Skip to content

Instantly share code, notes, and snippets.

@chrisandreae
Last active July 15, 2020 22:31
Show Gist options
  • Save chrisandreae/e61e06f08ec0a650a0b3b41788d41724 to your computer and use it in GitHub Desktop.
Save chrisandreae/e61e06f08ec0a650a0b3b41788d41724 to your computer and use it in GitHub Desktop.
#!/usr/bin/env bash
set -e
set -u
nix-collect-garbage
sudo launchctl unload /Library/LaunchDaemons/org.nixos.nix-daemon.plist
(echo 'nix'; echo -e 'run\tprivate/var/run') | sudo tee -a /etc/synthetic.conf >/dev/null
sudo mv /nix /was-nix
sudo mkdir /nix
PASSPHRASE=$(openssl rand -base64 32)
echo "Creating encrypted APFS volume with passphrase: $PASSPHRASE" >&2
sudo diskutil apfs addVolume disk1 'Case-sensitive APFS' Nix -mountpoint /nix -passphrase "$PASSPHRASE"
UUID=$(diskutil info -plist /nix | plutil -extract VolumeUUID xml1 - -o - | plutil -p - | sed -e 's/"//g')
security add-generic-password -l Nix -a "$UUID" -s "$UUID" -D "Encrypted Volume Password" -w "$PASSPHRASE" \
-T "/System/Library/CoreServices/APFSUserAgent" -T "/System/Library/CoreServices/CSUserAgent"
sudo diskutil enableOwnership /nix
echo 'LABEL=Nix /nix apfs rw' | sudo tee -a /etc/fstab >/dev/null
echo "Copying nix to new volume.." >&2
sudo rsync -aH /was-nix/ /nix/
sudo launchctl load /Library/LaunchDaemons/org.nixos.nix-daemon.plist
echo 'Waiting for nix-daemon..' >&2
while ! nix ping-store >/dev/null 2>&1; do
echo -n '.' >&2
sleep 1
done
echo >&2
sudo rm -r /was-nix
echo "Done!" >&2
@dhruvio
Copy link

dhruvio commented Oct 17, 2019

Thanks, this was very helpful!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment