Merge pull request #213 from serokell/rvem/darwin-activation

rvem · web-flow · commit 65211db63ba1 · 2023-06-05T14:59:10.000+08:00
[#210] Add activation script for darwin system and provide a usage example
diff --git a/examples/darwin/README.md b/examples/darwin/README.md
@@ -0,0 +1,19 @@
+<!--
+SPDX-FileCopyrightText: 2023 Serokell <https://serokell.io/>
+
+SPDX-License-Identifier: MPL-2.0
+-->
+
+# Example nix-darwin system deployment
+
+## Prerequisites
+
+1) Install `nix` and `nix-darwin` (the latter creates `/run` sets up `/etc/nix/nix.conf` symlink and so on)
+   on the target machine.
+2) Enable remote login on the mac to allow ssh access.
+3) `deploy-rs` doesn't support password provisioning for `sudo`, so the `sshUser` should
+   have passwordless `sudo` access.
+
+## Deploying
+
+Run `nix run github:serokell/deploy-rs -- --ssh-user <user>`.
diff --git a/examples/darwin/flake.nix b/examples/darwin/flake.nix
@@ -0,0 +1,39 @@
+{
+  description = "Deploy simple 'darwinSystem' to a darwin machine";
+
+  inputs.deploy-rs.url = "github:serokell/deploy-rs";
+  inputs.darwin.url = "github:LnL7/nix-darwin";
+
+  outputs = { self, nixpkgs, deploy-rs, darwin }: {
+    darwinConfigurations.example = darwin.lib.darwinSystem {
+      system = "x86_64-darwin";
+      modules = [
+        ({lib, config, pkgs, ...}: {
+          services.nix-daemon.enable = true;
+          nix = {
+            settings = {
+              trusted-users = [ "rvem" ];
+            };
+            extraOptions = ''
+              experimental-features = flakes nix-command
+            '';
+          };
+          # nix commands are added to PATH in the zsh config
+          programs.zsh.enable = true;
+        })
+      ];
+    };
+    deploy = {
+      # remoteBuild = true; # Uncomment in case the system you're deploying from is not darwin
+      nodes.example = {
+        hostname = "localhost";
+        profiles.system = {
+          user = "root";
+          path = deploy-rs.lib.x86_64-darwin.activate.darwin self.darwinConfigurations.example;
+        };
+      };
+    };
+
+    checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
+  };
+}
diff --git a/flake.nix b/flake.nix
@@ -106,6 +106,13 @@
 
             home-manager = base: custom base.activationPackage "$PROFILE/activate";
 
+            # Activation script for 'darwinSystem' from nix-darwin.
+            # 'HOME=/var/root' is needed because 'sudo' on darwin doesn't change 'HOME' directory,
+            # while 'darwin-rebuild' (which is invoked under the hood) performs some nix-channel
+            # checks that rely on 'HOME'. As a result, if 'sshUser' is different from root,
+            # deployment may fail without explicit 'HOME' redefinition.
+            darwin = base: custom base.config.system.build.toplevel "HOME=/var/root $PROFILE/activate";
+
             noop = base: custom base ":";
           };
 
