ryanartecona has quit [Quit: ryanartecona]
philr has quit [Ping timeout: 265 seconds]
philr has joined #nix-darwin
philr has quit [Ping timeout: 268 seconds]
Chiliparrot has joined #nix-darwin
philr has joined #nix-darwin
__monty__ has joined #nix-darwin
Chiliparrot has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
Chiliparrot has joined #nix-darwin
veske has joined #nix-darwin
Chiliparrot has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
dhess has joined #nix-darwin
<dhess> so, time to install Nix from scratch on a Catalina Mac, and I'm wondering whether anyone has a turnkey way to do this, or at least some steps to follow manually. There are several issues floating around related to this in the nix-darwin GitHub Issues.
<dhess> for starters, is it possible to install a multi-user Nix on Catalina?
<__monty__> Multi-user nix is generally not recommended on macOS afaik.
<__monty__> Neither is sandboxing.
<dhess> I've been using multi-user Nix on macOS for a few years with no issues.
veske has quit [Quit: This computer has gone to sleep]
<LnL> dhess: have you read the apfs volume section I wrote?
<dhess> LnL: no, is that new?
<dhess> link?
<{^_^}> nix#3212 (by LnL7, 13 weeks ago, open): [WIP] install: configure and bootstrap synthetic.conf on darwin
<dhess> I hadn't seen that, thanks. Let me take a look at that quickly.
<LnL> but didn't spend that much time on it so thoughts are welcome
<wildsebastian> @dhess I wrote down the necessary steps in my nix-config repos readme. https://github.com/wildsebastian/nix-config/
<dhess> I think ultimately the lesson here is, "never violate the FHS."
<wildsebastian> It's for a single user install though
<dhess> wildsebastian: Cool. That's for single-user and an unencrypted /nix, but it's a start!
<dhess> thanks!
<wildsebastian> You are welcome. Let me know if you have feedback. I plan to write about using nix on macos in a blog post.
<dhess> Any Obsidian folks lurking?
<LnL> yeah, goals is more to describe why but it should include all the steps
<dhess> LnL: here's one bit of feedback. I think you should just remove the "simplest solution" bit about the symlink.
<dhess> Using and understanding Nix is difficult, even moreso on macOS. I don't think that following those APFS volume creation and /etc/fstab steps are going to trip anyone up.
philr has quit [Ping timeout: 265 seconds]
<dhess> If you recommend symlinking, down the line it's going to cause problems and if it's an "official" recommendation, people are going to blame Nix for that.
<dhess> plus all the support issues: are you using a symlink or did you mount an APFS volume ,etc.
<dhess> just not worth it and I don't think it's that difficult to do the proper solution, compared to learning and using Nix.
butterthebuddha has joined #nix-darwin
<LnL> well the pr only implements the volume approach
<dhess> That's good. I was only addressing the draft documentation you linked to.
<johnw> hi nix-darwinites
<dhess> hi johnw
<johnw> hmm.. somebody marked idutils as broken yesterday :(
<dhess> LnL: regarding the PR in https://github.com/NixOS/nix/pull/3212, initially when Catalina shipped there was talk of needing a line like this in /etc/synthetic.conf, as well: "runprivate/var/run"
<{^_^}> nix#3212 (by LnL7, 13 weeks ago, open): [WIP] install: configure and bootstrap synthetic.conf on darwin
<{^_^}> LnL7/nix-darwin#166 (by dhess, 18 weeks ago, open): What's needed for Catalina?
<dhess> is that not needed anymore?
<dhess> I don't see it in the PR
<johnw> I needed the run entry in synthetic.conf
<LnL> yeah, that's a separate thing
<dhess> shouldn't that be in the PR for completeness?
<LnL> but run can be a symlink without issues
<dhess> however it's implemented
<dhess> yeah mine is just a symlink
<LnL> doesn't really belong there, nix doesn't need it
<dhess> oh ok that's a fair point
<dhess> it's just a nix-darwin thing.
<dhess> I'm seriously tempted just to change the nix store on all of our machines to /opt/nix. We have our own Hydra and will probably end up code-signing our Nix binaries, anyway.
<LnL> relocating the store is a problem for hydra however
<dhess> Why's that?
<LnL> don't know exactly, but niksnut me mentioned that at some point
<dhess> I suppose it wouldn't surprise me, there are probably tons of assumptions that the store is /nix all over nixpkgs.
<dhess> Dealing with Catalina wouldn't be so bad if it weren't for the fact that you can't create a new APFS volume in the default volume group (https://github.com/NixOS/nix/issues/2925#issuecomment-539603104).
<dhess> That would handle the FileVault case which is really the only thing that doesn't work well once you get past the initial volume setup and Nix installation.
<dhess> but as it stands, you need a separate encryption key for the /nix volume and then everything breaks at start-up, and you have to re-launch Terminal
<LnL> yeah, that part is really annoying
<LnL> even without that volumes seem to be mounted very late for some reason
<LnL> in principle I like having it separate, but it makes rebooting a bit annoying
ryanartecona has joined #nix-darwin
<dhess> Agreed. Especially because you can turn on case-sensitivity on /nix :)
<dhess> although I can't recall that having been an issue before, not with Nix, at least.
butterthebuddha has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
butterthebuddha has joined #nix-darwin
Chiliparrot has joined #nix-darwin
<dhess> LnL: in that doc link your last line is for the FileVault case: "diskutil apfs enableFileVault /nix -user disk"
<dhess> does that encrypt /nix using the same FileVault passphrase as the one used for the system volume?
<LnL> I think it asks the passphrase
<LnL> so a separate one
<dhess> it asks for a *new* passphrase for that volume, or just asks for your existing passphrase
<dhess> oh ok
<dhess> too bad, that would be one less step.
butterthebuddha has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<LnL> yeah, reusing the existing encryption is the role stuff you linked earlier
<evelyn> I wonder if there's some kind of secret to how the mac is mounting its data volume early... it's really strange that extra logical volumes are mounted late
<LnL> I think it's fstab
<LnL> the normal apfs volume mounting seems like it's own thing
butterthebuddha has joined #nix-darwin
johnw has quit [Quit: ZNC - http://znc.in]
johnw has joined #nix-darwin
<dhess> LnL: do you have a built installer for that https://github.com/NixOS/nix/pull/3212 PR ?
<{^_^}> nix#3212 (by LnL7, 13 weeks ago, open): [WIP] install: configure and bootstrap synthetic.conf on darwin
<LnL> yeah
<dhess> I'm gonna test it on a VMware fresh Catalina and then an actual Mac.
<dhess> LnL: link?
<LnL> sec, let me upload it
<dhess> cool thank you
<johnw> if I've use nix copy --to file://PATH, is there any way to interact with that PATH store? For example, to run --check-contents or collect-garbage?
<clever> johnw: --store file://PATH or `NIX_REMOTE=file://PATH`
<johnw> thank you!
<clever> johnw: note that garbage collection can sometimes malfunction, and may just delete everything
<dhess> hi clever!
* clever waves
<LnL> oh I thought gc just wasn't implemented yet
<clever> ive used it against --store local?root=/foo before
<clever> but it wont prefix auto roots with /foo as it checks them
<clever> so if you use it against a mounted nixos, it wont correctly detect all of your result symlinks, and then eat everything
Chiliparrot has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
<butterthebuddha> How do I delete old nix-darwin generations?
Chiliparrot has joined #nix-darwin
<evelyn> nix-env --delete-generations (etc)
<LnL> you need to specify the profile with nix-env, isn't there an option on darwin-rebuild?
ryanartecona has quit [Quit: ryanartecona]
<butterthebuddha> LnL not as far as I can tell
<LnL> nix-env -p /nix/var/nix/profiles/system <args>
<LnL> but more generally nix-collect-garbage --delete-older-than 30d will prune all profiles
Chiliparrot has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
<butterthebuddha> LnL I did run nix-collect-garbage -d, but that doesn't seem to touch nix-darwin's profiles
<butterthebuddha> s/profiles/generations
<LnL> ah yeah, needs sudo
<butterthebuddha> That worked, ty
ryanartecona has joined #nix-darwin
butterthebuddha has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
johnw has quit [Quit: ZNC - http://znc.in]
butterthebuddha has joined #nix-darwin
butterthebuddha has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
butterthebuddha has joined #nix-darwin
ryanartecona has quit [Quit: ryanartecona]
Chiliparrot has joined #nix-darwin
butterthebuddha has quit [Read error: Connection reset by peer]
johnw has joined #nix-darwin
<johnw> clever: nix-store --store file:///Volumes/Backup/nix --verify --check-contents does nothing
<johnw> it just returns immediatley with exit code 0
<johnw> same with setting NIX_REMOTE
<clever> johnw: what does `ls -l /Volumes/Backup/nix` show?
<johnw> lots and lots of *.narinfo files
<johnw> and a nar directory
<johnw> this directory was produced by running: nix copy --all --to file:///Volumes/Backup/nix
<johnw> it's got many tens of gigabytes in it
<clever> johnw: yeah, thats effectively a binary cache, the narinfo files contain the hashes of both the .nar and the .nar.xz
<johnw> so it only ever grows? I can't validate it or garbage collect it?
<clever> johnw: let me check the source...
<clever> johnw: you can also use local?root=/Volumes/Backup
<clever> that will do basically the same thing, but leave things fully unpacked
<clever> thats the bulk of the protocol specific code, for file:// urls
<clever> i see nothing involving deletion of paths
<clever> so it has no way to delete things, ever?
<LnL> yeah that's what I said before
<clever> but local?root=/mnt is using the exact same api that nix-daemon uses to open /nix/store itself
<clever> its just prefixing paths with /mnt/
<clever> so that does have the ability to GC
ryanartecona has joined #nix-darwin
Chiliparrot has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
ChanServ has quit [shutting down]
ChanServ has joined #nix-darwin
ryanartecona has quit [Quit: ryanartecona]
__monty__ has quit [Quit: leaving]
philr has joined #nix-darwin