Chiliparrot has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
Chiliparrot has joined #nix-darwin
veske has joined #nix-darwin
Chiliparrot has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
dhess has joined #nix-darwin
<dhess>
so, time to install Nix from scratch on a Catalina Mac, and I'm wondering whether anyone has a turnkey way to do this, or at least some steps to follow manually. There are several issues floating around related to this in the nix-darwin GitHub Issues.
<dhess>
for starters, is it possible to install a multi-user Nix on Catalina?
<__monty__>
Multi-user nix is generally not recommended on macOS afaik.
<__monty__>
Neither is sandboxing.
<dhess>
I've been using multi-user Nix on macOS for a few years with no issues.
veske has quit [Quit: This computer has gone to sleep]
<LnL>
dhess: have you read the apfs volume section I wrote?
<LnL>
yeah, goals is more to describe why but it should include all the steps
<dhess>
LnL: here's one bit of feedback. I think you should just remove the "simplest solution" bit about the symlink.
<dhess>
Using and understanding Nix is difficult, even moreso on macOS. I don't think that following those APFS volume creation and /etc/fstab steps are going to trip anyone up.
philr has quit [Ping timeout: 265 seconds]
<dhess>
If you recommend symlinking, down the line it's going to cause problems and if it's an "official" recommendation, people are going to blame Nix for that.
<dhess>
plus all the support issues: are you using a symlink or did you mount an APFS volume ,etc.
<dhess>
just not worth it and I don't think it's that difficult to do the proper solution, compared to learning and using Nix.
butterthebuddha has joined #nix-darwin
<LnL>
well the pr only implements the volume approach
<dhess>
That's good. I was only addressing the draft documentation you linked to.
<johnw>
hi nix-darwinites
<dhess>
hi johnw
<johnw>
hmm.. somebody marked idutils as broken yesterday :(
<dhess>
LnL: regarding the PR in https://github.com/NixOS/nix/pull/3212, initially when Catalina shipped there was talk of needing a line like this in /etc/synthetic.conf, as well: "runprivate/var/run"
<{^_^}>
nix#3212 (by LnL7, 13 weeks ago, open): [WIP] install: configure and bootstrap synthetic.conf on darwin
<dhess>
shouldn't that be in the PR for completeness?
<LnL>
but run can be a symlink without issues
<dhess>
however it's implemented
<dhess>
yeah mine is just a symlink
<LnL>
doesn't really belong there, nix doesn't need it
<dhess>
oh ok that's a fair point
<dhess>
it's just a nix-darwin thing.
<dhess>
I'm seriously tempted just to change the nix store on all of our machines to /opt/nix. We have our own Hydra and will probably end up code-signing our Nix binaries, anyway.
<LnL>
relocating the store is a problem for hydra however
<dhess>
Why's that?
<LnL>
don't know exactly, but niksnut me mentioned that at some point
<dhess>
I suppose it wouldn't surprise me, there are probably tons of assumptions that the store is /nix all over nixpkgs.
<dhess>
That would handle the FileVault case which is really the only thing that doesn't work well once you get past the initial volume setup and Nix installation.
<dhess>
but as it stands, you need a separate encryption key for the /nix volume and then everything breaks at start-up, and you have to re-launch Terminal
<LnL>
yeah, that part is really annoying
<LnL>
even without that volumes seem to be mounted very late for some reason
<LnL>
in principle I like having it separate, but it makes rebooting a bit annoying
ryanartecona has joined #nix-darwin
<dhess>
Agreed. Especially because you can turn on case-sensitivity on /nix :)
<dhess>
although I can't recall that having been an issue before, not with Nix, at least.
butterthebuddha has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
butterthebuddha has joined #nix-darwin
Chiliparrot has joined #nix-darwin
<dhess>
LnL: in that doc link your last line is for the FileVault case: "diskutil apfs enableFileVault /nix -user disk"
<dhess>
does that encrypt /nix using the same FileVault passphrase as the one used for the system volume?
<LnL>
I think it asks the passphrase
<LnL>
so a separate one
<dhess>
it asks for a *new* passphrase for that volume, or just asks for your existing passphrase
<dhess>
oh ok
<dhess>
too bad, that would be one less step.
butterthebuddha has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<LnL>
yeah, reusing the existing encryption is the role stuff you linked earlier
<evelyn>
I wonder if there's some kind of secret to how the mac is mounting its data volume early... it's really strange that extra logical volumes are mounted late
<LnL>
I think it's fstab
<LnL>
the normal apfs volume mounting seems like it's own thing
<{^_^}>
nix#3212 (by LnL7, 13 weeks ago, open): [WIP] install: configure and bootstrap synthetic.conf on darwin
<LnL>
yeah
<dhess>
I'm gonna test it on a VMware fresh Catalina and then an actual Mac.
<dhess>
LnL: link?
<LnL>
sec, let me upload it
<dhess>
cool thank you
<johnw>
if I've use nix copy --to file://PATH, is there any way to interact with that PATH store? For example, to run --check-contents or collect-garbage?
<clever>
johnw: --store file://PATH or `NIX_REMOTE=file://PATH`
<johnw>
thank you!
<clever>
johnw: note that garbage collection can sometimes malfunction, and may just delete everything
<dhess>
hi clever!
* clever
waves
<LnL>
oh I thought gc just wasn't implemented yet
<clever>
ive used it against --store local?root=/foo before
<clever>
but it wont prefix auto roots with /foo as it checks them
<clever>
so if you use it against a mounted nixos, it wont correctly detect all of your result symlinks, and then eat everything
Chiliparrot has quit [Quit: My iMac has gone to sleep. ZZZzzz…]