Installing Nix on macOS has been largely solved for some time now, but a quirk of Amazon Web Services’ macOS support created a huge wrinkle for those running macOS on AWS. This quirk meant that users needed to graphically log in over VNC to manually approve “full disk access” to the Nix daemon.
This wrinkle is now smoothed out, and the installation is fully automatable. Users of the Determinate Nix Installer can now install Nix to macOS on Amazon Web Services without needing to interact with any graphical user interface.
Unlocking new use cases like autoscaling macOS
Previously, Nix users couldn’t autoscale macOS on AWS—after all, there’s nothing “auto” about manually approving full disk access! With automated Nix installation, autoscaling is seamless, allowing for larger and more flexible AWS deployments.
Appropriate use cases and limitations
The new fully unattended installation isn’t appropriate for all use cases, as this new behavior brings some limitations to your instance lifecycle.
| Use case | Status |
|---|---|
| Ephemeral macOS instances that terminate when the machine is no longer needed | Fully automatable |
| Auto-scaled macOS infrastructure | Fully automatable |
| Long-term macOS instances that are stopped and re-started | Do not automate |
| macOS instances that are snapshotted and cloned | Do not automate |
See the caveats below.
How to install Nix on macOS in EC2
Run this install command:
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix \ | sh -s -- install macos \ --no-confirm \ --determinate \ --use-ec2-instance-storeWhy is macOS on AWS different?
Amazon’s Apple hardware boots macOS from an EBS volume which is presented over PCIe. Because this volume isn’t the soldered-in hardware, macOS considers it to be a removable volume.
macOS’s permissions model requires software accessing removable volumes to be granted special privileges. The Determinate Nix Installer creates a new volume for the Nix Store on the same disk as the operating system. That new volume is considered “removable” even though it is on the same disk.
How does it work?
The core change we’ve made is that we’ve added a --use-ec2-instance-store flag for installing Determinate Nix.
When this flag is set, the installer installs Nix to a volume on the internal disk, eliminating the need for manual approval.
Note that this feature is limited to Determinate users (--determinate) due to runtime orchestration provided by determinate-nixd.
Caveats
Setting the --use-ec2-instance-store flag installs Nix to the instance’s ephemeral instance store.
Using the instance store means that:
- The Nix Store is erased when the machine is stopped.
- The Nix Store is not captured by EBS snapshots.
- Standard macOS reboots are perfectly safe.
Please see Data persistence for Amazon EC2 instance store volumes for further details.
More to come
We’ve backlogged months of great work focused on improving the enterprise Nix experience. If this interests you, join our Discord at https://determinate.systems/discord and come chat.
