Make our Nix installation immune to macOS upgrades

[grahamc]

Description

This PR adds a global launch daemon on macOS which restores the shell hook after system upgrades, fixing the problem of Nix being "uninstalled" after each upgrade.

This is a rough pass to be improved. I haven't tested this exact implementation yet, but I tested the idea and it works. I'll be testing the implementation shortly.

Checklist

• Formatted with cargo fmt
• Built with nix build
• Ran flake checks with nix flake check
• Added or updated relevant tests (leave unchecked if not applicable)
• Added or updated relevant documentation (leave unchecked if not applicable)
• Linked to related issues (leave unchecked if not applicable)

Validating with install.determinate.systems

If a maintainer has added the upload to s3 label to this PR, it will become available for installation via install.determinate.systems:

curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix/pr/$PR_NUMBER | sh -s -- install

[pingiun]

I installed nix with this version of the installer, upgraded macOS to 14.0 and nix still works in my fish shell and also in my bash shell.

[Hoverbear]

I'm under the impression this can be used on non-Macs too? (I don't see it cfg'd off by target) If it works on Linux I'd like to make it available for every body! =D

[Hoverbear]

I don't see explain implemented below, can we remove it?

[grahamc]

My thinking is we'd somehow smush this stuff here into the nice output / runner mechanism we see in uninstall. I didn't know how to do that -- or if it was reasonable. I left these in as a reminder to ask -- is that a reasonable / straightforward thing to do?

[Hoverbear]

Ahhh like the plan display? We could do that!

[Hoverbear]

This turns out to be a bit hard since the associated functions are on Plan which requires things like a planner which aren't relevant

[grahamc]

I looked at what happens if we're in a hard loop of failing. It isn't so bad, but it isn't great. The default ThrottleInterval limits starting a service to once every ten seconds:

2023-10-16 11:43:55.745639 <Notice> service inactive: crash-test
2023-10-16 11:43:55.745645 <Notice> service state: not running
2023-10-16 11:43:55.745653 <Notice> Service only ran for 1 seconds. Pushing respawn out by 9 seconds.
2023-10-16 11:43:55.745735 <Notice> internal event: WILL_SPAWN, code = 0
2023-10-16 11:43:55.745740 <Notice> service state: spawn scheduled
2023-10-16 11:43:55.745743 <Notice> service throttled by 9 seconds

I don't see any way to limit the number of attempts.

[Hoverbear]

Oh this needs to handle --no-modify-profile 🤔