Merge pull request #2388 from grahamc/graham/document-multi-user

Document multi-user installation, and add release notes about it not being the default on 2.1
This commit is contained in:
Eelco Dolstra 2018-09-01 22:43:48 +02:00 committed by GitHub
commit 1f49926601
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 207 additions and 59 deletions

View file

@ -39,7 +39,7 @@ bundle.</para>
<step><para>Set the environment variable and install Nix</para> <step><para>Set the environment variable and install Nix</para>
<screen> <screen>
$ export NIX_SSL_CERT_FILE=/etc/ssl/my-certificate-bundle.crt $ export NIX_SSL_CERT_FILE=/etc/ssl/my-certificate-bundle.crt
$ curl https://nixos.org/nix/install | sh $ sh &lt;(curl https://nixos.org/nix/install)
</screen></step> </screen></step>
<step><para>In the shell profile and rc files (for example, <step><para>In the shell profile and rc files (for example,

View file

@ -6,13 +6,30 @@
<title>Installing a Binary Distribution</title> <title>Installing a Binary Distribution</title>
<para>If you are using Linux or macOS, the easiest way to install <para>If you are using Linux or macOS, the easiest way to install Nix
Nix is to run the following command: is to run the following command:
<screen> <screen>
$ bash &lt;(curl https://nixos.org/nix/install) $ sh &lt;(curl https://nixos.org/nix/install)
</screen> </screen>
As of Nix 2.1.0, the Nix installer will always default to creating a
single-user installation, however opting in to the multi-user
installation is highly recommended.
</para>
<section xml:id="sect-single-user-installation">
<title>Single User Installation</title>
<para>
To explicitly select a single-user installation on your system:
<screen>
sh &lt;(curl https://nixos.org/nix/install) --no-daemon
</screen>
</para>
<para>
This will perform a single-user installation of Nix, meaning that This will perform a single-user installation of Nix, meaning that
<filename>/nix</filename> is owned by the invoking user. You should <filename>/nix</filename> is owned by the invoking user. You should
run this under your usual user account, <emphasis>not</emphasis> as run this under your usual user account, <emphasis>not</emphasis> as
@ -33,51 +50,8 @@ and <filename>.profile</filename> to source
the <command>NIX_INSTALLER_NO_MODIFY_PROFILE</command> environment the <command>NIX_INSTALLER_NO_MODIFY_PROFILE</command> environment
variable before executing the install script to disable this variable before executing the install script to disable this
behaviour. behaviour.
</para> </para>
<!--
<para>You can also manually download and install a binary package.
Binary packages of the latest stable release are available for Fedora,
Debian, Ubuntu, macOS and various other systems from the <link
xlink:href="http://nixos.org/nix/download.html">Nix homepage</link>.
You can also get builds of the latest development release from our
<link
xlink:href="http://hydra.nixos.org/job/nix/master/release/latest-finished#tabs-constituents">continuous
build system</link>.</para>
<para>For Fedora, RPM packages are available. These can be installed
or upgraded using <command>rpm -U</command>. For example,
<screen>
$ rpm -U nix-1.8-1.i386.rpm</screen>
</para>
<para>For Debian and Ubuntu, you can download a Deb package and
install it like this:
<screen>
$ dpkg -i nix_1.8-1_amd64.deb</screen>
</para>
-->
<para>You can also download a binary tarball that contains Nix and all
its dependencies. (This is what the install script at
<uri>https://nixos.org/nix/install</uri> does automatically.) You
should unpack it somewhere (e.g. in <filename>/tmp</filename>), and
then run the script named <command>install</command> inside the binary
tarball:
<screen>
alice$ cd /tmp
alice$ tar xfj nix-1.8-x86_64-darwin.tar.bz2
alice$ cd nix-1.8-x86_64-darwin
alice$ ./install
</screen>
</para>
<para>You can uninstall Nix simply by running: <para>You can uninstall Nix simply by running:
@ -86,5 +60,131 @@ $ rm -rf /nix
</screen> </screen>
</para> </para>
</section>
<section xml:id="sect-multi-user-installation">
<title>Multi User Installation</title>
<para>
The multi-user Nix installation creates system users, and a system
service for the Nix daemon.
</para>
<itemizedlist>
<title>Supported Systems</title>
<listitem>
<para>Linux running systemd, with SELinux disabled</para>
</listitem>
<listitem><para>macOS</para></listitem>
</itemizedlist>
<para>
You can instruct the installer to perform a multi-user
installation on your system:
<screen>
sh &lt;(curl https://nixos.org/nix/install) --daemon
</screen>
</para>
<para>
The multi-user installation of Nix will create build users between
the user IDs 30001 and 30032, and a group with the group ID 30000.
You should run this under your usual user account,
<emphasis>not</emphasis> as root. The script will invoke
<command>sudo</command> as needed.
</para>
<note><para>
If you need Nix to use a different group ID or user ID set, you
will have to download the tarball manually and <link
linkend="sect-nix-install-binary-tarball">edit the install
script</link>.
</para></note>
<para>
The installer will modify <filename>/etc/bashrc</filename>, and
<filename>/etc/zshrc</filename> if they exist. The installer will
first back up these files with a
<literal>.backup-before-nix</literal> extension. The installer
will also create <filename>/etc/profile.d/nix.sh</filename>.
</para>
<para>You can uninstall Nix with the following commands:
<screen>
sudo rm -rf /etc/profile/nix.sh /etc/nix /nix ~root/.nix-profile ~root/.nix-defexpr ~root/.nix-channels ~/.nix-profile ~/.nix-defexpr ~/.nix-channels
# If you are on Linux with systemd, you will need to run:
sudo systemctl stop nix-daemon.socket
sudo systemctl stop nix-daemon.service
sudo systemctl disable nix-daemon.socket
sudo systemctl disable nix-daemon.service
sudo systemctl daemon-reload
# If you are on macOS, you will need to run:
sudo launchctl unload /Library/LaunchDaemons/org.nixos.nix-daemon.plist
sudo rm /Library/LaunchDaemons/org.nixos.nix-daemon.plist
</screen>
There may also be references to Nix in
<filename>/etc/profile</filename>,
<filename>/etc/bashrc</filename>, and
<filename>/etc/zshrc</filename> which you may remove.
</para>
</section>
<section xml:id="sect-nix-install-pinned-version-url">
<title>Installing a pinned Nix version from a URL</title>
<para>
NixOS.org hosts version-specific installation URLs for all Nix
versions since 1.11.16, at
<literal>https://nixos.org/releases/nix/nix-VERSION/install</literal>.
</para>
<para>
These install scripts can be used the same as the main
NixOS.org installation script:
<screen>
sh &lt;(curl https://nixos.org/nix/install)
</screen>
</para>
<para>
In the same directory of the install script are sha256 sums, and
gpg signature files.
</para>
</section>
<section xml:id="sect-nix-install-binary-tarball">
<title>Installing from a binary tarball</title>
<para>
You can also download a binary tarball that contains Nix and all
its dependencies. (This is what the install script at
<uri>https://nixos.org/nix/install</uri> does automatically.) You
should unpack it somewhere (e.g. in <filename>/tmp</filename>),
and then run the script named <command>install</command> inside
the binary tarball:
<screen>
alice$ cd /tmp
alice$ tar xfj nix-1.8-x86_64-darwin.tar.bz2
alice$ cd nix-1.8-x86_64-darwin
alice$ ./install
</screen>
</para>
<para>
If you need to edit the multi-user installation script to use
different group ID or a different user ID range, modify the
variables set in the file named
<filename>install-multi-user</filename>.
</para>
</section>
</chapter> </chapter>

View file

@ -10,7 +10,7 @@
<itemizedlist> <itemizedlist>
<listitem><para>Linux (i686, x86_64).</para></listitem> <listitem><para>Linux (i686, x86_64, aarch64).</para></listitem>
<listitem><para>macOS (x86_64).</para></listitem> <listitem><para>macOS (x86_64).</para></listitem>

View file

@ -0,0 +1,21 @@
<chapter xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ch-upgrading-nix">
<title>Upgrading Nix</title>
<para>
Multi-user Nix users on macOS can upgrade Nix by running
<command>sudo -i sh -c 'nix-channel --update &amp;&amp; nix-env
-iA nixpkgs.nix'; sudo launchctl stop org.nixos.nix-daemon; sudo
launchctl start org.nixos.nix-daemon</command>.
</para>
<para>
Single-user installations of Nix should run <command>nix-channel
--update; nix-env -iA nixpkgs.nix</command>.
</para>
</chapter>

View file

@ -32,6 +32,7 @@
<xi:include href="introduction/introduction.xml" /> <xi:include href="introduction/introduction.xml" />
<xi:include href="installation/installation.xml" /> <xi:include href="installation/installation.xml" />
<xi:include href="installation/upgrading.xml" />
<xi:include href="packages/package-management.xml" /> <xi:include href="packages/package-management.xml" />
<xi:include href="expressions/writing-nix-expressions.xml" /> <xi:include href="expressions/writing-nix-expressions.xml" />
<xi:include href="advanced-topics/advanced-topics.xml" /> <xi:include href="advanced-topics/advanced-topics.xml" />

View file

@ -49,6 +49,29 @@ new features:</para>
<varname>nix-support/propagated-user-env-packages</varname>.</para> <varname>nix-support/propagated-user-env-packages</varname>.</para>
</listitem> </listitem>
<listitem>
<para>The Nix installer will no longer default to the Multi-User
installation for macOS. You can still <link
linkend="sect-multi-user-installation">instruct the installer to
run in multi-user mode</link>.
</para>
</listitem>
<listitem>
<para>The Nix installer now supports performing a Multi-User
installation for Linux computers which are running systemd. You
can <link
linkend="sect-multi-user-installation">select a Multi-User installation</link> by passing the
<option>--daemon</option> flag to the installer: <command>sh &lt;(curl
https://nixos.org/nix/install) --daemon</command>.
</para>
<para>The multi-user installer cannot handle systems with SELinux.
If your system has SELinux enabled, you can <link
linkend="sect-single-user-installation">force the installer to run
in single-user mode</link>.</para>
</listitem>
</itemizedlist> </itemizedlist>
<para>This release has contributions from <para>This release has contributions from

View file

@ -30,15 +30,14 @@ if [ "$(uname -s)" = "Darwin" ]; then
fi fi
fi fi
# Determine if we should punt to the single-user installer or not # Determine if we could use the multi-user installer or not
if [ "$(uname -s)" = "Darwin" ]; then if [ "$(uname -s)" = "Darwin" ]; then
INSTALL_MODE=daemon echo "Note: a multi-user installation is possible. See https://nixos.org/nix/manual/#sect-multi-user-installation" >&2
elif [ "$(uname -s)" = "Linux" ] && [ -e /run/systemd/system ]; then elif [ "$(uname -s)" = "Linux" ] && [ -e /run/systemd/system ]; then
INSTALL_MODE=daemon echo "Note: a multi-user installation is possible. See https://nixos.org/nix/manual/#sect-multi-user-installation" >&2
else
INSTALL_MODE=no-daemon
fi fi
INSTALL_MODE=no-daemon
# Trivially handle the --daemon / --no-daemon options # Trivially handle the --daemon / --no-daemon options
if [ "x${1:-}" = "x--no-daemon" ]; then if [ "x${1:-}" = "x--no-daemon" ]; then
INSTALL_MODE=no-daemon INSTALL_MODE=no-daemon
@ -47,14 +46,18 @@ elif [ "x${1:-}" = "x--daemon" ]; then
elif [ "x${1:-}" != "x" ]; then elif [ "x${1:-}" != "x" ]; then
( (
echo "Nix Installer [--daemon|--no-daemon]" echo "Nix Installer [--daemon|--no-daemon]"
echo "Choose installation method."
echo "" echo ""
echo " --daemon: Force the installer to use the Daemon" echo " --daemon: Installs and configures a background daemon that manages the store,"
echo " based installer, even though it may not" echo " providing multi-user support and better isolation for local builds."
echo " work." echo " Both for security and reproducibility, this method is recommended if"
echo " supported on your platform."
echo " See https://nixos.org/nix/manual/#sect-multi-user-installation"
echo "" echo ""
echo " --no-daemon: Force a no-daemon, single-user" echo " --no-daemon: Simple, single-user installation that does not require root and is"
echo " installation even when the preferred" echo " trivial to uninstall."
echo " method is with the daemon." echo " (default)"
echo "" echo ""
) >&2 ) >&2
exit exit