Adding -L makes us progress further.
Now we stall at
Creating a Nix Store volume...
error: refusing to create Nix store volume because the boot volume is
FileVault encrypted, but encryption-at-rest is not available.
Manually create a volume for the store and re-run this script.
See https://nixos.org/nix/manual/#sect-macos-installation
Which includes the line
Manually create a volume for the store and re-run this script.
I doubt that manually creating a volume is something I can reasonably ask of every Mac user on the team, as a prerequisite for being able to install, run and hack on the project’s software. So that might be the end of Nix, as far as this particular project is concerned.
However, I’m still interested in understanding more about the process.
The manual states:
The recommended approach, which creates an unencrypted APFS volume for your Nix store and a “synthetic” empty directory to mount it over at /nix, is least likely to impair Nix or your system.
…
If you’re using a recent Mac with a T2 chip, your drive will still be encrypted at rest (in which case “unencrypted” is a bit of a misnomer). To use this approach, just install Nix with:
$ sh <(curl https://nixos.org/nix/install) --darwin-use-unencrypted-nix-store-volume
I see two alternative interpretations of the stuff about the T2 chip:
- If you have a T2 chip, the volume will still be encrypted; on other chips it will not be encrypted.
- If you have a T2 chip, this is the command to use; if you don’t have a T2 chip, you’re on your own.
I hope the first is the correct interpretation, but I’m not entirely sure. It would be good if the manual left no room for doubt.
Looking at “but encryption-at-rest is not available” from the error message and “with a T2 chip, your drive will still be encrypted at rest” from the manual, I wonder whether iterpretation 2 is correct, and my collaborator’s Mac does not have a T2 chip.