Tested on Debian Stretch so far
This is 90% pirated from https://gist.github.com/joepie91/043a51a7b70be5f50f1d but I made it a whole lot more sustainable / less invasive
I think I recorded all the steps in about the right order but ya never know
First, you'll need to install, at the very minimum curl and ca-certificates (I think you can remove them later if you want).
mkdir -v /nix
chown -v $target_user:$target_user /nix
su - $target_user -c 'curl https://nixos.org/nix/install | sh && echo "export NIX_REMOTE=daemon" >> ~/.profile'
groupadd -r nixbld
for n in $(seq 1 8); do useradd -c "Nix build user $n" -d /var/empty -g nixbld -G nixbld -M -N -r -s "$(which nologin)" nixbld$n; done
mkdir -v /etc/nix && echo "build-users-group = nixbld" >> /etc/nix/nix.conf
chown -Rv root:nixbld /nix
chown -Rv $target_user:$target_user /nix/var/nix/profiles/per-user/$target_user/
chmod -v 1777 /nix/var/nix/profiles/per-user
mkdir -vp /nix/var/nix/daemon-socket
find /nix -name nix-daemon -exec ln -vsf {} /usr/local/sbin/ \; -quit
nix-daemon & disown
su - $target_user
cp -rv /nix/var/nix/profiles/default-1-link /nix/var/nix/profiles/per-user/$USER/profile-1-link
ln -vs profile-1-link /nix/var/nix/profiles/per-user/$USER/profile
rm -v ~/.nix-profile
ln -vs /nix/var/nix/profiles/per-user/$USER/profile ~/.nix-profile
You will need to set up nix-daemon to run on boot, use whatever for this. systemd or idc really
Setting up new users is a little troublesome but basically you run, as the new user,
mkdir -v /nix/var/nix/profiles/per-user/$USER/
cp -rv /nix/var/nix/profiles/per-user/$first_user/* /nix/var/nix/profiles/per-user/$USER/
ln -vs /nix/var/nix/profiles/per-user/$USER/profile ~/.nix-profile
TODO figure out how to use Nix to install PHP for Hiawatha's www-data user and such