-
-
Save samueldr/ef9fa47cacd7b1a260aca59630133a63 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| install_nix() { | |
| # Getting a new .deb from upstream. | |
| # → https://hydra.nixos.org/job/nix/maintenance/deb_debian8x86_64 | |
| local deb_name="nix_1.11.16-1_amd64.deb" | |
| local deb_location="$CONFIG_DIR/artifacts/nix/$deb_name" | |
| echo "Installing nix..." | |
| cat > ~/.curlrc <<-EOF | |
| silent = true | |
| EOF | |
| echo "[1/5] Preparing groups and users." | |
| nix_setup_build_users | |
| echo "[2/5] Installing package..." | |
| export DEBIAN_FRONTEND=noninteractive | |
| _ dpkg --unpack "$deb_location" | |
| _ apt-get --assume-yes update | |
| _ apt-get --assume-yes install -f | |
| _ apt-get --assume-yes install nix libcurl4-nss-dev | |
| echo "[3/5] Preparing nix for multiuser use..." | |
| _ mkdir -p /nix/store | |
| _ chown root.nixbld /nix/store | |
| _ chown root /nix | |
| _ mkdir -p -m 1777 /nix/var/nix/gcroots/per-user | |
| _ mkdir -p -m 1777 /nix/var/nix/profiles/per-user | |
| _ systemctl enable nix-daemon.socket | |
| _ systemctl start nix-daemon | |
| echo "Adding nix-multiuser to profile.d" | |
| # Script to fix some issues with multi-user. | |
| # This should be fixed in the next release, upstream | |
| # See | |
| # → https://gist.github.com/benley/e4a91e8425993e7d6668 | |
| # → https://github.com/NixOS/nix/pull/452 | |
| _ touch /etc/profile.d/nix-multiuser.sh | |
| _ chmod +x /etc/profile.d/nix-multiuser.sh | |
| cat > /etc/profile.d/nix-multiuser.sh <<-'EOF' | |
| export NIXPKGS_CONFIG="/etc/nix/nixpkgs-config.nix" | |
| export NIX_OTHER_STORES="/run/nix/remote-stores/*/nix" | |
| export NIX_USER_PROFILE_DIR="/nix/var/nix/profiles/per-user/$USER" | |
| export NIX_PROFILES="/nix/var/nix/profiles/default $HOME/.nix-profile" | |
| export NIX_PATH="/nix/var/nix/profiles/per-user/root/channels" | |
| export PATH="$HOME/.nix-profile/bin:$HOME/.nix-profile/sbin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:$PATH" | |
| # Use the nix daemon for multi-user builds | |
| if [ "$USER" != root -o ! -w /nix/var/nix/db ]; then | |
| export NIX_REMOTE=daemon | |
| fi | |
| # Set up the per-user profile. | |
| mkdir -m 0755 -p "$NIX_USER_PROFILE_DIR" | |
| if test "$(stat --printf '%u' "$NIX_USER_PROFILE_DIR")" != "$(id -u)"; then | |
| echo "WARNING: bad ownership on $NIX_USER_PROFILE_DIR" >&2 | |
| fi | |
| if [ -w "$HOME" ]; then | |
| # Set the default profile. | |
| if ! [ -L "$HOME/.nix-profile" ]; then | |
| if [ "$USER" != root ]; then | |
| ln -s "$NIX_USER_PROFILE_DIR/profile" "$HOME/.nix-profile" | |
| else | |
| # Root installs in the system-wide profile by default. | |
| ln -s /nix/var/nix/profiles/default "$HOME/.nix-profile" | |
| fi | |
| fi | |
| # Create the per-user garbage collector roots directory. | |
| NIX_USER_GCROOTS_DIR=/nix/var/nix/gcroots/per-user/$USER | |
| mkdir -m 0755 -p "$NIX_USER_GCROOTS_DIR" | |
| if test "$(stat --printf '%u' "$NIX_USER_GCROOTS_DIR")" != "$(id -u)"; then | |
| echo "WARNING: bad ownership on $NIX_USER_GCROOTS_DIR" >&2 | |
| fi | |
| # Set up a default Nix expression from which to install stuff. | |
| if [ ! -e "$HOME/.nix-defexpr" -o -L "$HOME/.nix-defexpr" ]; then | |
| rm -f "$HOME/.nix-defexpr" | |
| mkdir "$HOME/.nix-defexpr" | |
| if [ "$USER" != root ]; then | |
| ln -s /nix/var/nix/profiles/per-user/root/channels "$HOME/.nix-defexpr/channels_root" | |
| fi | |
| fi | |
| # Subscribe the to the Nixpkgs channel by default. | |
| if [ ! -e "$HOME/.nix-channels" ]; then | |
| echo "http://nixos.org/channels/nixpkgs-unstable nixpkgs" > "$HOME/.nix-channels" | |
| fi | |
| # Append ~/.nix-defexpr/channels/nixpkgs to $NIX_PATH so that | |
| # <nixpkgs> paths work when the user has fetched the Nixpkgs | |
| # channel. | |
| export NIX_PATH="${NIX_PATH:+$NIX_PATH:}nixpkgs=$HOME/.nix-defexpr/channels/nixpkgs" | |
| fi | |
| EOF | |
| echo "[4/5] Setting up channels..." | |
| _ nix-channel --add https://nixos.org/channels/nixpkgs-unstable | |
| _ nix-channel --update | |
| # | |
| # There is a bad interaction with bash-completion and nix-shell ` <= 1.11.4 `. | |
| # The culprit is hard to pinpoint, but I'd tend to say that what nix was | |
| # doing shouldn't have caused such an issue. | |
| # | |
| # See: https://github.com/NixOS/nix/issues/976#issuecomment-239677601 | |
| # | |
| # Ths issue can only be seen in *specific* conditions, which sadly, we hit | |
| # with deployment scripting. | |
| # | |
| echo "[5/5] Installing nix with nix..." | |
| _ nix-env -i nix | |
| _ which nix-env | |
| } | |
| nix_setup_build_users() { | |
| # ||: since it might already exist. | |
| _ groupadd -r nixbld || : | |
| for n in $(seq 1 10); do | |
| _ useradd -c "Nix build user $n" \ | |
| -d /var/empty -g nixbld -G nixbld -M -N -r -s "$(which nologin)" \ | |
| "nixbld$n" || : | |
| done | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment