(With some tweaks to handle `nix.enable` and order it at a more
sensible position in the `$PATH`.)
The installers actually install Nix into `root`’s profile for some
reason, which means that the path’s prioritization backfires when
the script runs as root and we’re managing the Nix installation. When
running `darwin-rebuild` as a normal user, this wasn’t a problem.
Maybe we should just have a check to make sure there’s no conflicting
Nix in `root`’s profile – it seems pretty bad for `root` to
get the wrong Nix – but it would trigger for almost everyone,
which seems kind of annoying. I guess we could automatically
remove it from `root`’s profile if it matches what’s in
`/nix/var/nix/profiles/default`…
This reverts commit 02232f71c5.
This is an equivalent of the `nix.enable` option from NixOS
and Home Manager. On NixOS, it mostly serves to allow building
fixed‐configuration systems without any Nix installation at
all. It should work for that purpose with nix-darwin too, and the
implementation is largely the same, but the main use case is more
similar to the Home Manager option: to allow the use of nix-darwin
with an unmanaged system installation of Nix, including when there
is another service expecting to manage it, as with Determinate.
By providing an escape hatch to opt out of Nix management entirely,
this will also allow us to consolidate and simplify our existing Nix
installation management, by being more opinionated about things like
taking ownership of the daemon and the build users. Porting one option
from NixOS lets us drop two that only ever existed in nix-darwin and
reduce overall complexity.
We already put `/nix/var/nix/profiles/default/bin` on the `$PATH`,
and whatever `nix.package` is set to already gets installed into
`/run/current-system/sw/bin`, so this is pointless.
Using `grep -v` without `-z` will return 0 even if there is a match
found as all the non-matching lines will be matched. Instead of using
`grep -vqz`, `(! grep ...)` is more readable.
The brackets are necessary as `! grep` will not trigger `set -e`[0], so we
run it inside a subshell to use its non-zero exit code.
[0]: https://www.gnu.org/savannah-checkouts/gnu/bash/manual/bash.html#The-Set-Builtin
This change updates the usage description of darwin-rebuild.sh as
follows:
* Add options:
--print-build-logs / -L
--no-registries
--commit-lock-file
--no-write-lock-file
--override-input
* Specify that --no-flake and the flake related options are
mutually exclusive.
* Specify that --keep-going and -k are aliases.
* Specify that --keep-failed and -K are aliases.
* Correct the description of --update-input; only one value follows.
The --no-build-hook argument remains undocumented, like for nix.
