A Rosetta 2-enabled, Apple silicon (macOS/Darwin)-hosted Linux Nix builder.
Runs on aarch64-darwin and builds aarch64-linux (natively) and x86_64-linux (quickly using Rosetta 2).
Advantages over nix-darwin's built in
nix.linux-builder
(which is based on
pkgs.darwin.linux-builder):
- x86_64-linux support enabled by default and much faster (using Rosetta 2)
- Multi-core by default
- More secure:
- VM runs with minimum permissions (runs as a non-root/admin/wheel user/service account)
- VM doesn't accept remote connections (it binds to the loopback interface (127.0.0.1))
- VM cannot be impersonated (its private SSH host key is not publicly-known)
flake.nix:
{
description = "Configure macOS using nix-darwin with rosetta-builder";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
nix-darwin = {
url = "github:lnl7/nix-darwin";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-rosetta-builder = {
url = "github:cpick/nix-rosetta-builder";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs@{ self, nix-darwin, nix-rosetta-builder, nixpkgs }: {
darwinConfigurations."${hostname}" = nix-darwin.lib.darwinSystem {
modules = [
# An existing Linux builder is needed to initially bootstrap `nix-rosetta-builder`.
# If one isn't already available: comment out the `nix-rosetta-builder` module below,
# uncomment this `linux-builder` module, and run `darwin-rebuild switch`:
# { nix.linux-builder.enable = true; }
# Then: uncomment `nix-rosetta-builder`, remove `linux-builder`, and `darwin-rebuild switch`
# a second time. Subsequently, `nix-rosetta-builder` can rebuild itself.
nix-rosetta-builder.darwinModules.default
];
};
};
}Remove nix-rosetta-builder from nix-darwin's flake.nix, darwin-rebuild switch, and then:
sudo rm -r /var/lib/rosetta-builder
sudo dscl . -delete /Users/_rosettabuilder
sudo dscl . -delete /Groups/rosettabuilderFeature requests, bug reports, and pull requests are all welcome.