Users may want to mount a filesystem just for the Nix database, with
the filesystem's parameters specially tuned for sqlite. For example, on
ZFS you might set the recordsize to 64k after changing the database's
page size to 65536.
nix-daemon.socket is used to socket-activate nix-daemon.service when
/nix/var/nix/daemon-socket/socket is accessed.
In container usecases, sometimes /nix/var/nix/daemon-socket is
bind-mounted read-only into the container.
In these cases, we want to skip starting nix-daemon.socket.
However, since systemd 250, `ConditionPathIsReadWrite` is also not met
if /nix/var/nix/daemon-socket doesn't exist at all. This means, a
regular NixOS system will skip starting nix-daemon.socket:
> [ 237.187747] systemd[1]: Nix Daemon Socket was skipped because of a failed condition check (ConditionPathIsReadWrite=/nix/var/nix/daemon-socket).
To prevent this from happening, ship a tmpfiles file that'll cause the
directory to be created if it doesn't exist already.
In the case of NixOS, we can just add Nix to `systemd.tmpfiles.packages`
and have these files picked up automatically.
The default maxfiles on macOS 11 and macOS 12 is 256, which is too low
for nix to work:
```
$ launchctl limit maxfiles
maxfiles 256 unlimited
```
Set NumberOfFiles of nix-daemon to 4096 to avoid `Too many open files`
error.
This is only rudimentary support as allowed by `NIX_GET_COMPLETIONS`.
In the future, we could use complete’s `--wraps` argument to autocomplete arguments for programs after `nix shell -c`.
Previously, the build system used uname(1) output when it wanted to
check the operating system it was being built for, which meant that it
didn't take into-account cross-compilation when the build and host
operating systems were different.
To fix this, instead of consulting uname output, we consult the host
triple, specifically the third "kernel" part.
For "kernel"s with stable ABIs, like Linux or Cygwin, we can use a
simple ifeq to test whether we're compiling for that system, but for
other platforms, like Darwin, FreeBSD, or Solaris, we have to use a
more complicated check to take into account the version numbers at the
end of the "kernel"s. I couldn't find a way to just strip these
version numbers in GNU Make without shelling out, which would be even
more ugly IMO. Because these checks differ between kernels, and the
patsubst ones are quite fiddly, I've added variables for each host OS
we might want to check to make them easier to reuse.
Make nix output completions in the form `completion\tdescription`.
This can't be used by bash (afaik), but other shells like zsh or fish
can display it along the completion choices
Mac OS multi-user installations are currently broken because all requests
made by nix-daemon to the binary cache fail with:
```
unable to download ... Problem with the SSL CA cert (path? access rights?) (77).
```
This change ensures that the nix-daemon knows where to find the SSL CA cert file.
Fixes#2899 and #3261.
We're calling `wait4path` on the full, resolved `@bindir@/nix-daemon` path.
That means we're hardcoding something like:
/bin/wait4path /nix/store/zs9c5xhp3zv9p23qnjxp87nl5injsi1i-nix-2.3/bin/nix-daemon && /nix/var/nix/profiles/default/bin/nix-daemon
That seems unnecessarily fragile.
It might be better to wait4path on the path we intend to call.
On Catalina, the /nix filesystem might not be mounted at start time.
To avoid this service not starting, we need to keep the launch agent
outside of the Nix store. A wait4pid will hold for our /nix dir to be
mounted.
Fixes#3125.
When using a volume, the nix-daemon path may not exist. To avoid this
issue, we must use the wait4path tool. This should solve one of the
issues in multi-user on macOS Catalina.
Since macOS 10.14 this has become an error, causing problems if the
nix-daemon loads nix during substitution (this is a forked process).
Workaround for #2523.
We have automated builds at https://hub.docker.com/r/nixos/nix/ now. The master
branch of the "docker" repository is available as "latest". Branches that match
the regular expression "^[0-9.]+$" are pushed to the tag that corresponds to
their branch name. Other branches are ignored.
The path /root/.nix-profile is a sym-link to /nix/var/nix/profiles/default. The
latter path, however, works for everyone while the former path works only for
root, so we prefer the public path whenever possible.
- Use the latest Nix version 1.11.14.
- Attempts to download the Nix installation tarball from http://nixos.org
redirect to https these days, which wget doesn't support unless OpenSSL is
available.
- Use addgroup and adduser commands to create the Nix build users.
- Link the Nix profile script into /etc/profile.d, where it's run
automatically.
- Dropped installation of bash and tar. Neither tool is essential for running
Nix.
Use the command "docker build -t nix . && docker run -it --rm nix sh -"
to build and run the Nix docker container.
This removes the file nix-mode.el from Nix. The file is now available within the
repository https://github.com/NixOS/nix-mode.
Fixes#662Fixes#1040Fixes#1054Fixes#1055Closes#1119Fixes#1419
NOTE: all of the above should be fixed within NixOS/nix-mode. If one of those
hasn’t please reopen within NixOS/nix-mode and not within NixOS/nix.
* Dockerfile: add GNU tar native dependency
`builtins.fetchTarball` requires GNU tar to be available in the $PATH in
order to unpack the fetched tarball (there is a FIXME comment for this),
which Alpine does not ship by default (it ships BusyBox tar).
* Dockerfile: add GNU bash native dependency
`nix-shell` defaults to invoking `bash` from the $PATH for the subshell.
In theory this can be overriden with the NIX_BUILD_SHELL environment
variable, but this does not work properly. `nix-shell` generates and
passes a script (`$rcFile`) to be executed by the subshell which uses
bashisms (`source` and `shopt`). Additionally, in interactive mode,
`nix-shell` passes the `--rcfile` argument to the shell, which is
another bashism.
Because `bash` is thus de-facto required, add `bash` as a native package
dependency to make it available for `nix-shell`.
Florian Klink
Maximilian Bosch
Alyssa Ross
Jörg Thalheim