Port the flags of nix-daemon to nix daemon (#8788)

The new `nix daemon` command didn't accept the same flags that `nix-daemon` did.

* docs(daemon): clarify the daemon trust override flags
* fix: change declaration order
* docs: add examples of nix daemon usage
* Apply suggestions from code review

---------

Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
Co-authored-by: John Ericson <git@JohnEricson.me>
Co-authored-by: tomberek <tomberek@users.noreply.github.com>
This commit is contained in:
Bryan Honof 2023-08-28 15:43:34 +02:00 committed by GitHub
parent 50f40ac4c0
commit 736b9cede7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 67 additions and 4 deletions

View file

@ -500,6 +500,45 @@ static RegisterLegacyCommand r_nix_daemon("nix-daemon", main_nix_daemon);
struct CmdDaemon : StoreCommand
{
bool stdio = false;
std::optional<TrustedFlag> isTrustedOpt = std::nullopt;
CmdDaemon()
{
addFlag({
.longName = "stdio",
.description = "Attach to standard I/O, instead of trying to bind to a UNIX socket.",
.handler = {&stdio, true},
});
addFlag({
.longName = "force-trusted",
.description = "Force the daemon to trust connecting clients.",
.handler = {[&]() {
isTrustedOpt = Trusted;
}},
.experimentalFeature = Xp::DaemonTrustOverride,
});
addFlag({
.longName = "force-untrusted",
.description = "Force the daemon to not trust connecting clients. The connection will be processed by the receiving daemon before forwarding commands.",
.handler = {[&]() {
isTrustedOpt = NotTrusted;
}},
.experimentalFeature = Xp::DaemonTrustOverride,
});
addFlag({
.longName = "default-trust",
.description = "Use Nix's default trust.",
.handler = {[&]() {
isTrustedOpt = std::nullopt;
}},
.experimentalFeature = Xp::DaemonTrustOverride,
});
}
std::string description() override
{
return "daemon to perform store operations on behalf of non-root clients";
@ -516,7 +555,7 @@ struct CmdDaemon : StoreCommand
void run(ref<Store> store) override
{
runDaemon(false, std::nullopt);
runDaemon(stdio, isTrustedOpt);
}
};

View file

@ -1,20 +1,44 @@
R""(
# Example
# Examples
* Run the daemon in the foreground:
* Run the daemon:
```console
# nix daemon
```
* Run the daemon and listen on standard I/O instead of binding to a UNIX socket:
```console
# nix daemon --stdio
```
* Run the daemon and force all connections to be trusted:
```console
# nix daemon --force-trusted
```
* Run the daemon and force all connections to be untrusted:
```console
# nix daemon --force-untrusted
```
* Run the daemon, listen on standard I/O, and force all connections to use Nix's default trust:
```console
# nix daemon --stdio --default-trust
```
# Description
This command runs the Nix daemon, which is a required component in
multi-user Nix installations. It runs build tasks and other
operations on the Nix store on behalf of non-root users. Usually you
don't run the daemon directly; instead it's managed by a service
management framework such as `systemd`.
management framework such as `systemd` on Linux, or `launchctl` on Darwin.
Note that this daemon does not fork into the background.