Commit graph

61 commits

Author SHA1 Message Date
5f6eb6eb44 doc: rewrite the multi-user documentation to actually talk about security
It's in the security section, and it was totally outdated anyway.

I took the opportunity to write down the stuff we already believed.

Change-Id: I73e62ae85a82dad13ef846e31f377c3efce13cb0
2024-06-12 15:34:23 -07:00
4392d89eea manual: rewrite the docker guide now that we have images
Change-Id: I5bdf47e67059ae4099552750a47ae070dbe094df
2024-06-09 20:33:24 -07:00
b8cb7abcf0 chore: rebrand Nix to Lix when it makes sense
Here's my guide so far:

$ rg '((?!(recursive).*) Nix
(?!(daemon|store|expression|Rocks!|Packages|language|derivation|archive|account|user|sandbox|flake).*))'
-g '!doc/' --pcre2

All items from this query have been tackled. For the documentation side:
that's for lix-project/lix#162.

Additionally, all remaining references to github.com/NixOS/nix which
were not relevant were also replaced.

Fixes: lix-project/lix#148.
Fixes: lix-project/lix#162.
Change-Id: Ib3451fae5cb8ab8cd9ac9e4e4551284ee6794545
Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-06-01 20:31:24 +02:00
f047e4357b libstore/build: always enable seccomp filtering and no-new-privileges
Seccomp filtering and the no-new-privileges functionality improve the security
of the sandbox, and have been enabled by default for a long time. In
lix-project/lix#265 it was decided that they
should be enabled unconditionally. Accordingly, remove the allow-new-privileges
(which had weird behavior anyway) and filter-syscall settings, and force the
security features on. Syscall filtering can still be enabled at build time to
support building on architectures libseccomp doesn't support.

Change-Id: Iedbfa18d720ae557dee07a24f69b2520f30119cb
2024-05-24 21:19:29 +00:00
748d8310fa Fix the pages in the manual for Lix
This doesn't comprehensively fix everything outdated in the manual, or
make the manual greatly better, but it does note down where at least
jade noticed it was wrong, and it does fix all the instances of
referencing Nix to conform to the style guide to the best of our
ability.

A lot of things have been commented out for being wrong, and there are
three types of FIXME introduced:

- FIXME(Lix): generically Lix needs to fix it
- FIXME(Qyriad): re lix-project/lix#215
- FIXME(meson): docs got outdated by meson changes and need rewriting

I did fix a bunch of it that I could, but there could certainly be
mistakes and this is definitely just an incremental improvement.

Fixes: lix-project/lix#266
Change-Id: I5993c4603d7f026a887089fce77db08394362135
2024-05-05 16:11:01 -07:00
2a98ba8b97 Add pre-commit checks
The big ones here are `trim-trailing-whitespace` and `end-of-file-fixer`
(which makes sure that every file ends with exactly one newline
character).

Change-Id: Idca73b640883188f068f9903e013cf0d82aa1123
2024-03-29 22:57:40 -07:00
da0aa66d98 Merge pull request #9131 from obsidiansystems/delete-bootstrap-script
Get rid of `bootstrap.sh`

(cherry picked from commit aaef47a08eaf54a8856dd25c784fd85d8d7b0e22)
Change-Id: I1a74bed0c23d6fda06d5dfd8ecad443b9122da12
2024-03-04 04:36:52 +01:00
c51f3f1eb2 nix actually needs c++20 now 2023-06-10 13:56:05 +02:00
Alexander Schmolck
8d4b6766e2 Convert short nix options to long ones
e.g. nix-env -e subversion => nix-env --uninstall subversion

The aim is to make the documentation less cryptic for newcomers and the
long options are more self-documenting.

The change was made with the following script:

<https://github.com/aschmolck/convert-short-nix-opts-to-long-ones>

and sanity checked visually.
2023-05-17 08:10:30 +01:00
Victor Engmark
6e1bfb93dc refactor: Join commands to remove files 2023-05-15 11:05:26 +12:00
Victor Engmark
ed016a5bb0 docs: Mention more files referenced by the installer
`/etc/bash.bashrc` is backed up as `/etc/bash.bashrc.backup-before-nix`,
but since other changes might have been introduced in the meantime we can't
just tell the user to revert.
2023-05-15 11:03:27 +12:00
Victor Engmark
e26aad22c6 docs: Remove references to non-existing files
At least on Ubuntu 22.04, these files are not created as part of a multi-
user installation.
2023-05-15 10:26:47 +12:00
Victor Engmark
17a1c1ee4e docs: Sort files by name 2023-05-15 10:16:12 +12:00
Victor Engmark
3cc9b8630b docs: Remove Nix profile content from correct directory
At least on Ubuntu 22.04, the Nix installer creates
`/etc/profile.d/nix.sh`, not `/etc/profile/nix.sh`.
2023-05-15 10:13:46 +12:00
Victor Engmark
ccf512f4b8 docs: Remove redundant uninstall command
`sudo systemctl disable nix-daemon.socket nix-daemon.service` removes these
files already.
2023-05-15 10:06:27 +12:00
Valentin Gagarin
9b2a4a4729 move uninstall instructions to a separate page
placed in a subsection of the binary install, the instructions are hard
to find. putting them in a separate page that is shown in the table of
contents should make it easier for users to find what they need when
they need it.
2023-04-28 11:53:38 +02:00
Michael Utz
40fcb22313
Update installing-binary.md 2023-04-18 13:18:30 +03:00
Eelco Dolstra
e53e5c38d4 Add a setting for configuring the SSL certificates file
This provides a platform-independent way to configure the SSL
certificates file in the Nix daemon. Previously we provided
instructions for overriding the environment variable in launchd, but
that obviously doesn't work with systemd. Now we can just tell users
to add

  ssl-cert-file = /etc/ssl/my-certificate-bundle.crt

to their nix.conf.
2023-03-17 18:32:18 +01:00
c6051cac6f doc: Add test dependencies to prerequisites 2023-02-24 09:59:25 +01:00
David Dunn
9aeaf98c4b
Make install command in documentation compatible with fish shell (#7474)
Use a pipe for all install commands

Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-02-07 22:32:27 +00:00
Ana Hobden
763c1dfc2b Expand installation.md
Changes the `quick-start.md` to recommend a multi-user install, since
single-user is not supported on MacOS and https://nixos.org/download.html
recommends multi-user.

Expands `installation.md` to reflect wording on https://nixos.org/download.html
2023-01-16 11:38:50 -08:00
Akhil
a3a0e414c2
Deletes build users and group 2022-12-23 14:06:51 +05:30
Liu Xiaoyi
c4ce89f772
Clarify uninstallation steps on Linux
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2022-11-26 22:01:51 +08:00
Liu Xiaoyi
4d55acf515
Apply suggestions from code review
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2022-11-21 13:46:22 +08:00
Liu Xiaoyi
cc620d961f Updated uninstall guide involving systemd
Co-authored-by: sequencer <liu@jiuyang.me>
2022-11-20 20:04:29 +08:00
Valentin Gagarin
2af036e5a3
remove stray comma 2022-11-11 14:01:13 +01:00
Valentin Gagarin
d8781c4fc5 add removing users to uninstall instructions 2022-11-09 01:11:47 +01:00
Eelco Dolstra
af4e8b00fb
Merge pull request #6882 from DeterminateSystems/allow-multi-user-as-root
Allow installing multi-user as root on macOS and Linux
2022-08-12 10:19:03 +02:00
Graham Christensen
7bb1e913b3 Don't prompt about using sudo if we're already root 2022-08-10 09:37:08 -04:00
Graham Christensen
88a0f3b6ba Strip whitespace in installing-binary.md 2022-08-10 09:37:08 -04:00
Domen Kožar
84a26882f8
Update doc/manual/src/installation/installing-binary.md
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2022-08-04 06:23:45 -05:00
Domen Kožar
3c2de2da01
Update doc/manual/src/installation/installing-binary.md
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2022-08-04 06:23:36 -05:00
Travis A. Everett
649c9d9b4c doc: acknowledge post-rsync reality
Before #5150 the copy-to-store phase of the install was idempotent,
but the recursive cp isn't. This is probably baiting a few people
into trying corrective installs that will fail.
2022-06-30 13:31:04 -05:00
Travis A. Everett
fe76b9f4b4 doc: fix some darwin uninstall gaps 2022-06-16 09:37:52 -05:00
Jan Tojnar
a793863b97 doc: Manually insert some anchors 2022-05-26 18:17:21 +02:00
toonn
947d4761b3
doc: Add removal of darwin-store LaunchDaemon
The uninstall instructions used to accidentally remove the nix-darwin
LaunchDaemon, this was dropped. However, the original intent was to
remove the Store volume mounting LaunchDaemon.
2022-02-26 14:16:35 +01:00
toonn
2df23e2b3e
doc: Drop nix-darwin service from macOS uninstall 2022-02-25 10:50:01 +01:00
toonn
064cad7e9f
doc: Add macOS uninstall note about /nix
Clarify that `/nix` being present after the uninstall is normal and it
will only disappear after a reboot.

Co-authored-by: Travis A. Everett <travis.a.everett@gmail.com>
2022-02-25 10:32:45 +01:00
toonn
400d70a3a9
doc: Add detailed uninstall section for macOS
The multi-user installation on macOS, which is now the only option, has
gotten complicated enough that it discourages some users from checking
Nix out for fear of being left with a "dirty" system. Detailed
uninstallation instructions should make this less of an issue.
2022-02-22 16:28:24 +01:00
Eelco Dolstra
c260640dec Fix docker instructions 2021-12-16 21:48:38 +01:00
jesse
11ee875a6d List aarch64 as supported macOS hardware
Resolves #5767
2021-12-15 10:55:34 -08:00
Travis A. Everett
8093456111 document some darwin mount settings 2021-12-04 23:16:42 -06:00
David Purdum
69b9198875
Fix docker command
`docker -ti run nixos` does not run on docker version 20.10.7 (my machine).  This fixes it to read `docker run -ti nixos`.
2021-12-02 23:38:33 -05:00
Eelco Dolstra
ddf4fb750d
Merge pull request #5678 from t184256/document-libsodium
Document libsodium, which is now mandatory, as a dependency.
2021-11-29 11:11:10 +01:00
Alexander Sosedkin
a9bd06d0ea Make libcpuid dependency optional with --disable-cpuid 2021-11-28 00:52:35 +01:00
Alexander Sosedkin
b73a1c0638 Document libcpuid dependency 2021-11-28 00:52:35 +01:00
Alexander Sosedkin
33a227503a Document libsodium, which is now mandatory, as a dependency 2021-11-27 23:11:11 +01:00
Rok Garbas
a118a70649
Documenting how to use/build Nix' Docker image 2021-11-11 16:07:01 +01:00
Eelco Dolstra
b61b307bad Remove references to building from the source tarball 2021-11-02 15:29:47 +01:00
Rafal Gwozdzinski
a73f855bd4 Fix typo 2021-10-03 12:19:59 +02:00