install NIX package manager on Alpine Linux

nix-alpine.org

NIX Package Manager Install on Alpine Linux

System Information

• alpine 3.17.1, 3.18, 3.19 and edge x86-64
• multiple linux kernels worked 6.1.8-lts w/zfs and 6.6.8-lts
• edge, testing apk repos enabled

Preparation

You may need these packages if not already installed:

apk add sudo
apk add shadow
apk add bash
apk add curl
apk add xz

• pkg sudo is needed; aliasing /usr/bin/doas does not work
• pkg shadow provides groupadd and related tools, needed by nix install script
• the install script might not behave with ash so install bash

Perform the sh-bang multi-user installation

sh <(curl -L https://nixos.org/nix/install) --daemon
# answer no to more info
# answer yes to sudo
# answer yes to proceed with multi-user installation
# yes to continue
# ... pray ...
# if successfull, acknowledge the reminder

nix rc service script

Alpine does not use systemd. Copy this file to /etc/init.d/nix-daemon and make it executable. I copied this script from the testing package in the alpine package repository.

#!/sbin/openrc-run
description="Nix multi-user support daemon"

command="/usr/sbin/nix-daemon"
command_background="yes"
pidfile="/run/$RC_SVCNAME.pid"

For some reason, the multi-user install does not install the nix-daemon binary in a system directory, instead it gets installed here:

/root/.nix-profile/bin/nix-daemon

I chose to copy this binary to /usr/sbin which seems to work.

Enable and start the service:

# run as root or sudo
chmod a+rx /etc/init.d/nix-daemon
cp /root/.nix-profile/bin/nix-daemon /usr/sbin
rc-update    add nix-daemon
rc-service nix-daemon start

Post install steps

At this point, you should make sure that your userid has been added to the nixbld group. Also we need to open up the permissions on the nix-daemon socket so nixbld group members can communicate with the daemon.

Follow the instructions the script emits - run it as root the first time:

# nix installer should have emitted this text:
#   Alright! We're done!
#   Try it! Open a new terminal, and type:
#   nix-shell -p nix-info --run "nix-info -m"

The output should look something similar to the following:

• system: `”x86_64-linux”`
• host os: `Linux 6.1.8-0-lts, Alpine Linux, noversion, nobuild`
• multi-user?: `yes`
• sandbox: `yes`
• version: `nix-env (Nix) 2.13.1`
• channels(root): `”nixpkgs”`
• nixpkgs: `/root/.nix-defexpr/channels/nixpkgs`

Now, before we try running nix as non-root user, let’s add ourselves to the nixbld group and reboot. This will ensure our userid is in the nixbld group and that all running shells have picked it up. Rebooting after this will also test that our service starts correctly on a fresh boot.

sudo adduser YOURUSERID nixbld
reboot (or do a safe shutdown however you usually do it)

Non root user testing

Now, let’s try the first steps documentation from https://nixos.org/guides/ad-hoc-developer-environments.html as our default user.

$ hello
The program ‘hello’ is currently not installed.

$ nix-shell -p hello

[nix-shell:~]$ hello
Hello, world!

[nix-shell:~]$ exit
exit

$ hello
The program ‘hello’ is currently not installed.

Now we can try running a real application inside of a nix shell:

proteus:~$ nix-shell -p deno
this path will be fetched (24.28 MiB download, 80.64 MiB unpacked):
  /nix/store/kn6c4dkql7jhh2vzdja78bs3rs59hpb2-deno-1.29.4
copying path '/nix/store/kn6c4dkql7jhh2vzdja78bs3rs59hpb2-deno-1.29.4' from 'https://cache.nixos.org'...

[nix-shell:~]$ deno --version
deno 1.29.4 (release, x86_64-unknown-linux-gnu)
v8 10.9.194.5
typescript 4.9.4

[nix-shell:~]$ exit

the end

Very useful guide. A small typo found while following this, I believe when setting up the service it should be: rc-service nix-daemon start instead of rc-service start nix-daemon

thank you @igncp - i have updated the gist

The nix-daemon should come from within the store. You can run /nix/var/nix/profiles/default/bin/nix-daemon directly from the service, and I'd recommend doing that. Just tested on a live alpine system. Thanks for the guide!

Useful guide! Little suggestion, add apk add curl xz in the preparation section -- these packages do not come installed by default on alpine :)

I had the issue that rc-service was not enabled. Install it with apk add openrc.

Slightly different approach, but I got away with this alpine linux Dockerfile:

FROM docker.io/alpine:3.19
RUN echo 'https://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories
RUN apk add --update bash curl ca-certificates

RUN groupadd nixbld -U adm && mkdir /nix && \
    curl -L https://hydra.nixos.org/job/nix/maintenance-2.14/buildStatic.x86_64-linux/latest/download-by-type/file/binary-dist > /bin/nix && chmod +x /bin/nix && \
    echo "alias nix='nix --extra-experimental-features \"nix-command flakes\"'" > ~/.profile && ln -s ~/.profile ~/.bashrc

ENTRYPOINT ["your","cmd"]

At different times you write, add user to the nixblk group and nixbld group.

After reboot everything works, but my user doesn't seem to have access to the store. User running nix-shell -p hello I get the error

error: cannot connect to socket at '/nix/var/nix/daemon-socket/socket': Connection refused

My user is in the nixbld group. I'm running PostmarketOS, which is based on Alpine Linux.

At different times you write, add user to the nixblk group and nixbld group.

My mistake, it's nixbld - typo fixed.

After reboot everything works, but my user doesn't seem to have access to the store. User running nix-shell -p hello I get the error

error: cannot connect to socket at '/nix/var/nix/daemon-socket/socket': Connection refused

My user is in the nixbld group. I'm running PostmarketOS, which is based on Alpine Linux.

It sounds like the nix-daemon service is not running / listening. Does postmarketOS use systemd instead of openrc perhaps? Check to see if it is running maybe:

~ $ ps auxww|grep nix root 4246 0.0 0.0 447660 24960 ? Ssl Dec21 0:00 /usr/sbin/nix-daemon

Just as a follow up, I conversed with some Nix developers on the official Matrix channel, and they informed me that adding my user to the nixbld should not be done under any circumstances. That I should instead add my user to trusted-users in the nix.conf file.

idea: it would be great to attach a working bashscript to this gist, which could be updated over time if necessary

error: could not set permissions on '/nix/var/nix/profiles/per-user' to 755: Operation not permitted

to fix:
sudo chown --recursive "$USER" /nix

error: could not set permissions on '/nix/var/nix/profiles/per-user' to 755: Operation not permitted

to fix: sudo chown --recursive "$USER" /nix

Not sure. I didn't get that error - it's likely that something might have changed. Since sudo was used in the Perform the sh-bang multi-user installation section, the permissions should have been set correctly on that hierarchy (unless you responded no to sudo). As another person suggested and I agree, I think turning this into a bash script would be a good idea so we can re-test the process over time to catch issues as they crop up.