forked from lix-project/lix
Port the flags of nix-daemon to nix daemon (#8788)
The new `nix daemon` command didn't accept the same flags that `nix-daemon` did. * docs(daemon): clarify the daemon trust override flags * fix: change declaration order * docs: add examples of nix daemon usage * Apply suggestions from code review --------- Co-authored-by: Eelco Dolstra <edolstra@gmail.com> Co-authored-by: John Ericson <git@JohnEricson.me> Co-authored-by: tomberek <tomberek@users.noreply.github.com>
This commit is contained in:
parent
50f40ac4c0
commit
736b9cede7
2 changed files with 67 additions and 4 deletions
|
@ -500,6 +500,45 @@ static RegisterLegacyCommand r_nix_daemon("nix-daemon", main_nix_daemon);
|
||||||
|
|
||||||
struct CmdDaemon : StoreCommand
|
struct CmdDaemon : StoreCommand
|
||||||
{
|
{
|
||||||
|
bool stdio = false;
|
||||||
|
std::optional<TrustedFlag> isTrustedOpt = std::nullopt;
|
||||||
|
|
||||||
|
CmdDaemon()
|
||||||
|
{
|
||||||
|
addFlag({
|
||||||
|
.longName = "stdio",
|
||||||
|
.description = "Attach to standard I/O, instead of trying to bind to a UNIX socket.",
|
||||||
|
.handler = {&stdio, true},
|
||||||
|
});
|
||||||
|
|
||||||
|
addFlag({
|
||||||
|
.longName = "force-trusted",
|
||||||
|
.description = "Force the daemon to trust connecting clients.",
|
||||||
|
.handler = {[&]() {
|
||||||
|
isTrustedOpt = Trusted;
|
||||||
|
}},
|
||||||
|
.experimentalFeature = Xp::DaemonTrustOverride,
|
||||||
|
});
|
||||||
|
|
||||||
|
addFlag({
|
||||||
|
.longName = "force-untrusted",
|
||||||
|
.description = "Force the daemon to not trust connecting clients. The connection will be processed by the receiving daemon before forwarding commands.",
|
||||||
|
.handler = {[&]() {
|
||||||
|
isTrustedOpt = NotTrusted;
|
||||||
|
}},
|
||||||
|
.experimentalFeature = Xp::DaemonTrustOverride,
|
||||||
|
});
|
||||||
|
|
||||||
|
addFlag({
|
||||||
|
.longName = "default-trust",
|
||||||
|
.description = "Use Nix's default trust.",
|
||||||
|
.handler = {[&]() {
|
||||||
|
isTrustedOpt = std::nullopt;
|
||||||
|
}},
|
||||||
|
.experimentalFeature = Xp::DaemonTrustOverride,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
std::string description() override
|
std::string description() override
|
||||||
{
|
{
|
||||||
return "daemon to perform store operations on behalf of non-root clients";
|
return "daemon to perform store operations on behalf of non-root clients";
|
||||||
|
@ -516,7 +555,7 @@ struct CmdDaemon : StoreCommand
|
||||||
|
|
||||||
void run(ref<Store> store) override
|
void run(ref<Store> store) override
|
||||||
{
|
{
|
||||||
runDaemon(false, std::nullopt);
|
runDaemon(stdio, isTrustedOpt);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,20 +1,44 @@
|
||||||
R""(
|
R""(
|
||||||
|
|
||||||
# Example
|
# Examples
|
||||||
|
|
||||||
* Run the daemon in the foreground:
|
* Run the daemon:
|
||||||
|
|
||||||
```console
|
```console
|
||||||
# nix daemon
|
# nix daemon
|
||||||
```
|
```
|
||||||
|
|
||||||
|
* Run the daemon and listen on standard I/O instead of binding to a UNIX socket:
|
||||||
|
|
||||||
|
```console
|
||||||
|
# nix daemon --stdio
|
||||||
|
```
|
||||||
|
|
||||||
|
* Run the daemon and force all connections to be trusted:
|
||||||
|
|
||||||
|
```console
|
||||||
|
# nix daemon --force-trusted
|
||||||
|
```
|
||||||
|
|
||||||
|
* Run the daemon and force all connections to be untrusted:
|
||||||
|
|
||||||
|
```console
|
||||||
|
# nix daemon --force-untrusted
|
||||||
|
```
|
||||||
|
|
||||||
|
* Run the daemon, listen on standard I/O, and force all connections to use Nix's default trust:
|
||||||
|
|
||||||
|
```console
|
||||||
|
# nix daemon --stdio --default-trust
|
||||||
|
```
|
||||||
|
|
||||||
# Description
|
# Description
|
||||||
|
|
||||||
This command runs the Nix daemon, which is a required component in
|
This command runs the Nix daemon, which is a required component in
|
||||||
multi-user Nix installations. It runs build tasks and other
|
multi-user Nix installations. It runs build tasks and other
|
||||||
operations on the Nix store on behalf of non-root users. Usually you
|
operations on the Nix store on behalf of non-root users. Usually you
|
||||||
don't run the daemon directly; instead it's managed by a service
|
don't run the daemon directly; instead it's managed by a service
|
||||||
management framework such as `systemd`.
|
management framework such as `systemd` on Linux, or `launchctl` on Darwin.
|
||||||
|
|
||||||
Note that this daemon does not fork into the background.
|
Note that this daemon does not fork into the background.
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue