -170,6 +170,7 @@ inherit (pkgs) nil bashInteractive; }; shellHook = (if pkgs.system == "aarch64-darwin" then '' + set -e nix build .#darwinConfigurations.builder.system ./result/sw/bin/darwin-rebuild switch --flake .#builder '' else "echo 'Linux not implemented'"); diff --git a/nixos-darwin/configuration.nix b/nixos-darwin/configuration.nix index da44140a..fdb358e2 100644 --- a/nixos-darwin/configuration.nix +++ b/nixos-darwin/configuration.nix @@ -1,14 +1,48 @@ { pkgs, lib, config, ... }: +# let builderWithOverrides = pkgs.darwin.linux-builder-x86_64.override { +# modules = [{ +# virtualisation.docker.enable = true; +# virtualisation.docker.daemon.settings = { +# hosts = [ "tcp://0.0.0.0:2375" ]; +# }; +# networking.firewall.enable = lib.mkForce false; +# virtualisation.forwardPorts = lib.mkForce [ +# { from = "host"; guest.port = 22; host.port = 31022; } +# { from = "host"; guest.port = 2375; host.port = 2375; } +# ]; +# security.sudo.wheelNeedsPassword = false; +# users.users.builder.extraGroups = lib.mkForce [ "docker" "wheel" ]; +# }]; +# }; { programs.fish.enable = true; programs.bash.enable = true; environment.systemPackages = [ pkgs.bashInteractive ]; - launchd.daemons.linux-builder = { - serviceConfig = { - StandardOutPath = "/var/log/darwin-builder.log"; - StandardErrorPath = "/var/log/darwin-builder.log"; - }; - }; + # launchd.daemons.linux-builder = { + # command = "${builderWithOverrides}/bin/create-builder"; + + # serviceConfig = { + # KeepAlive = true; + # RunAtLoad = true; + # StandardOutPath = "/var/log/darwin-builder.log"; + # StandardErrorPath = "/var/log/darwin-builder.log"; + # WorkingDirectory = "/etc/nix/"; + # }; + # }; + + # nix.distributedBuilds = true; + # nix.buildMachines = [ + # { + # hostName = "localhost"; + # sshUser = "builder"; + # publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUpCV2N4Yi9CbGFxdDFhdU90RStGOFFVV3JVb3RpQzVxQkorVXVFV2RWQ2Igcm9vdEBuaXhvcwo="; + # system = "linux-x86_6"; + # maxJobs = 4; + # supportedFeatures = ["kvm" "benchmark" "big-parallel"]; + # protocol = "ssh-ng"; + # } + # ]; + services.dnsmasq = { enable = true; addresses = { @@ -66,7 +100,7 @@ security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ./pebble/cert.pem - ] ++ builtins.map (cert: builtins.fetchurl { inherit (cert) url sha256; }) config.k3s-paas.certs; + ]; environment.etc."pebble/config.json".text = builtins.toJSON { pebble = { listenAddress = "0.0.0.0:14000"; @@ -81,11 +115,15 @@ }; environment.etc."resolver/${config.k3s-paas.dns.name}".text = "nameserver ${config.k3s-paas.dns.dest-ip}"; nix.settings = { - trusted-users = [ "staff" "admin" "nixbld"]; + trusted-users = [ "staff" "admin" "nixbld" "loic"]; keep-derivations = true; keep-outputs = false; # https://github.com/NixOS/nix/issues/7273 auto-optimise-store = false; + system-features = [ + "nixos-test" + "apple-virt" + ]; }; nix.gc = { automatic = true; @@ -98,21 +136,20 @@ package = pkgs.darwin.linux-builder-x86_64; ephemeral = true; config = ({ pkgs, ... }: { - virtualisation.docker.enable = true; - virtualisation.docker.daemon.settings = { - hosts = [ "tcp://0.0.0.0:2375" ]; - }; - networking.firewall.enable = lib.mkForce false; - virtualisation.forwardPorts = lib.mkForce [ - { from = "host"; guest.port = 22; host.port = 31022; } - { from = "host"; guest.port = 2375; host.port = 2375; } - ]; - security.sudo.wheelNeedsPassword = false; - users.users.builder.extraGroups = lib.mkForce [ "docker" "wheel" ]; + # virtualisation.docker.enable = true; + # virtualisation.docker.daemon.settings = { + # hosts = [ "tcp://0.0.0.0:2375" ]; + # }; + #networking.firewall.enable = lib.mkForce false; + # virtualisation.forwardPorts = lib.mkForce [ + # { from = "host"; guest.port = 22; host.port = 31022; } + # { from = "host"; guest.port = 2375; host.port = 2375; } + # ]; + # security.sudo.wheelNeedsPassword = false; + # users.users.builder.extraGroups = lib.mkForce [ "docker" "wheel" ]; }); }; nix.configureBuildUsers = true; - nix.distributedBuilds = true; services.nix-daemon.enable = true; nix.settings.experimental-features = "nix-command flakes"; }