services.logind.extraConfig -> services.logind.settings.Login. 1c2148c1 parent 8d9a12b0

authored by Talya Connor committed by ~talya

nix-rosetta-builder / README.md

1
# nix-rosetta-builder
2
3
A [Rosetta 2](https://developer.apple.com/documentation/virtualization/running_intel_binaries_in_linux_vms_with_rosetta)-enabled,
4
Apple silicon (macOS/Darwin)-hosted Linux
5
[Nix builder](https://nix.dev/manual/nix/2.18/advanced-topics/distributed-builds).
6
7
Runs on aarch64-darwin and builds aarch64-linux (natively) and x86_64-linux (quickly using Rosetta
8
2).
9
10
## Features
11
12
Advantages over nix-darwin's built in
13
[`nix.linux-builder`](https://daiderd.com/nix-darwin/manual/index.html#opt-nix.linux-builder.enable)
14
(which is based on
15
[`pkgs.darwin.linux-builder`](https://nixos.org/manual/nixpkgs/stable/#sec-darwin-builder)):
16
17
* x86_64-linux support enabled by default and much faster (using Rosetta 2)
18
* Multi-core by default
19
* Optionally runs VM on-demand, powering off when idle (see: `nix-rosetta-builder.onDemand` option)
20
* More secure:
21
* VM runs with minimum permissions (runs as a non-root/admin/wheel user/service account)
22
* VM doesn't accept remote connections (it binds to the loopback interface (127.0.0.1))
23
* VM cannot be impersonated (its private SSH host key is not publicly-known)
24
25
## nix-darwin flake setup
26
27
flake.nix:
28
```nix
29
{
30
description = "Configure macOS using nix-darwin with rosetta-builder";
31
32
inputs = {
33
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
34
nix-darwin = {
35
url = "github:lnl7/nix-darwin";
36
inputs.nixpkgs.follows = "nixpkgs";
37
};
38
nix-rosetta-builder = {
39
url = "github:cpick/nix-rosetta-builder";
40
inputs.nixpkgs.follows = "nixpkgs";
41
};
42
};
43
44
outputs = inputs@{ self, nix-darwin, nix-rosetta-builder, nixpkgs }: {
45
darwinConfigurations."${hostname}" = nix-darwin.lib.darwinSystem {
46
modules = [
47
# An existing Linux builder is needed to initially bootstrap `nix-rosetta-builder`.
48
# If one isn't already available: comment out the `nix-rosetta-builder` module below,
49
# uncomment this `linux-builder` module, and run `darwin-rebuild switch`:
50
# { nix.linux-builder.enable = true; }
51
# Then: uncomment `nix-rosetta-builder`, remove `linux-builder`, and `darwin-rebuild switch`
52
# a second time. Subsequently, `nix-rosetta-builder` can rebuild itself.
53
nix-rosetta-builder.darwinModules.default
54
{
55
# see available options in module.nix's `options.nix-rosetta-builder`
56
nix-rosetta-builder.onDemand = true;
57
}
58
];
59
};
60
};
61
}
62
```
63
64
## Uninstall
65
66
1. Set `nix-rosetta-builder.enable = false` in the nix-darwin configuration and run
67
`darwin-rebuild switch` to clean up resources (including VM, user, group, storage, etc)
68
2. Optionally remove `nix-rosetta-builder` from the nix-darwin configuration
69
70
## Contributing
71
72
Feature requests, bug reports, and pull requests are all welcome.
73