various fixes for nix 25.05

author: Franck Cuny <franck@fcuny.net> 2025-07-06 12:47:41 -0700
committer: Franck Cuny <franck@fcuny.net> 2025-07-06 12:47:41 -0700
commit: 45aab7c55480effff57341131177243404c0f332 (patch)
tree: 49c4c1b20ff569c3ddfd1bf254de29433b6acfc0 /nix
parent: flake.lock: Update (diff)
download: infra-45aab7c55480effff57341131177243404c0f332.tar.gz
3 files changed, 56 insertions, 47 deletions
diff --git a/nix/lib/mkSystem.nix b/nix/lib/mkSystem.nix
index c069a3f..ba9a46a 100644
--- a/nix/lib/mkSystem.nix
+++ b/nix/lib/mkSystem.nix
@@ -28,48 +28,53 @@ in
 systemFunc rec {
   inherit system;
 
-  modules = [
-    # Allow unfree packages.
-    { nixpkgs.config.allowUnfree = true; }
+  modules =
+    [
+      # Allow unfree packages.
+      { nixpkgs.config.allowUnfree = true; }
 
-    # Add overlays
-    { nixpkgs.overlays = overlays; }
+      # Add overlays
+      { nixpkgs.overlays = overlays; }
 
-    inputs.disko.nixosModules.disko
-    inputs.agenix.nixosModules.default
+      machineConfig
+      userOSConfig
+      home-manager.home-manager
 
-    machineConfig
-    userOSConfig
-    home-manager.home-manager
-    {
-      home-manager.useGlobalPkgs = true;
-      home-manager.useUserPackages = true;
-      home-manager.sharedModules = [
-        inputs.agenix.homeManagerModules.default
-      ];
-      home-manager.users.${user} = import userHMConfig {
-        inherit
-          self
-          inputs
-          darwin
-          systemName
-          ;
-      };
-      home-manager.extraSpecialArgs = {
-        inherit self inputs;
-        configPath = "${self}/configs/users/${user}";
-      };
-    }
+      inputs.agenix.nixosModules.default
+    ]
+    ++ nixpkgs.lib.optional (!darwin) inputs.disko.nixosModules.disko
+    ++ [
+      {
+        # https://github.com/nix-darwin/nix-darwin/issues/1339
+        ids.gids.nixbld = 30000;
+        home-manager.useGlobalPkgs = true;
+        home-manager.useUserPackages = true;
+        home-manager.sharedModules = [
+          inputs.agenix.homeManagerModules.default
+        ];
+        home-manager.users.${user} = import userHMConfig {
+          inherit
+            self
+            inputs
+            darwin
+            systemName
+            ;
+        };
+        home-manager.extraSpecialArgs = {
+          inherit self inputs;
+          configPath = "${self}/configs/users/${user}";
+        };
+      }
 
-    # We expose some extra arguments so that our modules can parameterize
-    # better based on these values.
-    {
-      config._module.args = {
-        currentSystem = system;
-        currentSystemName = systemName;
-        currentSystemUser = user;
-        inputs = inputs;
-      };
-    }
-  ];
+      # We expose some extra arguments so that our modules can parameterize
+      # better based on these values.
+      {
+        config._module.args = {
+          currentSystem = system;
+          currentSystemName = systemName;
+          currentSystemUser = user;
+          inputs = inputs;
+        };
+      }
+    ];
 }
diff --git a/nix/machines/darwin-shared.nix b/nix/machines/darwin-shared.nix
index e19b7cc..978b43a 100644
--- a/nix/machines/darwin-shared.nix
+++ b/nix/machines/darwin-shared.nix
@@ -34,6 +34,8 @@
     };
   };
 
+  system.primaryUser = "fcuny";
+
   system.defaults = {
     dock = {
       autohide = true;
@@ -62,9 +64,13 @@
     SoftwareUpdate.AutomaticallyInstallMacOSUpdates = true;
   };
 
-  system.activationScripts.postUserActivation.text = ''
-    mkdir -p ~/Documents/screenshots
-  '';
+  # TODO:  - The `system.activationScripts.postUserActivation` option has
+  #     been removed, as all activation now takes place as `root`. Please
+  #     restructure your custom activation scripts appropriately,
+  #     potentially using `sudo` if you need to run commands as a user.
+  # system.activationScripts.postUserActivation.text = ''
+  #   mkdir -p ~/Documents/screenshots
+  # '';
 
   fonts.packages = with pkgs; [
     source-code-pro
@@ -76,9 +82,7 @@
   };
 
   # Touch ID for sudo auth
-  security.pam.enableSudoTouchIdAuth = true;
-
-  services.nix-daemon.enable = true;
+  security.pam.services.sudo_local.touchIdAuth = true;
 
   environment.shells = [ pkgs.fish ];
 
diff --git a/nix/users/fcuny/dev.nix b/nix/users/fcuny/dev.nix
index d85d2c1..b5ea1ec 100644
--- a/nix/users/fcuny/dev.nix
+++ b/nix/users/fcuny/dev.nix
@@ -19,7 +19,7 @@
     nixfmt-rfc-style # new formatter
     python3
     ruff
-    ruff-lsp
+    # ruff-lsp
     rustup
     uv
     wireshark
author	Franck Cuny <franck@fcuny.net>	2025-07-06 12:47:41 -0700
committer	Franck Cuny <franck@fcuny.net>	2025-07-06 12:47:41 -0700
commit	45aab7c55480effff57341131177243404c0f332 (patch)
tree	49c4c1b20ff569c3ddfd1bf254de29433b6acfc0 /nix
parent	flake.lock: Update (diff)
download	infra-45aab7c55480effff57341131177243404c0f332.tar.gz