Installer fails to (re)install nix on macOS Ventura with nix-darwin

[roman]

I had nix previously installed and had to remove it manually. Now the installation process fails with the error bellow.

Error

Error: 
   0: Install failure
   1: Error executing action
   2: Action `configure_init_service` errored
   3: Copying file `/nix/var/nix/profiles/default/Library/LaunchDaemons/org.nixos.nix-daemon.plist` to `/Library/LaunchDaemons/org.nixos.nix-daemon.plist`
   4: No such file or directory (os error 2)

Metadata

key	value
version	0.8.0
os	macos
arch	aarch64

[roman]

I "tricked" the installer by manually doing this:

sudo cp -R /nix/var/nix/profiles/per-user/root/profile/Library /nix/var/nix/profiles/default

After the installer failed, I did not revert it changes and tried again

[roman]

After this, I noticed that /run/current-system/sw is not mounted, something is still funky :-(

[roman]

After some thinking about this over the weekend, I'm wondering if one of the nix daemons is responsible for mounting the /nix/var/nix/profiles/default path, and the installer is expecting that to be there as a side effect?

My plan is to check if there are some logs on the nix daemons that would report an error.

[roman]

Uhm, after reading #529, I went ahead and set explicitly the latest version of the installer, and that seemed to work.

I'm still getting a very rare error when trying to build a darwinConfiguration from an (unversioned) flake directory.

nix build -L .#darwinConfigurations.$(hostname).system
error (ignored): error: end of string reached
error:
       … in the condition of the assert statement

         at «string»:66:13:

           65|           if node.flake or true then
           66|             assert builtins.isFunction flake.outputs;
             |             ^
           67|             result

       … while calling the 'isFunction' builtin

         at «string»:66:20:

           65|           if node.flake or true then
           66|             assert builtins.isFunction flake.outputs;
             |                    ^
           67|             result

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: getting status of '/nix/store/yrpnmdgnvrlmzyic9gyc6dv8c918bwgp-source': No such file or directory

It seems there is some state hanging on the flake configuration?

[Hoverbear]

@roman I'm glad to know 0.9.1 was offering you a better experience. I'm sorry about the issues you were having with 0.8.0, they are indeed quite funky.

In this case does /nix/store/yrpnmdgnvrlmzyic9gyc6dv8c918bwgp-source exist?

[roman]

No, and nix flakes are not downloading it. I would like to know if it has something to do with the lazy input setup they have in place. Very weird behavior indeed

[roman]

Ok, I was never able to get the dependency worked out. I had to change the nixpkgs input for nix-darwin on my flake configuration, and that showed me the next mole to whack. I think this may be related to the installer:

$ nix build -L .#darwinConfigurations.$(hostname).system
error:
       … while calling the 'derivationStrict' builtin

         at //builtin/derivation.nix:9:12: (source not available)

       … while evaluating derivation 'darwin-system-23.11.20230625.07059ee+darwin4.25ae710'
         whose name attribute is located at /nix/store/hmdjvalbmsb9x9wir7xq8y623abjl55w-source/pkgs/stdenv/generic/make-derivation.nix:303:7

       … while evaluating attribute 'activationScript' of derivation 'darwin-system-23.11.20230625.07059ee+darwin4.25ae710'

         at /nix/store/2fadnin05vbs2hf682ilqvqri6z80mp5-source/modules/system/default.nix:77:7:

           76|
           77|       activationScript = cfg.activationScripts.script.text;
             |       ^
           78|       activationUserScript = cfg.activationScripts.userScript.text;

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: unable to download 'https://cache.nixos.org/lfkdbzknd4x50vkb4im2dk9zp42z3a3f.narinfo': Problem with the SSL CA cert (path? access rights?) (77)

[roman]

Tried this solution step, and it worked as expected.

There was a dangling file from the previous installation:

ls -lah /etc/ssl/certs/ca-certificates.crt 
lrwxr-xr-x  1 root  wheel    41B  7 Jun 14:36 /etc/ssl/certs/ca-certificates.crt -> /etc/static/ssl/certs/ca-certificates.crt

I wonder if home-manager + nix-darwin take hold of this file and do something different with it from what the nix installer would do. Maybe something to check on the uninstall/install actions?

[Hoverbear]

Hmmm that's interesting... Did you pass an --ssl-cert-file during install? I wonder if nix-darwin makes this, because I didn't see the bash install scripts doing it...

[roman]

Did you pass an --ssl-cert-file during install?

No, I didn't use that option during the execution of nix-installer.

I have a flake + nix-darwin + home-manager setup; I know nix-darwin does some overrides to the nix.conf file. It also asks me to create a new link for the ssl-certs on nix-darwin switch.

[Hoverbear]

Okay, I'll need to do some testing then. THanks for reporting!

[p1xelHer0]

I'm not sure if I am approaching the same area.

I had an old nix installation with nix-darwin installed by the official installer. I decided to give this one a go!

• I followed the instructions for uninstalling my previous nix on macOS here.

• I did NOT run the nix-darwin uninstaller, maybe that is my problem.

• Anyways, THIS installer runs successfully, it install Nix 2.15.0 with flakes and such enabled.

But whenever I try to do anything I get this SSL CA Cert error:

I tried with the official installer as well, I get the same error with it!

p1xelher0@p1xelBook ~ % nix-shell -p nix-info --run "nix-info -m"        
error: unable to download 'https://cache.nixos.org/f32pg5i2rp6vnp7sw0531cx4fdr33i3c.narinfo': Problem with the SSL CA cert (path? access rights?) (77)

My NIX_SSL_CERT_FILE is set:

p1xelher0@p1xelBook ~ % echo $NIX_SSL_CERT_FILE                    
/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt

My etc ca-certificate.crt looks like this:

p1xelher0@p1xelBook ~ % ls -lah /etc/ssl/certs/ca-certificates.crt 
lrwxr-xr-x  1 root  wheel    41B Jan 16  2022 /etc/ssl/certs/ca-certificates.crt -> /etc/static/ssl/certs/ca-certificates.crt

I feel kinda clueless and I'm not sure it's related to my previous old nix-darwin installation or not. I am not even sure I am at the right place but the issues here looked somehow related.

Thank you!

[p1xelHer0]

After some more reading it appears the issue is the cert:

p1xelher0@p1xelBook ~ % ls -lah /etc/ssl/certs/ca-certificates.crt 
lrwxr-xr-x  1 root  wheel    41B Jan 16  2022 /etc/ssl/certs/ca-certificates.crt -> /etc/static/ssl/certs/ca-certificates.crt

If I understand this correctly it means that my cert is symlinked to the old etc/static cert (which nix-darwin creates) which no longer exists.

My idea is that the cause of this is me "nuking" my old Nix installation without properly running the nix-darwin uninstaller.

I see people mention that they "fix" the symbolic link. My question being:

How do I fix it? :D @roman

Thank you once again!

[p1xelHer0]

Sorry for being a slow person but I removed the /etc/ssl/certs/ca-certificate.crt and reinstalled and now I don't get the 77 error, woho!

[Hoverbear]

So neither this crate or the official install scripts provision /etc/ssl/certs/ca-certificates.crt, or /etc/static/ssl/certs/ca-certificates.crt, it's created by nix-darwin I believe?

If you try running launchctl print system/org.nixos.nix-daemon you may see a line like this:

environment = {
    # ...
    NIX_SSL_CERT_FILE => /etc/ssl/certs/ca-certificates.crt
}

That's likely what's causing the issue. I think doing launchctl unsetenv NIX_SSL_CERT_FILE may solve it. I'll try to reproduce and confirm it.

[Hoverbear]

ephemeraladmin@mac-epic-turducken ~ % curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
info: downloading installer https://install.determinate.systems/nix/tag/v0.10.0/nix-installer-aarch64-darwin
`nix-installer` needs to run as `root`, attempting to escalate now via `sudo`...
Nix install plan (v0.10.0)
Planner: macos (with default settings)

Planned actions:
* Create an APFS volume `Nix Store` for Nix on `disk2` and add it to `/etc/fstab` mounting on `/nix`
* Fetch `https://releases.nixos.org/nix/nix-2.15.0/nix-2.15.0-aarch64-darwin.tar.xz` to `/nix/temp-install-dir`
* Create a directory tree in `/nix`
* Move the downloaded Nix into `/nix`
* Create build users (UID 300-332) and group (GID 30000)
* Configure Time Machine exclusions
* Setup the default Nix profile
* Place the Nix configuration in `/etc/nix/nix.conf`
* Configure the shell profiles
* Configure Nix daemon related settings with launchctl
* Remove directory `/nix/temp-install-dir`


Proceed? ([Y]es/[n]o/[e]xplain): y
 INFO Step: Create an APFS volume `Nix Store` for Nix on `disk2` and add it to `/etc/fstab` mounting on `/nix`
 INFO Step: Provision Nix
 INFO Step: Create build users (UID 300-332) and group (GID 30000)
 INFO Step: Configure Time Machine exclusions
 INFO Step: Configure Nix
 INFO Step: Configure Nix daemon related settings with launchctl
 INFO Step: Remove directory `/nix/temp-install-dir`
Nix was installed successfully!
To get started using Nix, open a new shell or run `. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh`

ephemeraladmin@mac-epic-turducken ~ % . /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh

Then, following this I wrote this to ~/boop/flake.nix

{
  description = "John's darwin system";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-23.05-darwin";
    darwin.url = "github:lnl7/nix-darwin/master";
    darwin.inputs.nixpkgs.follows = "nixpkgs";
  };

  outputs = inputs@{ self, darwin, nixpkgs }: {
    darwinConfigurations."mac-epic-turducken" = darwin.lib.darwinSystem {
      modules = [(
        { pkgs, ... }:
        {
          # List packages installed in system profile. To search by name, run:
          # $ nix-env -qaP | grep wget
          environment.systemPackages =
            [ pkgs.vim
            ];

          # Auto upgrade nix package and the daemon service.
          services.nix-daemon.enable = true;
          nix.package = pkgs.nix;
          nixpkgs.hostPlatform = "aarch64-darwin";
        }
      )];
    };
  };
}

After,

ephemeraladmin@mac-epic-turducken boop % nix build .#darwinConfigurations.mac-epic-turducken.system
ephemeraladmin@mac-epic-turducken boop % sudo ./result/sw/bin/darwin-rebuild switch --flake ~/boop 
warning: $HOME ('/Users/ephemeraladmin') is not owned by you, falling back to the one defined in the 'passwd' file ('/var/root')
building the system configuration...
warning: $HOME ('/Users/ephemeraladmin') is not owned by you, falling back to the one defined in the 'passwd' file ('/var/root')
warning: $HOME ('/Users/ephemeraladmin') is not owned by you, falling back to the one defined in the 'passwd' file ('/var/root')
error: Directory /run does not exist, aborting activation
Create a symlink to /var/run with:

$ printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf
$ /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B # For Catalina
$ /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t # For Big Sur and later

The current contents of /etc/synthetic.conf is:

    nix

ephemeraladmin@mac-epic-turducken boop % printf 'run\tprivate/var/run\n' | sudo tee -a /etc/synthetic.conf

ephemeraladmin@mac-epic-turducken boop % sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t

ephemeraladmin@mac-epic-turducken boop % sudo ./result/sw/bin/darwin-rebuild switch --flake ~/boop               
warning: $HOME ('/Users/ephemeraladmin') is not owned by you, falling back to the one defined in the 'passwd' file ('/var/root')
building the system configuration...
warning: $HOME ('/Users/ephemeraladmin') is not owned by you, falling back to the one defined in the 'passwd' file ('/var/root')
warning: $HOME ('/Users/ephemeraladmin') is not owned by you, falling back to the one defined in the 'passwd' file ('/var/root')
user defaults...
setting up user launchd services...
setting up /Applications/Nix Apps...
setting up pam...
applying patches...
setting up /etc...
error: not linking environment.etc."bashrc" because /etc/bashrc already exists, skipping...
existing file has unknown content 08ffbf991a9e25839d38b80a0d3bce3b5a6c84b9be53a4b68949df4e7e487bb7, move and activate again to apply
error: not linking environment.etc."nix/nix.conf" because /etc/nix/nix.conf already exists, skipping...
existing file has unknown content 9b5b5aedd302e950e450a28d6d42cc087bfd1c40951c4617096b9b12b2007c5f, move and activate again to apply
system defaults...
setting up launchd services...
creating service org.nixos.activate-system
reloading service org.nixos.nix-daemon
reloading nix-daemon...
waiting for nix-daemon
waiting for nix-daemon
configuring networking...

ephemeraladmin@mac-epic-turducken boop % 

At this point, I can review NIX_SSL_CERT_FILE as above:

ephemeraladmin@mac-epic-turducken boop % launchctl print system/org.nixos.nix-daemon
system/org.nixos.nix-daemon = {
        active count = 1
        path = /Library/LaunchDaemons/org.nixos.nix-daemon.plist
        type = LaunchDaemon
        state = running

        program = /bin/sh
        arguments = {
                /bin/sh
                -c
                /bin/wait4path /nix/store/83alf0qbrdaimz1ahkbih15id6ws0hyf-nix-2.13.3/bin/nix-daemon && exec /nix/store/83alf0qbrdaimz1ahkbih15id6ws0hyf-nix-2.13.3/bin/nix-daemon
        }

        default environment = {
                PATH => /usr/bin:/bin:/usr/sbin:/sbin
        }

        environment = {
                OBJC_DISABLE_INITIALIZE_FORK_SAFETY => YES
                NIX_SSL_CERT_FILE => /etc/ssl/certs/ca-certificates.crt
                XPC_SERVICE_NAME => org.nixos.nix-daemon
        }

        domain = system
        minimum runtime = 10
        exit timeout = 5
        runs = 2
        pid = 24395
        immediate reason = inefficient
        forks = 3
        execs = 3
        initialized = 1
        trampolined = 1
        started suspended = 0
        proxy started suspended = 0
        last terminating signal = Hangup: 1

        spawn type = daemon (3)
        jetsam priority = 40
        jetsam memory limit (active) = (unlimited)
        jetsam memory limit (inactive) = (unlimited)
        jetsamproperties category = daemon
        submitted job. ignore execute allowed
        jetsam thread limit = 32
        cpumon = default
        resource limits = {
                maxfiles (soft) => 4096
        }

        probabilistic guard malloc policy = {
                activation rate = 1/1000
                sample rate = 1/0
        }

        properties = keepalive | inferred program
}

All good so far. Now uninstalling and reinstalling:

ephemeraladmin@mac-epic-turducken boop % /nix/nix-installer uninstall
`nix-installer` needs to run as `root`, attempting to escalate now via `sudo`...
Nix uninstall plan (v0.10.0)

Planner: macos (with default settings)

Planned actions:
* Unconfigure Nix daemon related settings with launchctl
* Unconfigure the shell profiles
* Remove the Nix configuration in `/etc/nix/nix.conf`
* Unset the default Nix profile
* Remove time machine exclusions
* Remove Nix users and group
* Remove the directory tree in `/nix`
* Remove the APFS volume `Nix Store` on `disk2`


Proceed? ([Y]es/[n]o/[e]xplain): y
 INFO Revert: Remove directory `/nix/temp-install-dir`
 INFO Revert: Configure Nix daemon related settings with launchctl
 INFO Revert: Configure Nix
 INFO Revert: Configure Time Machine exclusions
 INFO Revert: Create build users (UID 300-332) and group (GID 30000)
 INFO Revert: Provision Nix
 INFO Revert: Create an APFS volume `Nix Store` for Nix on `disk2` and add it to `/etc/fstab` mounting on `/nix`
Nix was uninstalled successfully!

ephemeraladmin@mac-epic-turducken boop % curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
info: downloading installer https://install.determinate.systems/nix/tag/v0.10.0/nix-installer-aarch64-darwin
`nix-installer` needs to run as `root`, attempting to escalate now via `sudo`...
Nix install plan (v0.10.0)
Planner: macos (with default settings)

Planned actions:
* Create an APFS volume `Nix Store` for Nix on `disk2` and add it to `/etc/fstab` mounting on `/nix`
* Fetch `https://releases.nixos.org/nix/nix-2.15.0/nix-2.15.0-aarch64-darwin.tar.xz` to `/nix/temp-install-dir`
* Create a directory tree in `/nix`
* Move the downloaded Nix into `/nix`
* Create build users (UID 300-332) and group (GID 30000)
* Configure Time Machine exclusions
* Setup the default Nix profile
* Place the Nix configuration in `/etc/nix/nix.conf`
* Configure the shell profiles
* Configure Nix daemon related settings with launchctl
* Remove directory `/nix/temp-install-dir`


Proceed? ([Y]es/[n]o/[e]xplain): y
 INFO Step: Create an APFS volume `Nix Store` for Nix on `disk2` and add it to `/etc/fstab` mounting on `/nix`
 INFO Step: Provision Nix
 INFO Step: Create build users (UID 300-332) and group (GID 30000)
 INFO Step: Configure Time Machine exclusions
 INFO Step: Configure Nix
 INFO Step: Configure Nix daemon related settings with launchctl
 INFO Step: Remove directory `/nix/temp-install-dir`
Nix was installed successfully!
To get started using Nix, open a new shell or run `. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh`

ephemeraladmin@mac-epic-turducken boop % nix run nixpkgs#hello
warning: cannot read flake registry '/etc/nix/registry.json': error: opening file '/etc/nix/registry.json': No such file or directory
error: unable to download 'https://cache.nixos.org/d26w2dip6kcjpw6dfcrjmpkprrabjz60.narinfo': Problem with the SSL CA cert (path? access rights?) (77)

Which seems to reproduce!

However launchctl unsetenv NIX_SSL_CERT_FILE doesn't help...

ephemeraladmin@mac-epic-turducken boop % launchctl unsetenv NIX_SSL_CERT_FILE
ephemeraladmin@mac-epic-turducken boop % unset NIX_SSL_CERT_FILE
ephemeraladmin@mac-epic-turducken boop % sudo launchctl kickstart -k system/org.nixos.nix-daemon
ephemeraladmin@mac-epic-turducken boop % nix run nixpkgs#hello
warning: cannot read flake registry '/etc/nix/registry.json': error: opening file '/etc/nix/registry.json': No such file or directory
error: unable to download 'https://cache.nixos.org/d26w2dip6kcjpw6dfcrjmpkprrabjz60.narinfo': Problem with the SSL CA cert (path? access rights?) (77)

Hmm... It seems the uninstall requires Nix, so this does present a bit of a pickle.

[Hoverbear]

Running the uninstall before removing nix seems to work fine:

ephemeraladmin@mac-epic-turducken boop % ./result/bin/darwin-uninstaller

Uninstalling nix-darwin, this will:

    - remove ~/Applications link.
    - cleanup static /etc files.
    - disable and remove all launchd services managed by nix-darwin.
    - restore daemon service from nix installer (only when this is a multi-user install).

Proceed? [y/n] y

removing service org.nixos.nix-daemon
configuring networking...
rm: cannot remove '/Library/LaunchDaemons/org.nixos.nix-daemon.plist': No such file or directory

NOTE: The /nix/var/nix/profiles/system* profiles still exist and won't be garbage collected.

Done!

ephemeraladmin@mac-epic-turducken boop % nix build nixpkgs#hello                                                          
ephemeraladmin@mac-epic-turducken boop % nix build nixpkgs#hello --tarball-ttl 0
ephemeraladmin@mac-epic-turducken boop % /nix/nix-installer uninstall           
`nix-installer` needs to run as `root`, attempting to escalate now via `sudo`...
Nix uninstall plan (v0.10.0)

Planner: macos (with default settings)

Planned actions:
* Unconfigure Nix daemon related settings with launchctl
* Unconfigure the shell profiles
* Remove the Nix configuration in `/etc/nix/nix.conf`
* Unset the default Nix profile
* Remove time machine exclusions
* Remove Nix users and group
* Remove the directory tree in `/nix`
* Remove the APFS volume `Nix Store` on `disk2`


Proceed? ([Y]es/[n]o/[e]xplain): y
 INFO Revert: Remove directory `/nix/temp-install-dir`
 INFO Revert: Configure Nix daemon related settings with launchctl
 INFO Revert: Configure Nix
 INFO Revert: Configure Time Machine exclusions
 INFO Revert: Create build users (UID 300-332) and group (GID 30000)
 INFO Revert: Provision Nix
 INFO Revert: Create an APFS volume `Nix Store` for Nix on `disk2` and add it to `/etc/fstab` mounting on `/nix`
Nix was uninstalled successfully!

ephemeraladmin@mac-epic-turducken boop % curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
info: downloading installer https://install.determinate.systems/nix/tag/v0.10.0/nix-installer-aarch64-darwin
`nix-installer` needs to run as `root`, attempting to escalate now via `sudo`...
Nix install plan (v0.10.0)
Planner: macos (with default settings)

Planned actions:
* Create an APFS volume `Nix Store` for Nix on `disk2` and add it to `/etc/fstab` mounting on `/nix`
* Fetch `https://releases.nixos.org/nix/nix-2.15.0/nix-2.15.0-aarch64-darwin.tar.xz` to `/nix/temp-install-dir`
* Create a directory tree in `/nix`
* Move the downloaded Nix into `/nix`
* Create build users (UID 300-332) and group (GID 30000)
* Configure Time Machine exclusions
* Setup the default Nix profile
* Place the Nix configuration in `/etc/nix/nix.conf`
* Configure the shell profiles
* Configure Nix daemon related settings with launchctl
* Remove directory `/nix/temp-install-dir`


Proceed? ([Y]es/[n]o/[e]xplain): y
 INFO Step: Create an APFS volume `Nix Store` for Nix on `disk2` and add it to `/etc/fstab` mounting on `/nix`
 INFO Step: Provision Nix
 INFO Step: Create build users (UID 300-332) and group (GID 30000)
 INFO Step: Configure Time Machine exclusions
 INFO Step: Configure Nix
 INFO Step: Configure Nix daemon related settings with launchctl
 INFO Step: Remove directory `/nix/temp-install-dir`
Nix was installed successfully!
To get started using Nix, open a new shell or run `. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh`

ephemeraladmin@mac-epic-turducken boop % . /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh

ephemeraladmin@mac-epic-turducken boop % nix build nixpkgs#hello --tarball-ttl 0      
                                                     
ephemeraladmin@mac-epic-turducken boop % 

[Hoverbear]

It seems like nix-darwin actually overrides the nix-daemon service (https://github.com/LnL7/nix-darwin/blob/83620edf499ba8033ad43d4f5edc50fdf3eeee5f/modules/services/nix-daemon.nix#L66), so I think the safest thing to do is to error if the user tries to run /nix/nix-installer uninstall with nix-darwin installed...

However I would like to know how to fix the situation if the user doesn't do this...

[p1xelHer0]

I see.

Yes, having some kind of error/warning throwing me out of the installer when running on a previous installation, including nix-darwin, would have saved me a lot of time. As in, "make sure to run the nix-darwin uninstaller". I'm not sure that is in the scope of this project but I'm just thinking out loud here.

Well, MY problems are over now!

I've managed to salvage my installation properly by cleaning up all the stale symlinks in /etc/ - that is: deleting all the symlinks that point to my now gone /etc/static/ folder.

The culprit that gave me the biggest pain:
/etc/ssl/certs/ca-certificates.crt - this is created by nix-darwin and should be deleted as well!

After that I followed the official instruction for uninstalling Nix here: https://nixos.org/manual/nix/stable/installation/uninstall.html#macos. During this phase I had some issues with vifs and diskutil not being in my path so I had to specify /usr/sbin/vifs and /usr/sbin/diskutil when running those commands. This probably had something to do with the backups of my shell files in etc, don't know for sure.

I probably rebooted my computer after this just because I can and it feels good.

After this I installed Nix using the nix-installer which succeeded. I now have a proper Nix installation with flakes enabled. Just to be sure I ran the nix-darwin uninstaller to make sure everything is cleaned up:

nix-build https://github.com/LnL7/nix-darwin/archive/master.tar.gz -A uninstaller
./result/bin/darwin-uninstaller

With flakes enabled I could now "bootstrap" my nix-darwin + home-manager setup with my new flake setup - success!

[Hoverbear]

As in, "make sure to run the nix-darwin uninstaller". I'm not sure that is in the scope of this project but I'm just thinking out loud here.

That is what we are going to do with #561!

Thanks for documenting your further exploration! I'll see if we can teach the installer how to workaround this. Glad you got it working!

[roman]

This is awesome. Thanks for digging even further. I was able to move forward by manually removing the cert files.
Looking forward to nix-installer to avoid executing steps until the nix-darwin presence is discovered, at which point, it should recommend doing the darwin uninstall first.

[Montmorency]

Thanks for this! Yes can confirm all the same issues arose for me when I got rid of an old installation of nix and reinstalled without running the nix-darwin uninstall first. When I started to suspect issue was related to nix-darwin residual state I discovered the nix-darwin uninstall script was in... /nix/ which was gone. Removing ssl symlink fixed issue.

I'd also note the motivation for removing nix (very old community installation on 2015 iMac) was I had an issue trying to add the determinate systems version of nix to my existing nix-darwin flake.

When I tried any query to the nix store or to fetch from caches after rebuilding my darwin-config with the determinate input added the commands were just hanging i thought might be related to sqlite locks or similar. I couldn't debug which prompted me to want to do a clean reinstallation. Potentially though the issue was related to the ssl certs or the daemon. Anyway manually cleaning up ssl certs and using detsys installer worked. Going to add nix-darwin back now with proviso that if a future full system reinstallation done make sure to clean up nix-darwin first.