darwin.linux-builder: split create-builder script

The current workflow for starting the `linux-builder` on macOS is to run `nix run nixpkgs#darwin.linux-builder`, which adds keys to the store and then starts the builder. Adding the keys requires user input (due to `sudo`) but the actual builder should just stay running in the background somewhere. I'd like to automate this process, but it's currently rather complex: the first part of the script needs user input for `sudo`, and then there's no signal when the process has finished starting up. The user will need to see stdout/stderr during the first part, which makes it challenging to capture it for the second part to determine when startup has finished. To fix this, I've split the `create-builder` script into an `add-keys` script (interactive) and a `run-builder` script (background). These new scripts are exposed in the `passthru` attributes for external users. The `create-builder` script is now a simple call of `add-keys` and then `run-builder`. See: https://nixos.org/manual/nixpkgs/unstable/#sec-darwin-builder
2025-06-10 19:55:41 +03:00 · 2025-05-12 11:41:21 -07:00 · 2025-05-12 11:41:21 -07:00 · 2263f723c1
commit 2263f723c1
parent 7b3c99fb46
1 changed files with 16 additions and 2 deletions
--- a/nixos/modules/profiles/nix-builder-vm.nix
+++ b/nixos/modules/profiles/nix-builder-vm.nix
@ -163,7 +163,7 @@ in

        hostPkgs = config.virtualisation.host.pkgs;

-        script = hostPkgs.writeShellScriptBin "create-builder" (
+        add-keys = hostPkgs.writeShellScriptBin "add-keys" (
          ''
            set -euo pipefail
          ''
@ -191,10 +191,22 @@ in
            if ! ${hostPkgs.diffutils}/bin/cmp "''${PUBLIC_KEY}" ${publicKey}; then
              (set -x; sudo --reset-timestamp ${installCredentials} "''${KEYS}")
            fi
-            KEYS="$(${hostPkgs.nix}/bin/nix-store --add "$KEYS")" ${lib.getExe config.system.build.vm}
          ''
        );

+        run-builder = hostPkgs.writeShellScriptBin "run-builder" (''
+          set -euo pipefail
+          KEYS="''${KEYS:-./keys}"
+          KEYS="$(${hostPkgs.nix}/bin/nix-store --add "$KEYS")" ${lib.getExe config.system.build.vm}
+        '');
+
+        script = hostPkgs.writeShellScriptBin "create-builder" (''
+          set -euo pipefail
+          export KEYS="''${KEYS:-./keys}"
+          ${lib.getExe add-keys}
+          ${lib.getExe run-builder}
+        '');
+
      in
      script.overrideAttrs (old: {
        pos = __curPos; # sets meta.position to point here; see script binding above for package definition
@ -205,6 +217,8 @@ in
          # Let users in the repl inspect the config
          nixosConfig = config;
          nixosOptions = options;
+
+          inherit add-keys run-builder;
        };
      });