[Nix-dev] nix-multi-user installation script

Wout Mertens wout.mertens at gmail.com
Thu Nov 6 14:17:57 CET 2014 

On Tue Oct 28 2014 at 10:15:03 PM Andreas Herrmann <andreash87 at gmx.ch>
wrote:


> in the past two weeks or so I have been experimenting with Nix multi-user
> mode. My goal was to be able to reliably install Nix in multi-user mode on
> a CentOS 6.5 machine. The result of this was a bash script which pretty
> much automates the whole process [1]. The script is still a bit rough
> around the edges, but I got it working repeatedly and reliably on fresh
> CentOS 6.5 installations.
>

Yey!


> I would like to ask you guys to have a look at this script and tell me
> what you think of it. Do you think it could be valuable to add something
> like this as an automated installer to the official Nix distribution
> similar to the one for single-user mode?
>

Definitely, although I think it would be best to have it as script to run
after one already installed Nix. That way, existing installs can just be
converted.

I'm taking a look at the script for Debian.

I did come up with a few specific questions during the course of this:
>

>  * The nix-daemon is not daemonizing itself. Why is that?
>     On debian this is not a problem thanks to `start-stop-daemon`. On
> CentOS I ended up writing a wrapper script.
>

Self-daemonizing daemons are not so wonderful. It's nicer to have a
watchdog daemon doing the background running and logging, and it makes the
program a little simpler.

Besides, you can daemonize anything from the shell simply by closing stdin
and running in the background:

$ run_as_daemon >$LOGFILE 2>&1 <&- & echo $! > $PIDFILE

The shell does the right thing, disassociating the child when it exits etc.

 * The chroot build feature seems to require a statically linked bash.
>     Compiling this (plus some dependencies) can take quite some time. Do
> you think a static bash would be a
>     viable addition to `nixpkgs`?
>

Not really - you just need to make sure all the libraries are in the
chroot. I would think that it just works on Linux, where everything is
linked only to /nix/store (unless the build got tainted). On Darwin the
stdenv isn't pure yet but even then the required libraries can be copied.

Note that the chroot isn't really required to build things and in its
current form it slows down builds. See
https://github.com/NixOS/nix/issues/179 .

 * Is there a way to add globally visible package overrides but still use
> the nix-channel?
>

Absolutely, that's what packageOverrides in the nixpkgs configuration is
for. If a binary build is available, it will be used, otherwise you'll do
the build locally.


>  * Would it be possible to make a non-root user the admin of a multi-user
> nix installation?
>     I.e. a user who can can do `nix-channel --update`. Or does this
> explicitely require root?
>

A multi-user installation basically means that every build is done by
nix-daemon. If you don't use build users, then nix-daemon doesn't need to
fork as different users and doesn't need root (but needs write permissions
to /nix). Anyone that has access to the nix-daemon socket can order builds.

Cheers,

Wout.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20141106/87b8ddf4/attachment.html

More information about the nix-dev mailing list