[#210] Add activation script for darwin system and provide a usage example

Problem: It's possible to use 'deploy-rs' for deploying 'darwinSystem'
configuration from 'nix-darwin' to a darwin system. However, there is no
dedicated activatiot script for darwin and thus one has to come up with
'custom' activation script.

Solution:
1) Add 'darwin' attribute to 'lib.activate' that provides a script that
   should be used to activate 'darwinSystem' config with 'deploy-rs'.
2) Add a new 'examples/darwin' example that provides simple flake for
   deploying configuration to a darwin target.

4 files changed, 191 insertions, 0 deletions

diff --git a/examples/darwin/README.md b/examples/darwin/README.md
new file mode 100644
index 0000000..b377ce8
--- /dev/null
+++ b/examples/darwin/README.md
@@ -0,0 +1,19 @@
+<!--
+SPDX-FileCopyrightText: 2023 Serokell <https://serokell.io/>
+
+SPDX-License-Identifier: MPL-2.0
+-->
+
+# Example nix-darwin system deployment
+
+## Prerequisites
+
+1) Install `nix` and `nix-darwin` (the latter creates `/run` sets up `/etc/nix/nix.conf` symlink and so on)
+   on the target machine.
+2) Enable remote login on the mac to allow ssh access.
+3) `deploy-rs` doesn't support password provisioning for `sudo`, so the `sshUser` should
+   have passwordless `sudo` access.
+
+## Deploying
+
+Run `nix run github:serokell/deploy-rs -- --ssh-user <user>`.
\ No newline at end of file
diff --git a/examples/darwin/flake.lock b/examples/darwin/flake.lock
new file mode 100644
index 0000000..5f3b2d6
--- /dev/null
+++ b/examples/darwin/flake.lock
@@ -0,0 +1,126 @@
+{
+  "nodes": {
+    "darwin": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1683754942,
+        "narHash": "sha256-L+Bj8EL4XLmODRIuOkk9sI6FDECVzK+C8jeZFv7q6eY=",
+        "owner": "LnL7",
+        "repo": "nix-darwin",
+        "rev": "252541bd05a7f55f3704a3d014ad1badc1e3360d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "LnL7",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
+    "deploy-rs": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "nixpkgs": "nixpkgs_2",
+        "utils": "utils"
+      },
+      "locked": {
+        "lastModified": 1683515103,
+        "narHash": "sha256-vWlnZ0twW+ekOC6JuAHDfupv+u4QNvWawG7+DaQJ4VA=",
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "rev": "64160276cd6569694131ed8864d4d35470a84ec3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "serokell",
+        "repo": "deploy-rs",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1668681692,
+        "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "009399224d5e398d03b22badca40a37ac85412a1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1668650906,
+        "narHash": "sha256-JuiYfDO23O8oxUUOmhQflmOoJovyC5G4RjcYQMQjrRE=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "3a86856a13c88c8c64ea32082a851fefc79aa700",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1671417167,
+        "narHash": "sha256-JkHam6WQOwZN1t2C2sbp1TqMv3TVRjzrdoejqfefwrM=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "bb31220cca6d044baa6dc2715b07497a2a7c4bc7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
+      "locked": {
+        "lastModified": 1683717387,
+        "narHash": "sha256-b4GSeKtDH+7wzw9VptHqIWOyIq28j7++rvRqhCEWFQ8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "1e8ab5db89c84b1bb29d8d10ea60766bb5cee1f2",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "root": {
+      "inputs": {
+        "darwin": "darwin",
+        "deploy-rs": "deploy-rs",
+        "nixpkgs": "nixpkgs_3"
+      }
+    },
+    "utils": {
+      "locked": {
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/examples/darwin/flake.nix b/examples/darwin/flake.nix
new file mode 100644
index 0000000..d5d7ae8
--- /dev/null
+++ b/examples/darwin/flake.nix
@@ -0,0 +1,39 @@
+{
+  description = "Deploy simple 'darwinSystem' to a darwin machine";
+
+  inputs.deploy-rs.url = "github:serokell/deploy-rs";
+  inputs.darwin.url = "github:LnL7/nix-darwin";
+
+  outputs = { self, nixpkgs, deploy-rs, darwin }: {
+    darwinConfigurations.example = darwin.lib.darwinSystem {
+      system = "x86_64-darwin";
+      modules = [
+        ({lib, config, pkgs, ...}: {
+          services.nix-daemon.enable = true;
+          nix = {
+            settings = {
+              trusted-users = [ "rvem" ];
+            };
+            extraOptions = ''
+              experimental-features = flakes nix-command
+            '';
+          };
+          # nix commands are added to PATH in the zsh config
+          programs.zsh.enable = true;
+        })
+      ];
+    };
+    deploy = {
+      # remoteBuild = true; # Uncomment in case the system you're deploying from is not darwin
+      nodes.example = {
+        hostname = "localhost";
+        profiles.system = {
+          user = "root";
+          path = deploy-rs.lib.x86_64-darwin.activate.darwin self.darwinConfigurations.example;
+        };
+      };
+    };
+
+    checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
+  };
+}
diff --git a/flake.nix b/flake.nix
index 9b8e6eb..0616cf8 100644
--- a/flake.nix
+++ b/flake.nix
@@ -106,6 +106,13 @@
 
             home-manager = base: custom base.activationPackage "$PROFILE/activate";
 
+            # Activation script for 'darwinSystem' from nix-darwin.
+            # 'HOME=/var/root' is needed because 'sudo' on darwin doesn't change 'HOME' directory,
+            # while 'darwin-rebuild' (which is invoked under the hood) performs some nix-channel
+            # checks that rely on 'HOME'. As a result, if 'sshUser' is different from root,
+            # deployment may fail without explicit 'HOME' redefinition.
+            darwin = base: custom base.config.system.build.toplevel "HOME=/var/root $PROFILE/activate";
+
             noop = base: custom base ":";
           };