Skip to content

Instantly share code, notes, and snippets.

@michaelglass
Forked from chrisandreae/pre-catalina.sh
Last active September 21, 2021 12:10
Show Gist options
  • Save michaelglass/31f272ab42233e81c85b296791d36ddd to your computer and use it in GitHub Desktop.
Save michaelglass/31f272ab42233e81c85b296791d36ddd to your computer and use it in GitHub Desktop.
#!/bin/bash
set -euo pipefail
# uncomment to debug
# set -x
echo "1️⃣. Does catalina know to create the nix directory?"
if ! grep nix /etc/synthetic.conf > /dev/null 2>&1; then
echo "nix missing from /etc/synthetic.conf. Adding it (will request sudo)"
echo "nix" | sudo tee -a /etc/synthetic.conf > /dev/null
else
echo "nix detected in /etc/synthetic.conf. Catalina will autogenerate."
fi
echo "2️⃣. Does the /nix directory exist?"
if [ ! -d "/nix" ]; then
echo "/nix directory not yet created. please reboot"
exit 0
else
echo "/nix exists!"
fi
echo "3️⃣. Is the Nix volume created?"
if ! diskutil info Nix > /dev/null 2>&1; then
echo "nix volume not created."
PASSPHRASE=$(openssl rand -base64 32)
echo "Creating encrypted APFS volume with passphrase: $PASSPHRASE"
echo "⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇"
set -x
sudo diskutil apfs addVolume disk1 'Case-sensitive APFS' Nix -mountpoint /nix -passphrase "$PASSPHRASE"
set +x
echo "⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆"
UUID=$(diskutil info -plist /nix | plutil -extract VolumeUUID xml1 - -o - | plutil -p - | sed -e 's/"//g')
echo "writing nix passphrase to your keychain"
echo "⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇"
set -x
security add-generic-password -l Nix -a "$UUID" -s "$UUID" -D "Encrypted Volume Password" -w "$PASSPHRASE" \
-T "/System/Library/CoreServices/APFSUserAgent" -T "/System/Library/CoreServices/CSUserAgent"
set +x
echo "⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆"
else
echo "nix volume already created"
fi
echo "4️⃣. Is ownership enabled on the volume?"
if ! diskutil info /nix | grep -E "Owners:\s+Enabled" > /dev/null; then
echo "enabling ownership on nix volume (I'm not totally sure why!)"
echo "⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇"
set -x
sudo diskutil enableOwnership /nix
set +x
echo "⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆"
else
echo "ownership on nix volume already enabled "
fi
echo "5️⃣. Will OSX load the volume on boot?"
if ! grep nix /etc/fstab > /dev/null; then
echo "enabling automount of nix volume"
# we explicitly want unescaped in this printf, so ignore shellcheck
# shellcheck disable=SC2016
printf '$a\nLABEL=Nix /nix apfs rw\n.\nwq\n' |
EDITOR='ed' sudo vifs >/dev/null
else
echo "automount of nix volume already enabled"
fi
echo "6️⃣. is nix installed?"
# we use /nix/store existance as a proxy for checking if nix is installed
if [ ! -d /nix/store ]; then
echo "nix has not yet been initialized ..."
echo "6️⃣.1️⃣ do we have a previous version of nix?"
if [ -d /Users/Shared/Relocated\ Items/Security/nix/ ]; then
echo "detected nix from before catalina upgrade."
echo "⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇ ⬇"
echo "making temp dir"
set -x
mkdir -p /nix/temp
set +x
echo "copying into temp dir (this will probably take a while!)"
echo "we use a temp dir to make it more clear when the rsync has finished"
# we use /nix/store as a proxy for, "nix has been setup"
# we rsync to /nix/temp to know that only _after_ rsync is done,
# if rsync is cancelled mid-completion, it can be restarted with this script
set -x
sudo rsync -aH /Users/Shared/Relocated\ Items/Security/nix/ /nix/temp
set +x
echo "moving from temp dir to parent"
set -x
mv /nix/temp/* /nix
rm -rf /nix/temp
set +x
echo "ensuring you're the owner of nix"
set -x
sudo chown -R "$(whoami)" /nix
set +x
echo "removing pre-relocated items"
set -x
sudo rm -rf /Users/Shared/Relocated\ Items/Security/nix
set +x
echo "⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆ ⬆"
else
echo "Detected no previous nix. Installing fresh"
set -x
curl https://nixos.org/nix/install | sh
set +x
fi
else
echo "Nix has already been installed ..."
fi
echo "🎉done!🎉
please start another terminal and I think you should be good to go.
p.s. Previously, nix started an agent and I couldn't figure it out on my system... If you know more, please dig in.
"
@michaelglass
Copy link
Author

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment