Skip to content

Instantly share code, notes, and snippets.

@Ericson2314
Forked from expipiplus1/nix-multi.md
Last active August 4, 2021 19:30
Show Gist options
  • Save Ericson2314/c6c5ec022427ddd976e6b97aca6e5cd3 to your computer and use it in GitHub Desktop.
Save Ericson2314/c6c5ec022427ddd976e6b97aca6e5cd3 to your computer and use it in GitHub Desktop.

Multi user nix installation

Each section should be run as the user or as root, pay attention to which one!

Install nix single user

As $USER

curl https://nixos.org/nix/install | sh

Put the nix tools in PATH

source ~/.nix-profile/etc/profile.d/nix.sh

Ensure we have nss-cacert in the default profile

nix-env -i nss-cacert

Remove some things we'll generate differently later

Run as $USER. This must be the user with the single user nix installation.

If default-*-link doesn't exist it's safe to skip that stage. It's only necessary to keep any software already installed using nix.

If there are multiple matches for default-*-link then use the numerically highest one. TODO: build this into the script.

rm $HOME/.nix-profile
rm -r $HOME/.nix-defexpr
cp -r /nix/var/nix/profiles/default-*-link /nix/var/nix/profiles/per-user/$USER/profile-1-link

Add build group and users

As root

groupadd -r nixbld
for n in $(seq 1 10); do useradd -c "Nix build user $n" \
    -d /var/empty -g nixbld -G nixbld -M -N -r -s "$(which nologin)" \
    nixbld$n; done
mkdir /etc/nix
echo "build-users-group = nixbld" >> /etc/nix/nix.conf

Give the nix store to root:nixbld

As root

chown -R root:nixbld /nix
chmod 1777 /nix/var/nix/profiles/per-user
mkdir -m 1777 -p /nix/var/nix/gcroots/per-user

add nix-daemon service

As root

ln -s /nix/var/nix/profiles/default/lib/systemd/system/nix-daemon.socket /etc/systemd/system/
ln -s /nix/var/nix/profiles/default/lib/systemd/system/nix-daemon.service /etc/systemd/system/

Start the service

systemctl enable nix-daemon.socket
systemctl start nix-daemon.socket1

Set up the new default profile

As root

source /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
nix-channel --update
nix-env -p /nix/var/nix/profiles/default -f /root/.nix-defexpr/channels/nixpkgs/ -iA nix
nix-env -ri nix nss-cacert

Test things out

As the user

Replace the line in .profile sourcing ~/.nix-profile/etc/profile.d/nix.sh with:

if [[ "$IN_NIX_SHELL" == "" ]]; then
  if [ -e "/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh" ]; then
    . /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
  fi
fi

You may want to add this to /etc/skel/.profile.

sudo chown $USER:$USER /nix/var/nix/profiles/per-user/$USER
source /etc/nix/nix-profile.sh
nix-env -i hello

License

Copyright 2017 Joe Hermaszewski, 2021 John Ericson

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment