From fb2bc03f922d406621928a80b28225340cb2b070 Mon Sep 17 00:00:00 2001
From: Emily <vcs@emily.moe>
Date: Tue, 28 Jan 2025 18:40:29 +0000
Subject: [PATCH] activation-scripts: add unmanaged system Nix to activation
 path
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Currently, the `bin` directory of the configured system
is embedded in the `$PATH` of activation scripts, but not
other elements of the default `environment.systemPath` like
`/nix/var/nix/profiles/default/bin` or `/usr/local/bin`. This
means that when nix-darwin is not managing the Nix installation,
activation scripts like Home Manager’s that want to look up the
system‐managed Nix can’t find it. Search for it on the entire
`environment.systemPath` and add the appropriate directory if found.

We leave the launchd `activate-system` daemon alone, because it has
erroneously referred to `@out@/sw/bin` forever and therefore never got
a Nix on the path to begin with. That’s a problem for another time.

(The more ideal solution is probably for Home Manager activation to
be driven by launchd or something, but that’s a longer‐term goal.)
---
 modules/system/activation-scripts.nix | 34 +++++++++++++++++++++++++--
 tests/nix-enable.nix                  |  3 +++
 2 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/modules/system/activation-scripts.nix b/modules/system/activation-scripts.nix
index b95ea32..341e782 100644
--- a/modules/system/activation-scripts.nix
+++ b/modules/system/activation-scripts.nix
@@ -13,6 +13,32 @@ let
     mkTextDerivation = name: text: pkgs.writeScript "activate-${name}" text;
   };
 
+  activationPath =
+    lib.makeBinPath [
+      pkgs.gnugrep
+      pkgs.coreutils
+    ]
+    + lib.optionalString (!config.nix.enable) ''
+      $(
+        # If `nix.enable` is off, there might be an unmanaged Nix
+        # installation (say in `/nix/var/nix/profiles/default`) that
+        # activation scripts (such as Home Manager) want to find on the
+        # `$PATH`. Search for it directly to avoid polluting the
+        # activation script environment with everything on the
+        # `environment.systemPath`.
+        if nixEnvPath=$(
+          PATH="${config.environment.systemPath}" command -v nix-env
+        ); then
+          printf ':'
+          ${lib.getExe' pkgs.coreutils "dirname"} -- "$(
+            ${lib.getExe' pkgs.coreutils "readlink"} \
+              --canonicalize-missing \
+              -- "$nixEnvPath"
+          )"
+        fi
+      )''
+    + ":@out@/sw/bin:/usr/bin:/bin:/usr/sbin:/sbin";
+
 in
 
 {
@@ -40,7 +66,9 @@ in
       #! ${stdenv.shell}
       set -e
       set -o pipefail
-      export PATH="${pkgs.gnugrep}/bin:${pkgs.coreutils}/bin:@out@/sw/bin:/usr/bin:/bin:/usr/sbin:/sbin"
+
+      PATH="${activationPath}"
+      export PATH
 
       systemConfig=@out@
 
@@ -86,7 +114,9 @@ in
       #! ${stdenv.shell}
       set -e
       set -o pipefail
-      export PATH="${pkgs.gnugrep}/bin:${pkgs.coreutils}/bin:@out@/sw/bin:/usr/bin:/bin"
+
+      PATH="${activationPath}"
+      export PATH
 
       systemConfig=@out@
 
diff --git a/tests/nix-enable.nix b/tests/nix-enable.nix
index 4e7a178..0828834 100644
--- a/tests/nix-enable.nix
+++ b/tests/nix-enable.nix
@@ -10,5 +10,8 @@
 
     printf >&2 'checking for unexpected nix-daemon plist in /Library/LaunchDaemons\n'
     [[ -e ${config.out}/Library/LaunchDaemons/org.nixos.nix-daemon.plist ]] && exit 1
+
+    printf >&2 'checking for late‐bound Nix lookup in /activate\n'
+    grep nixEnvPath= ${config.out}/activate
   '';
 }