Test Nix 2.15 and the auto-uid-allocation feature (#196)

* Auto UID allocation

* Uncomment plan tests

* Delete legacy users on install

* Group up deleteuser actions
This commit is contained in:
Ana Hobden 2023-05-05 13:54:37 -07:00 committed by GitHub
parent bdd087a615
commit 08ef3bb82a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
17 changed files with 517 additions and 3061 deletions

View file

@ -30,13 +30,14 @@ The `nix-installer` tool is ready to use in a number of environments:
Differing from the current official [Nix](https://github.com/NixOS/nix) installer scripts: Differing from the current official [Nix](https://github.com/NixOS/nix) installer scripts:
* In `nix.conf`: * In `nix.conf`:
+ the `nix-command` and `flakes` features are enabled + the `auto-allocate-uids`, `nix-command` and `flakes` features are enabled
+ `bash-prompt-prefix` is set + `bash-prompt-prefix` is set
+ `auto-optimise-store` is set to `true` + `auto-optimise-store` is set to `true`
* `extra-nix-path` is set to `nixpkgs=flake:nixpkgs` * `extra-nix-path` is set to `nixpkgs=flake:nixpkgs`
* an installation receipt (for uninstalling) is stored at `/nix/receipt.json` as well as a copy of the install binary at `/nix/nix-installer` * an installation receipt (for uninstalling) is stored at `/nix/receipt.json` as well as a copy of the install binary at `/nix/nix-installer`
* `nix-channel --update` is not run, `~/.nix-channels` is not provisioned * `nix-channel --update` is not run, `~/.nix-channels` is not provisioned
* `NIX_SSL_CERT_FILE` is set in the various shell profiles if the `ssl-cert-file` argument is used. * `NIX_SSL_CERT_FILE` is set in the various shell profiles if the `ssl-cert-file` argument is used.
* `auto-uid-allocation` is set to `true`.
## Motivations ## Motivations

View file

@ -197,27 +197,11 @@ let
uninstall = installCases.install-default.uninstall; uninstall = installCases.install-default.uninstall;
uninstallCheck = installCases.install-default.uninstallCheck; uninstallCheck = installCases.install-default.uninstallCheck;
}; };
cure-self-linux-broken-missing-users = { cure-self-linux-broken-missing-group = {
preinstall = ''
${nix-installer-install-quiet}
sudo mv /nix/receipt.json /nix/old-receipt.json
sudo userdel nixbld1
sudo userdel nixbld3
sudo userdel nixbld16
'';
install = installCases.install-default.install;
check = installCases.install-default.check;
uninstall = installCases.install-default.uninstall;
uninstallCheck = installCases.install-default.uninstallCheck;
};
cure-self-linux-broken-missing-users-and-group = {
preinstall = '' preinstall = ''
NIX_PATH=$(readlink -f nix.tar.xz) NIX_PATH=$(readlink -f nix.tar.xz)
RUST_BACKTRACE="full" ./nix-installer install --nix-package-url "file://$NIX_PATH" --no-confirm RUST_BACKTRACE="full" ./nix-installer install --nix-package-url "file://$NIX_PATH" --no-confirm
sudo mv /nix/receipt.json /nix/old-receipt.json sudo mv /nix/receipt.json /nix/old-receipt.json
for i in {1..32}; do
sudo userdel "nixbld''${i}"
done
sudo groupdel nixbld sudo groupdel nixbld
''; '';
install = installCases.install-default.install; install = installCases.install-default.install;
@ -357,13 +341,10 @@ let
''; '';
in in
{ {
uninstall-users-and-groups-missing = { uninstall-groups-missing = {
install = installCases.install-default.install; install = installCases.install-default.install;
check = installCases.install-default.check; check = installCases.install-default.check;
preuninstall = '' preuninstall = ''
for i in $(seq 1 32); do
sudo userdel nixbld$i
done
sudo groupdel nixbld sudo groupdel nixbld
''; '';
uninstall = uninstallFailExpected; uninstall = uninstallFailExpected;

View file

@ -1,330 +0,0 @@
use std::process::Stdio;
use nix::unistd::User;
use target_lexicon::OperatingSystem;
use tokio::process::Command;
use tracing::{span, Span};
use crate::action::{ActionError, ActionErrorKind};
use crate::execute_command;
use crate::action::{Action, ActionDescription, StatefulAction};
/**
Create an operating system level user in the given group
*/
#[derive(Debug, serde::Deserialize, serde::Serialize, Clone)]
pub struct AddUserToGroup {
name: String,
uid: u32,
groupname: String,
gid: u32,
}
impl AddUserToGroup {
#[tracing::instrument(level = "debug", skip_all)]
pub async fn plan(
name: String,
uid: u32,
groupname: String,
gid: u32,
) -> Result<StatefulAction<Self>, ActionError> {
let this = Self {
name: name.clone(),
uid,
groupname,
gid,
};
match OperatingSystem::host() {
OperatingSystem::MacOSX { .. } | OperatingSystem::Darwin => (),
_ => {
if !(which::which("addgroup").is_ok() || which::which("gpasswd").is_ok()) {
return Err(Self::error(ActionErrorKind::MissingAddUserToGroupCommand));
}
if !(which::which("delgroup").is_ok() || which::which("gpasswd").is_ok()) {
return Err(Self::error(
ActionErrorKind::MissingRemoveUserFromGroupCommand,
));
}
},
}
// Ensure user does not exists
if let Some(user) = User::from_name(name.as_str())
.map_err(|e| ActionErrorKind::GettingUserId(name.clone(), e))
.map_err(Self::error)?
{
if user.uid.as_raw() != uid {
return Err(Self::error(ActionErrorKind::UserUidMismatch(
name.clone(),
user.uid.as_raw(),
uid,
)));
}
if user.gid.as_raw() != gid {
return Err(Self::error(ActionErrorKind::UserGidMismatch(
name.clone(),
user.gid.as_raw(),
gid,
)));
}
// See if group membership needs to be done
match OperatingSystem::host() {
OperatingSystem::MacOSX {
major: _,
minor: _,
patch: _,
}
| OperatingSystem::Darwin => {
let mut command = Command::new("/usr/sbin/dseditgroup");
command.process_group(0);
command.args(["-o", "checkmember", "-m"]);
command.arg(&this.name);
command.arg(&this.groupname);
command.stdout(Stdio::piped());
command.stderr(Stdio::piped());
tracing::trace!("Executing `{:?}`", command.as_std());
let output = command
.output()
.await
.map_err(|e| ActionErrorKind::command(&command, e))
.map_err(Self::error)?;
match output.status.code() {
Some(0) => {
// yes {user} is a member of {groupname}
// Since the user exists, and is already a member of the group, we have truly nothing to do here
tracing::debug!(
"Adding user `{}` to group `{}` already complete",
this.name,
this.groupname
);
return Ok(StatefulAction::completed(this));
},
Some(64) => {
// 64 is the exit code for "Group not found"
tracing::trace!(
"Will add user `{}` to newly created group `{}`",
this.name,
this.groupname
);
// The group will be created by the installer
()
},
_ => {
// Some other issue
return Err(Self::error(ActionErrorKind::command_output(
&command, output,
)));
},
};
},
_ => {
let output = execute_command(
Command::new("groups")
.process_group(0)
.arg(&this.name)
.stdin(std::process::Stdio::null()),
)
.await
.map_err(Self::error)?;
let output_str = String::from_utf8(output.stdout).map_err(Self::error)?;
let user_in_group = output_str.split(" ").any(|v| v == &this.groupname);
if user_in_group {
tracing::debug!(
"Adding user `{}` to group `{}` already complete",
this.name,
this.groupname
);
return Ok(StatefulAction::completed(this));
}
},
}
}
Ok(StatefulAction::uncompleted(this))
}
}
#[async_trait::async_trait]
#[typetag::serde(name = "add_user_to_group")]
impl Action for AddUserToGroup {
fn action_tag() -> crate::action::ActionTag {
crate::action::ActionTag("add_user_to_group")
}
fn tracing_synopsis(&self) -> String {
format!(
"Add user `{}` (UID {}) to group `{}` (GID {})",
self.name, self.uid, self.groupname, self.gid
)
}
fn tracing_span(&self) -> Span {
span!(
tracing::Level::DEBUG,
"add_user_to_group",
user = self.name,
uid = self.uid,
groupname = self.groupname,
gid = self.gid,
)
}
fn execute_description(&self) -> Vec<ActionDescription> {
vec![ActionDescription::new(
self.tracing_synopsis(),
vec![format!(
"The Nix daemon requires the build users to be in a defined group"
)],
)]
}
#[tracing::instrument(level = "debug", skip_all)]
async fn execute(&mut self) -> Result<(), ActionError> {
let Self {
name,
uid: _,
groupname,
gid: _,
} = self;
use target_lexicon::OperatingSystem;
match OperatingSystem::host() {
OperatingSystem::MacOSX {
major: _,
minor: _,
patch: _,
}
| OperatingSystem::Darwin => {
execute_command(
Command::new("/usr/bin/dscl")
.process_group(0)
.args([
".",
"-append",
&format!("/Groups/{groupname}"),
"GroupMembership",
])
.arg(&name)
.stdin(std::process::Stdio::null()),
)
.await
.map_err(Self::error)?;
execute_command(
Command::new("/usr/sbin/dseditgroup")
.process_group(0)
.args(["-o", "edit"])
.arg("-a")
.arg(&name)
.arg("-t")
.arg(&name)
.arg(groupname)
.stdin(std::process::Stdio::null()),
)
.await
.map_err(Self::error)?;
},
_ => {
if which::which("gpasswd").is_ok() {
execute_command(
Command::new("gpasswd")
.process_group(0)
.args(["-a"])
.args([name, groupname])
.stdin(std::process::Stdio::null()),
)
.await
.map_err(Self::error)?;
} else if which::which("addgroup").is_ok() {
execute_command(
Command::new("addgroup")
.process_group(0)
.args([name, groupname])
.stdin(std::process::Stdio::null()),
)
.await
.map_err(Self::error)?;
} else {
return Err(Self::error(Self::error(
ActionErrorKind::MissingAddUserToGroupCommand,
)));
}
},
}
Ok(())
}
fn revert_description(&self) -> Vec<ActionDescription> {
vec![ActionDescription::new(
format!(
"Remove user `{}` (UID {}) from group {} (GID {})",
self.name, self.uid, self.groupname, self.gid
),
vec![format!(
"The Nix daemon requires system users it can act as in order to build"
)],
)]
}
#[tracing::instrument(level = "debug", skip_all)]
async fn revert(&mut self) -> Result<(), ActionError> {
let Self {
name,
uid: _,
groupname,
gid: _,
} = self;
use target_lexicon::OperatingSystem;
match target_lexicon::OperatingSystem::host() {
OperatingSystem::MacOSX {
major: _,
minor: _,
patch: _,
}
| OperatingSystem::Darwin => {
execute_command(
Command::new("/usr/bin/dscl")
.process_group(0)
.args([".", "-delete", &format!("/Groups/{groupname}"), "users"])
.arg(&name)
.stdin(std::process::Stdio::null()),
)
.await
.map_err(Self::error)?;
},
_ => {
if which::which("gpasswd").is_ok() {
execute_command(
Command::new("gpasswd")
.process_group(0)
.args(["-d"])
.args([&name.to_string(), &groupname.to_string()])
.stdin(std::process::Stdio::null()),
)
.await
.map_err(Self::error)?;
} else if which::which("delgroup").is_ok() {
execute_command(
Command::new("delgroup")
.process_group(0)
.args([name, groupname])
.stdin(std::process::Stdio::null()),
)
.await
.map_err(Self::error)?;
} else {
return Err(Self::error(
ActionErrorKind::MissingRemoveUserFromGroupCommand,
));
}
},
};
Ok(())
}
}

View file

@ -164,14 +164,13 @@ impl Action for CreateGroup {
patch: _, patch: _,
} }
| OperatingSystem::Darwin => { | OperatingSystem::Darwin => {
let output = execute_command( execute_command(
Command::new("/usr/bin/dscl") Command::new("/usr/bin/dscl")
.args([".", "-delete", &format!("/Groups/{name}")]) .args([".", "-delete", &format!("/Groups/{name}")])
.stdin(std::process::Stdio::null()), .stdin(std::process::Stdio::null()),
) )
.await .await
.map_err(Self::error)?; .map_err(Self::error)?;
if !output.status.success() {}
}, },
_ => { _ => {
if which::which("groupdel").is_ok() { if which::which("groupdel").is_ok() {

View file

@ -1,344 +0,0 @@
use nix::unistd::User;
use target_lexicon::OperatingSystem;
use tokio::process::Command;
use tracing::{span, Span};
use crate::action::{ActionError, ActionErrorKind, ActionTag};
use crate::execute_command;
use crate::action::{Action, ActionDescription, StatefulAction};
/**
Create an operating system level user in the given group
*/
#[derive(Debug, serde::Deserialize, serde::Serialize, Clone)]
pub struct CreateUser {
name: String,
uid: u32,
groupname: String,
gid: u32,
comment: String,
}
impl CreateUser {
#[tracing::instrument(level = "debug", skip_all)]
pub async fn plan(
name: String,
uid: u32,
groupname: String,
gid: u32,
comment: String,
) -> Result<StatefulAction<Self>, ActionError> {
let this = Self {
name: name.clone(),
uid,
groupname,
gid,
comment,
};
match OperatingSystem::host() {
OperatingSystem::MacOSX { .. } | OperatingSystem::Darwin => (),
_ => {
if !(which::which("useradd").is_ok() || which::which("adduser").is_ok()) {
return Err(Self::error(ActionErrorKind::MissingUserCreationCommand));
}
if !(which::which("userdel").is_ok() || which::which("deluser").is_ok()) {
return Err(Self::error(ActionErrorKind::MissingUserDeletionCommand));
}
},
}
// Ensure user does not exists
if let Some(user) = User::from_name(name.as_str())
.map_err(|e| ActionErrorKind::GettingUserId(name.clone(), e))
.map_err(Self::error)?
{
if user.uid.as_raw() != uid {
return Err(Self::error(ActionErrorKind::UserUidMismatch(
name.clone(),
user.uid.as_raw(),
uid,
)));
}
if user.gid.as_raw() != gid {
return Err(Self::error(ActionErrorKind::UserGidMismatch(
name.clone(),
user.gid.as_raw(),
gid,
)));
}
tracing::debug!("Creating user `{}` already complete", this.name);
return Ok(StatefulAction::completed(this));
}
Ok(StatefulAction::uncompleted(this))
}
}
#[async_trait::async_trait]
#[typetag::serde(name = "create_user")]
impl Action for CreateUser {
fn action_tag() -> ActionTag {
ActionTag("create_user")
}
fn tracing_synopsis(&self) -> String {
format!(
"Create user `{}` (UID {}) in group `{}` (GID {})",
self.name, self.uid, self.groupname, self.gid
)
}
fn tracing_span(&self) -> Span {
span!(
tracing::Level::DEBUG,
"create_user",
user = self.name,
uid = self.uid,
groupname = self.groupname,
gid = self.gid,
)
}
fn execute_description(&self) -> Vec<ActionDescription> {
vec![ActionDescription::new(
self.tracing_synopsis(),
vec![format!(
"The Nix daemon requires system users it can act as in order to build"
)],
)]
}
#[tracing::instrument(level = "debug", skip_all)]
async fn execute(&mut self) -> Result<(), ActionError> {
let Self {
name,
uid,
groupname,
gid,
comment,
} = self;
use OperatingSystem;
match OperatingSystem::host() {
OperatingSystem::MacOSX {
major: _,
minor: _,
patch: _,
}
| OperatingSystem::Darwin => {
execute_command(
Command::new("/usr/bin/dscl")
.process_group(0)
.args([".", "-create", &format!("/Users/{name}")])
.stdin(std::process::Stdio::null()),
)
.await
.map_err(Self::error)?;
execute_command(
Command::new("/usr/bin/dscl")
.process_group(0)
.args([
".",
"-create",
&format!("/Users/{name}"),
"UniqueID",
&format!("{uid}"),
])
.stdin(std::process::Stdio::null()),
)
.await
.map_err(Self::error)?;
execute_command(
Command::new("/usr/bin/dscl")
.process_group(0)
.args([
".",
"-create",
&format!("/Users/{name}"),
"PrimaryGroupID",
&format!("{gid}"),
])
.stdin(std::process::Stdio::null()),
)
.await
.map_err(Self::error)?;
execute_command(
Command::new("/usr/bin/dscl")
.process_group(0)
.args([
".",
"-create",
&format!("/Users/{name}"),
"NFSHomeDirectory",
"/var/empty",
])
.stdin(std::process::Stdio::null()),
)
.await
.map_err(Self::error)?;
execute_command(
Command::new("/usr/bin/dscl")
.process_group(0)
.args([
".",
"-create",
&format!("/Users/{name}"),
"UserShell",
"/sbin/nologin",
])
.stdin(std::process::Stdio::null()),
)
.await
.map_err(Self::error)?;
execute_command(
Command::new("/usr/bin/dscl")
.process_group(0)
.args([".", "-create", &format!("/Users/{name}"), "IsHidden", "1"])
.stdin(std::process::Stdio::null()),
)
.await
.map_err(Self::error)?;
},
_ => {
if which::which("useradd").is_ok() {
execute_command(
Command::new("useradd")
.process_group(0)
.args([
"--home-dir",
"/var/empty",
"--comment",
&comment,
"--gid",
&gid.to_string(),
"--groups",
&gid.to_string(),
"--no-user-group",
"--system",
"--shell",
"/sbin/nologin",
"--uid",
&uid.to_string(),
"--password",
"!",
name,
])
.stdin(std::process::Stdio::null()),
)
.await
.map_err(Self::error)?;
} else if which::which("adduser").is_ok() {
execute_command(
Command::new("adduser")
.process_group(0)
.args([
"--home",
"/var/empty",
"--gecos",
&comment,
"--ingroup",
groupname,
"--system",
"--shell",
"/sbin/nologin",
"--uid",
&uid.to_string(),
"--disabled-password",
name,
])
.stdin(std::process::Stdio::null()),
)
.await
.map_err(Self::error)?;
} else {
return Err(Self::error(ActionErrorKind::MissingUserCreationCommand));
}
},
}
Ok(())
}
fn revert_description(&self) -> Vec<ActionDescription> {
vec![ActionDescription::new(
format!(
"Delete user `{}` (UID {}) in group {} (GID {})",
self.name, self.uid, self.groupname, self.gid
),
vec![format!(
"The Nix daemon requires system users it can act as in order to build"
)],
)]
}
#[tracing::instrument(level = "debug", skip_all)]
async fn revert(&mut self) -> Result<(), ActionError> {
use OperatingSystem;
match OperatingSystem::host() {
OperatingSystem::MacOSX {
major: _,
minor: _,
patch: _,
}
| OperatingSystem::Darwin => {
// MacOS is a "Special" case
// It's only possible to delete users under certain conditions.
// Documentation on https://it.megocollector.com/macos/cant-delete-a-macos-user-with-dscl-resolution/ and http://www.aixperts.co.uk/?p=214 suggested it was a secure token
// That is correct, however it's a bit more nuanced. It appears to be that a user must be graphically logged in for some other user on the system to be deleted.
let mut command = Command::new("/usr/bin/dscl");
command.args([".", "-delete", &format!("/Users/{}", self.name)]);
command.process_group(0);
command.stdin(std::process::Stdio::null());
let output = command
.output()
.await
.map_err(|e| ActionErrorKind::command(&command, e))
.map_err(Self::error)?;
let stderr = String::from_utf8_lossy(&output.stderr);
match output.status.code() {
Some(0) => (),
Some(40) if stderr.contains("-14120") => {
// The user is on an ephemeral Mac, like detsys uses
// These Macs cannot always delete users, as sometimes there is no graphical login
tracing::warn!("Encountered an exit code 40 with -14120 error while removing user, this is likely because the initial executing user did not have a secure token, or that there was no graphical login session. To delete the user, log in graphically, then run `/usr/bin/dscl . -delete /Users/{}", self.name);
},
_ => {
// Something went wrong
return Err(Self::error(ActionErrorKind::command_output(
&command, output,
)));
},
}
},
_ => {
if which::which("userdel").is_ok() {
execute_command(
Command::new("userdel")
.process_group(0)
.arg(&self.name)
.stdin(std::process::Stdio::null()),
)
.await
.map_err(Self::error)?;
} else if which::which("deluser").is_ok() {
execute_command(
Command::new("deluser")
.process_group(0)
.arg(&self.name)
.stdin(std::process::Stdio::null()),
)
.await
.map_err(Self::error)?;
} else {
return Err(Self::error(ActionErrorKind::MissingUserDeletionCommand));
}
},
};
Ok(())
}
}

View file

@ -0,0 +1,149 @@
use nix::unistd::User;
use target_lexicon::OperatingSystem;
use tokio::process::Command;
use tracing::{span, Span};
use crate::action::{ActionError, ActionErrorKind, ActionTag};
use crate::execute_command;
use crate::action::{Action, ActionDescription, StatefulAction};
/**
Delete an operating system level user
*/
#[derive(Debug, serde::Deserialize, serde::Serialize, Clone)]
pub struct DeleteUser {
name: String,
}
impl DeleteUser {
#[tracing::instrument(level = "debug", skip_all)]
pub async fn plan(name: String) -> Result<StatefulAction<Self>, ActionError> {
let this = Self { name: name.clone() };
match OperatingSystem::host() {
OperatingSystem::MacOSX { .. } | OperatingSystem::Darwin => (),
_ => {
if !(which::which("userdel").is_ok() || which::which("deluser").is_ok()) {
return Err(Self::error(ActionErrorKind::MissingUserDeletionCommand));
}
},
}
// Ensure user exists
let _ = User::from_name(name.as_str())
.map_err(|e| ActionErrorKind::GettingUserId(name.clone(), e))
.map_err(Self::error)?
.ok_or_else(|| ActionErrorKind::NoUser(name.clone()))
.map_err(Self::error)?;
// There is no "StatefulAction::completed" for this action since if the user is to be deleted
// it is an error if it does not exist.
Ok(StatefulAction::uncompleted(this))
}
}
#[async_trait::async_trait]
#[typetag::serde(name = "delete_user")]
impl Action for DeleteUser {
fn action_tag() -> ActionTag {
ActionTag("delete_user")
}
fn tracing_synopsis(&self) -> String {
format!(
"Delete user `{}`, which exists due to a previous install, but is no longer required",
self.name
)
}
fn tracing_span(&self) -> Span {
span!(tracing::Level::DEBUG, "delete_user", user = self.name,)
}
fn execute_description(&self) -> Vec<ActionDescription> {
vec![ActionDescription::new(
self.tracing_synopsis(),
vec![format!(
"Nix with `auto-allocate-uids = true` no longer requires explicitly created users, so this user can be removed"
)],
)]
}
#[tracing::instrument(level = "debug", skip_all)]
async fn execute(&mut self) -> Result<(), ActionError> {
use OperatingSystem;
match OperatingSystem::host() {
OperatingSystem::MacOSX {
major: _,
minor: _,
patch: _,
}
| OperatingSystem::Darwin => {
// MacOS is a "Special" case
// It's only possible to delete users under certain conditions.
// Documentation on https://it.megocollector.com/macos/cant-delete-a-macos-user-with-dscl-resolution/ and http://www.aixperts.co.uk/?p=214 suggested it was a secure token
// That is correct, however it's a bit more nuanced. It appears to be that a user must be graphically logged in for some other user on the system to be deleted.
let mut command = Command::new("/usr/bin/dscl");
command.args([".", "-delete", &format!("/Users/{}", self.name)]);
command.process_group(0);
command.stdin(std::process::Stdio::null());
let output = command
.output()
.await
.map_err(|e| ActionErrorKind::command(&command, e))
.map_err(Self::error)?;
let stderr = String::from_utf8_lossy(&output.stderr);
match output.status.code() {
Some(0) => (),
Some(40) if stderr.contains("-14120") => {
// The user is on an ephemeral Mac, like detsys uses
// These Macs cannot always delete users, as sometimes there is no graphical login
tracing::warn!("Encountered an exit code 40 with -14120 error while removing user, this is likely because the initial executing user did not have a secure token, or that there was no graphical login session. To delete the user, log in graphically, then run `/usr/bin/dscl . -delete /Users/{}", self.name);
},
_ => {
// Something went wrong
return Err(Self::error(ActionErrorKind::command_output(
&command, output,
)));
},
}
},
_ => {
if which::which("userdel").is_ok() {
execute_command(
Command::new("userdel")
.process_group(0)
.arg(&self.name)
.stdin(std::process::Stdio::null()),
)
.await
.map_err(Self::error)?;
} else if which::which("deluser").is_ok() {
execute_command(
Command::new("deluser")
.process_group(0)
.arg(&self.name)
.stdin(std::process::Stdio::null()),
)
.await
.map_err(Self::error)?;
} else {
return Err(Self::error(ActionErrorKind::MissingUserDeletionCommand));
}
},
};
Ok(())
}
fn revert_description(&self) -> Vec<ActionDescription> {
vec![]
}
#[tracing::instrument(level = "debug", skip_all)]
async fn revert(&mut self) -> Result<(), ActionError> {
Ok(())
}
}

View file

@ -1,24 +1,22 @@
//! Base [`Action`](crate::action::Action)s that themselves have no other actions as dependencies //! Base [`Action`](crate::action::Action)s that themselves have no other actions as dependencies
pub(crate) mod add_user_to_group;
pub(crate) mod create_directory; pub(crate) mod create_directory;
pub(crate) mod create_file; pub(crate) mod create_file;
pub(crate) mod create_group; pub(crate) mod create_group;
pub(crate) mod create_or_insert_into_file; pub(crate) mod create_or_insert_into_file;
pub(crate) mod create_or_merge_nix_config; pub(crate) mod create_or_merge_nix_config;
pub(crate) mod create_user; pub(crate) mod delete_user;
pub(crate) mod fetch_and_unpack_nix; pub(crate) mod fetch_and_unpack_nix;
pub(crate) mod move_unpacked_nix; pub(crate) mod move_unpacked_nix;
pub(crate) mod remove_directory; pub(crate) mod remove_directory;
pub(crate) mod setup_default_profile; pub(crate) mod setup_default_profile;
pub use add_user_to_group::AddUserToGroup;
pub use create_directory::CreateDirectory; pub use create_directory::CreateDirectory;
pub use create_file::CreateFile; pub use create_file::CreateFile;
pub use create_group::CreateGroup; pub use create_group::CreateGroup;
pub use create_or_insert_into_file::CreateOrInsertIntoFile; pub use create_or_insert_into_file::CreateOrInsertIntoFile;
pub use create_or_merge_nix_config::CreateOrMergeNixConfig; pub use create_or_merge_nix_config::CreateOrMergeNixConfig;
pub use create_user::CreateUser; pub use delete_user::DeleteUser;
pub use fetch_and_unpack_nix::{FetchAndUnpackNix, FetchUrlError}; pub use fetch_and_unpack_nix::{FetchAndUnpackNix, FetchUrlError};
pub use move_unpacked_nix::{MoveUnpackedNix, MoveUnpackedNixError}; pub use move_unpacked_nix::{MoveUnpackedNix, MoveUnpackedNixError};
pub use remove_directory::RemoveDirectory; pub use remove_directory::RemoveDirectory;

View file

@ -1,278 +0,0 @@
use crate::{
action::{
base::{AddUserToGroup, CreateGroup, CreateUser},
Action, ActionDescription, ActionError, ActionErrorKind, ActionTag, StatefulAction,
},
settings::CommonSettings,
};
use tracing::{span, Span};
#[derive(Debug, serde::Deserialize, serde::Serialize, Clone)]
pub struct CreateUsersAndGroups {
nix_build_user_count: u32,
nix_build_group_name: String,
nix_build_group_id: u32,
nix_build_user_prefix: String,
nix_build_user_id_base: u32,
create_group: StatefulAction<CreateGroup>,
create_users: Vec<StatefulAction<CreateUser>>,
add_users_to_groups: Vec<StatefulAction<AddUserToGroup>>,
}
impl CreateUsersAndGroups {
#[tracing::instrument(level = "debug", skip_all)]
pub async fn plan(settings: CommonSettings) -> Result<StatefulAction<Self>, ActionError> {
let create_group = CreateGroup::plan(
settings.nix_build_group_name.clone(),
settings.nix_build_group_id,
)?;
let mut create_users = Vec::with_capacity(settings.nix_build_user_count as usize);
let mut add_users_to_groups = Vec::with_capacity(settings.nix_build_user_count as usize);
for index in 1..=settings.nix_build_user_count {
create_users.push(
CreateUser::plan(
format!("{}{index}", settings.nix_build_user_prefix),
settings.nix_build_user_id_base + index,
settings.nix_build_group_name.clone(),
settings.nix_build_group_id,
format!("Nix build user {index}"),
)
.await
.map_err(Self::error)?,
);
add_users_to_groups.push(
AddUserToGroup::plan(
format!("{}{index}", settings.nix_build_user_prefix),
settings.nix_build_user_id_base + index,
settings.nix_build_group_name.clone(),
settings.nix_build_group_id,
)
.await
.map_err(Self::error)?,
);
}
Ok(Self {
nix_build_user_count: settings.nix_build_user_count,
nix_build_group_name: settings.nix_build_group_name,
nix_build_group_id: settings.nix_build_group_id,
nix_build_user_prefix: settings.nix_build_user_prefix,
nix_build_user_id_base: settings.nix_build_user_id_base,
create_group,
create_users,
add_users_to_groups,
}
.into())
}
}
#[async_trait::async_trait]
#[typetag::serde(name = "create_users_and_group")]
impl Action for CreateUsersAndGroups {
fn action_tag() -> ActionTag {
ActionTag("create_users_and_group")
}
fn tracing_synopsis(&self) -> String {
format!(
"Create build users (UID {}-{}) and group (GID {})",
self.nix_build_user_id_base,
self.nix_build_user_id_base + self.nix_build_user_count,
self.nix_build_group_id
)
}
fn tracing_span(&self) -> Span {
span!(
tracing::Level::DEBUG,
"create_users_and_group",
nix_build_user_count = self.nix_build_user_count,
nix_build_group_name = self.nix_build_group_name,
nix_build_group_id = self.nix_build_group_id,
nix_build_user_prefix = self.nix_build_user_prefix,
nix_build_user_id_base = self.nix_build_user_id_base,
)
}
fn execute_description(&self) -> Vec<ActionDescription> {
let Self {
nix_build_user_count: _,
nix_build_group_name: _,
nix_build_group_id: _,
nix_build_user_prefix: _,
nix_build_user_id_base: _,
create_group,
create_users,
add_users_to_groups,
} = &self;
let mut create_users_descriptions = Vec::new();
for create_user in create_users {
if let Some(val) = create_user.describe_execute().iter().next() {
create_users_descriptions.push(val.description.clone())
}
}
let mut add_user_to_group_descriptions = Vec::new();
for add_user_to_group in add_users_to_groups {
if let Some(val) = add_user_to_group.describe_execute().iter().next() {
add_user_to_group_descriptions.push(val.description.clone())
}
}
let mut explanation = vec![
format!("The Nix daemon requires system users (and a group they share) which it can act as in order to build"),
];
if let Some(val) = create_group.describe_execute().iter().next() {
explanation.push(val.description.clone())
}
explanation.append(&mut create_users_descriptions);
explanation.append(&mut add_user_to_group_descriptions);
vec![ActionDescription::new(self.tracing_synopsis(), explanation)]
}
#[tracing::instrument(level = "debug", skip_all)]
async fn execute(&mut self) -> Result<(), ActionError> {
let Self {
create_users,
create_group,
add_users_to_groups,
nix_build_user_count: _,
nix_build_group_name: _,
nix_build_group_id: _,
nix_build_user_prefix: _,
nix_build_user_id_base: _,
} = self;
// Create group
create_group.try_execute().await?;
// Mac is apparently not threadsafe here...
use target_lexicon::OperatingSystem;
match OperatingSystem::host() {
OperatingSystem::MacOSX {
major: _,
minor: _,
patch: _,
}
| OperatingSystem::Darwin => {
for create_user in create_users.iter_mut() {
create_user.try_execute().await.map_err(Self::error)?;
}
},
_ => {
for create_user in create_users.iter_mut() {
create_user.try_execute().await.map_err(Self::error)?;
}
// While we may be tempted to do something like this, it can break on many older OSes like Ubuntu 18.04:
// ```
// useradd: cannot lock /etc/passwd; try again later.
// ```
// So, instead, we keep this here in hopes one day we can enable it for some detected OS:
//
// let mut set = JoinSet::new();
// let mut errors: Vec<Box<ActionError>> = Vec::new();
// for (idx, create_user) in create_users.iter_mut().enumerate() {
// let span = tracing::Span::current().clone();
// let mut create_user_clone = create_user.clone();
// let _abort_handle = set.spawn(async move {
// create_user_clone.try_execute().instrument(span).await?;
// Result::<_, _>::Ok((idx, create_user_clone))
// });
// }
// while let Some(result) = set.join_next().await {
// match result {
// Ok(Ok((idx, success))) => create_users[idx] = success,
// Ok(Err(e)) => errors.push(Box::new(e)),
// Err(e) => return Err(ActionErrorKind::Join(e))?,
// };
// }
// if !errors.is_empty() {
// if errors.len() == 1 {
// return Err(errors.into_iter().next().unwrap().into());
// } else {
// return Err(ActionErrorKind::Children(errors));
// }
// }
},
};
for add_user_to_group in add_users_to_groups.iter_mut() {
add_user_to_group.try_execute().await.map_err(Self::error)?;
}
Ok(())
}
fn revert_description(&self) -> Vec<ActionDescription> {
let Self {
nix_build_user_count: _,
nix_build_group_name: _,
nix_build_group_id: _,
nix_build_user_prefix: _,
nix_build_user_id_base: _,
create_group,
create_users,
add_users_to_groups,
} = &self;
let mut create_users_descriptions = Vec::new();
for create_user in create_users {
if let Some(val) = create_user.describe_revert().iter().next() {
create_users_descriptions.push(val.description.clone())
}
}
let mut add_user_to_group_descriptions = Vec::new();
for add_user_to_group in add_users_to_groups {
if let Some(val) = add_user_to_group.describe_revert().iter().next() {
add_user_to_group_descriptions.push(val.description.clone())
}
}
let mut explanation = vec![
format!("The Nix daemon requires system users (and a group they share) which it can act as in order to build"),
];
if let Some(val) = create_group.describe_revert().iter().next() {
explanation.push(val.description.clone())
}
explanation.append(&mut create_users_descriptions);
explanation.append(&mut add_user_to_group_descriptions);
vec![ActionDescription::new(
format!("Remove Nix users and group"),
explanation,
)]
}
#[tracing::instrument(level = "debug", skip_all)]
async fn revert(&mut self) -> Result<(), ActionError> {
let mut errors = vec![];
for create_user in self.create_users.iter_mut() {
if let Err(err) = create_user.try_revert().await {
errors.push(err);
}
}
// We don't actually need to do this, when a user is deleted they are removed from groups
// for add_user_to_group in add_users_to_groups.iter_mut() {
// add_user_to_group.try_revert().await?;
// }
// Create group
if let Err(err) = self.create_group.try_revert().await {
errors.push(err);
}
if errors.is_empty() {
Ok(())
} else if errors.len() == 1 {
Err(errors
.into_iter()
.next()
.expect("Expected 1 len Vec to have at least 1 item"))
} else {
Err(Self::error(ActionErrorKind::MultipleChildren(errors)))
}
}
}

View file

@ -0,0 +1,118 @@
use crate::action::{
base::DeleteUser, Action, ActionDescription, ActionError, ActionErrorKind, ActionTag,
StatefulAction,
};
use tracing::{span, Span};
#[derive(Debug, serde::Deserialize, serde::Serialize, Clone)]
pub struct DeleteUsersInGroup {
group_name: String,
group_id: u32,
delete_users: Vec<StatefulAction<DeleteUser>>,
}
impl DeleteUsersInGroup {
#[tracing::instrument(level = "debug", skip_all)]
pub async fn plan(
group_name: String,
group_id: u32,
users: Vec<String>,
) -> Result<StatefulAction<Self>, ActionError> {
let mut delete_users = vec![];
for users in users {
delete_users.push(DeleteUser::plan(users).await?)
}
Ok(Self {
group_name,
group_id,
delete_users,
}
.into())
}
}
#[async_trait::async_trait]
#[typetag::serde(name = "delete_users_in_group")]
impl Action for DeleteUsersInGroup {
fn action_tag() -> ActionTag {
ActionTag("delete_users_in_group")
}
fn tracing_synopsis(&self) -> String {
format!(
"Delete users part of group `{}` (GID {}), they are part of a previous install and are no longer required with `auto-allocate-uids = true` in nix.conf",
self.group_name,
self.group_id,
)
}
fn tracing_span(&self) -> Span {
span!(
tracing::Level::DEBUG,
"delete_users_in_group",
group_name = self.group_name,
group_id = self.group_id,
)
}
fn execute_description(&self) -> Vec<ActionDescription> {
let mut delete_users_descriptions = Vec::new();
for delete_user in self.delete_users.iter() {
if let Some(val) = delete_user.describe_execute().iter().next() {
delete_users_descriptions.push(val.description.clone())
}
}
let mut explanation = vec![
format!("The `auto-allocate-uids` feature allows Nix to create UIDs dynamically as needed, meaning these users leftover from a previous install can be deleted"),
];
explanation.append(&mut delete_users_descriptions);
vec![ActionDescription::new(self.tracing_synopsis(), explanation)]
}
#[tracing::instrument(level = "debug", skip_all)]
async fn execute(&mut self) -> Result<(), ActionError> {
for delete_user in self.delete_users.iter_mut() {
delete_user.try_execute().await.map_err(Self::error)?;
}
Ok(())
}
fn revert_description(&self) -> Vec<ActionDescription> {
let mut delete_users_descriptions = Vec::new();
for delete_user in self.delete_users.iter() {
if let Some(val) = delete_user.describe_revert().iter().next() {
delete_users_descriptions.push(val.description.clone())
}
}
let mut explanation = vec![
format!("The `auto-allocate-uids` feature allows Nix to create UIDs dynamically as needed, meaning these users leftover from a previous install can be deleted"),
];
explanation.append(&mut delete_users_descriptions);
vec![ActionDescription::new(self.tracing_synopsis(), explanation)]
}
#[tracing::instrument(level = "debug", skip_all)]
async fn revert(&mut self) -> Result<(), ActionError> {
let mut errors = vec![];
for delete_user in self.delete_users.iter_mut() {
if let Err(err) = delete_user.try_revert().await {
errors.push(err);
}
}
if errors.is_empty() {
Ok(())
} else if errors.len() == 1 {
Err(errors
.into_iter()
.next()
.expect("Expected 1 len Vec to have at least 1 item"))
} else {
Err(Self::error(ActionErrorKind::MultipleChildren(errors)))
}
}
}

View file

@ -4,7 +4,7 @@ pub(crate) mod configure_init_service;
pub(crate) mod configure_nix; pub(crate) mod configure_nix;
pub(crate) mod configure_shell_profile; pub(crate) mod configure_shell_profile;
pub(crate) mod create_nix_tree; pub(crate) mod create_nix_tree;
pub(crate) mod create_users_and_groups; pub(crate) mod delete_users;
pub(crate) mod place_nix_configuration; pub(crate) mod place_nix_configuration;
pub(crate) mod provision_nix; pub(crate) mod provision_nix;
@ -12,6 +12,6 @@ pub use configure_init_service::{ConfigureInitService, ConfigureNixDaemonService
pub use configure_nix::ConfigureNix; pub use configure_nix::ConfigureNix;
pub use configure_shell_profile::ConfigureShellProfile; pub use configure_shell_profile::ConfigureShellProfile;
pub use create_nix_tree::CreateNixTree; pub use create_nix_tree::CreateNixTree;
pub use create_users_and_groups::CreateUsersAndGroups; pub use delete_users::DeleteUsersInGroup;
pub use place_nix_configuration::PlaceNixConfiguration; pub use place_nix_configuration::PlaceNixConfiguration;
pub use provision_nix::ProvisionNix; pub use provision_nix::ProvisionNix;

View file

@ -34,7 +34,7 @@ impl PlaceNixConfiguration {
settings.insert("build-users-group".to_string(), nix_build_group_name); settings.insert("build-users-group".to_string(), nix_build_group_name);
settings.insert( settings.insert(
"experimental-features".to_string(), "experimental-features".to_string(),
"nix-command flakes".to_string(), "nix-command flakes auto-allocate-uids".to_string(),
); );
settings.insert("auto-optimise-store".to_string(), "true".to_string()); settings.insert("auto-optimise-store".to_string(), "true".to_string());
settings.insert( settings.insert(
@ -45,6 +45,7 @@ impl PlaceNixConfiguration {
"extra-nix-path".to_string(), "extra-nix-path".to_string(),
"nixpkgs=flake:nixpkgs".to_string(), "nixpkgs=flake:nixpkgs".to_string(),
); );
settings.insert("auto-allocate-uids".to_string(), "true".to_string());
let create_directory = CreateDirectory::plan(NIX_CONF_FOLDER, None, None, 0o0755, force) let create_directory = CreateDirectory::plan(NIX_CONF_FOLDER, None, None, 0o0755, force)
.await .await

View file

@ -1,9 +1,10 @@
use nix::unistd::Group;
use tracing::{span, Span}; use tracing::{span, Span};
use super::{CreateNixTree, CreateUsersAndGroups}; use super::{CreateNixTree, DeleteUsersInGroup};
use crate::{ use crate::{
action::{ action::{
base::{FetchAndUnpackNix, MoveUnpackedNix}, base::{CreateGroup, FetchAndUnpackNix, MoveUnpackedNix},
Action, ActionDescription, ActionError, ActionErrorKind, ActionTag, StatefulAction, Action, ActionDescription, ActionError, ActionErrorKind, ActionTag, StatefulAction,
}, },
settings::{CommonSettings, SCRATCH_DIR}, settings::{CommonSettings, SCRATCH_DIR},
@ -16,7 +17,8 @@ Place Nix and it's requirements onto the target
#[derive(Debug, serde::Deserialize, serde::Serialize, Clone)] #[derive(Debug, serde::Deserialize, serde::Serialize, Clone)]
pub struct ProvisionNix { pub struct ProvisionNix {
fetch_nix: StatefulAction<FetchAndUnpackNix>, fetch_nix: StatefulAction<FetchAndUnpackNix>,
create_users_and_group: StatefulAction<CreateUsersAndGroups>, delete_users_in_group: Option<StatefulAction<DeleteUsersInGroup>>,
create_group: StatefulAction<CreateGroup>,
create_nix_tree: StatefulAction<CreateNixTree>, create_nix_tree: StatefulAction<CreateNixTree>,
move_unpacked_nix: StatefulAction<MoveUnpackedNix>, move_unpacked_nix: StatefulAction<MoveUnpackedNix>,
} }
@ -31,8 +33,41 @@ impl ProvisionNix {
settings.ssl_cert_file.clone(), settings.ssl_cert_file.clone(),
) )
.await?; .await?;
let create_users_and_group = CreateUsersAndGroups::plan(settings.clone())
.await let delete_users_in_group = if let Some(group) =
Group::from_name(settings.nix_build_group_name.as_str())
.map_err(|e| {
ActionErrorKind::GettingGroupId(settings.nix_build_group_name.clone(), e)
})
.map_err(Self::error)?
{
if group.gid.as_raw() != settings.nix_build_group_id {
return Err(Self::error(ActionErrorKind::GroupGidMismatch(
settings.nix_build_group_name.clone(),
group.gid.as_raw(),
settings.nix_build_group_id,
)));
}
if group.mem.is_empty() {
None
} else {
Some(
DeleteUsersInGroup::plan(
settings.nix_build_group_name.clone(),
settings.nix_build_group_id,
group.mem,
)
.await?,
)
}
} else {
None
};
let create_group = CreateGroup::plan(
settings.nix_build_group_name.clone(),
settings.nix_build_group_id,
)
.map_err(Self::error)?; .map_err(Self::error)?;
let create_nix_tree = CreateNixTree::plan().await.map_err(Self::error)?; let create_nix_tree = CreateNixTree::plan().await.map_err(Self::error)?;
let move_unpacked_nix = MoveUnpackedNix::plan(PathBuf::from(SCRATCH_DIR)) let move_unpacked_nix = MoveUnpackedNix::plan(PathBuf::from(SCRATCH_DIR))
@ -40,7 +75,8 @@ impl ProvisionNix {
.map_err(Self::error)?; .map_err(Self::error)?;
Ok(Self { Ok(Self {
fetch_nix, fetch_nix,
create_users_and_group, delete_users_in_group,
create_group,
create_nix_tree, create_nix_tree,
move_unpacked_nix, move_unpacked_nix,
} }
@ -65,14 +101,20 @@ impl Action for ProvisionNix {
fn execute_description(&self) -> Vec<ActionDescription> { fn execute_description(&self) -> Vec<ActionDescription> {
let Self { let Self {
fetch_nix, fetch_nix,
create_users_and_group, delete_users_in_group,
create_group,
create_nix_tree, create_nix_tree,
move_unpacked_nix, move_unpacked_nix,
} = &self; } = &self;
let mut buf = Vec::default(); let mut buf = Vec::default();
buf.append(&mut fetch_nix.describe_execute()); buf.append(&mut fetch_nix.describe_execute());
buf.append(&mut create_users_and_group.describe_execute());
if let Some(delete_users_in_group) = delete_users_in_group {
buf.append(&mut delete_users_in_group.describe_execute());
}
buf.append(&mut create_group.describe_execute());
buf.append(&mut create_nix_tree.describe_execute()); buf.append(&mut create_nix_tree.describe_execute());
buf.append(&mut move_unpacked_nix.describe_execute()); buf.append(&mut move_unpacked_nix.describe_execute());
@ -88,10 +130,14 @@ impl Action for ProvisionNix {
Result::<_, ActionError>::Ok(fetch_nix_clone) Result::<_, ActionError>::Ok(fetch_nix_clone)
}); });
self.create_users_and_group if let Some(delete_users_in_group) = &mut self.delete_users_in_group {
delete_users_in_group
.try_execute() .try_execute()
.await .await
.map_err(Self::error)?; .map_err(Self::error)?;
}
self.create_group.try_execute().await.map_err(Self::error)?;
self.create_nix_tree self.create_nix_tree
.try_execute() .try_execute()
.await .await
@ -112,7 +158,8 @@ impl Action for ProvisionNix {
fn revert_description(&self) -> Vec<ActionDescription> { fn revert_description(&self) -> Vec<ActionDescription> {
let Self { let Self {
fetch_nix, fetch_nix,
create_users_and_group, delete_users_in_group,
create_group,
create_nix_tree, create_nix_tree,
move_unpacked_nix, move_unpacked_nix,
} = &self; } = &self;
@ -120,7 +167,12 @@ impl Action for ProvisionNix {
let mut buf = Vec::default(); let mut buf = Vec::default();
buf.append(&mut move_unpacked_nix.describe_revert()); buf.append(&mut move_unpacked_nix.describe_revert());
buf.append(&mut create_nix_tree.describe_revert()); buf.append(&mut create_nix_tree.describe_revert());
buf.append(&mut create_users_and_group.describe_revert()); buf.append(&mut create_group.describe_revert());
if let Some(delete_users_in_group) = delete_users_in_group {
buf.append(&mut delete_users_in_group.describe_execute());
}
buf.append(&mut fetch_nix.describe_revert()); buf.append(&mut fetch_nix.describe_revert());
buf buf
} }
@ -133,7 +185,14 @@ impl Action for ProvisionNix {
errors.push(err) errors.push(err)
} }
if let Err(err) = self.create_users_and_group.try_revert().await { if let Some(delete_users_in_group) = &mut self.delete_users_in_group {
delete_users_in_group
.try_revert()
.await
.map_err(Self::error)?;
}
if let Err(err) = self.create_group.try_revert().await {
errors.push(err) errors.push(err)
} }
if let Err(err) = self.create_nix_tree.try_revert().await { if let Err(err) = self.create_nix_tree.try_revert().await {

View file

@ -9,12 +9,12 @@ Base actions are things like:
* [`CreateDirectory`](base::CreateDirectory) * [`CreateDirectory`](base::CreateDirectory)
* [`CreateFile`](base::CreateFile) * [`CreateFile`](base::CreateFile)
* [`CreateUser`](base::CreateUser) * [`CreateGroup`](base::CreateGroup)
Composite actions are things like: Composite actions are things like:
* [`CreateNixTree`](common::CreateNixTree) * [`CreateNixTree`](common::CreateNixTree)
* [`CreateUsersAndGroups`](common::CreateUsersAndGroups) * [`ConfigureShellProfile`](common::ConfigureShellProfile)
During their `plan` phase, [`Planner`](crate::planner::Planner)s call an [`Action`]s `plan` function, which may accept any During their `plan` phase, [`Planner`](crate::planner::Planner)s call an [`Action`]s `plan` function, which may accept any
arguments. For example, several 'composite' actions accept a [`CommonSettings`](crate::settings::CommonSettings). Later, the arguments. For example, several 'composite' actions accept a [`CommonSettings`](crate::settings::CommonSettings). Later, the

View file

@ -70,19 +70,6 @@ pub struct CommonSettings {
)] )]
pub modify_profile: bool, pub modify_profile: bool,
/// Number of build users to create
#[cfg_attr(
feature = "cli",
clap(
long,
default_value = "32",
alias = "daemon-user-count",
env = "NIX_INSTALLER_NIX_BUILD_USER_COUNT",
global = true
)
)]
pub nix_build_user_count: u32,
/// The Nix build group name /// The Nix build group name
#[cfg_attr( #[cfg_attr(
feature = "cli", feature = "cli",
@ -107,34 +94,6 @@ pub struct CommonSettings {
)] )]
pub nix_build_group_id: u32, pub nix_build_group_id: u32,
/// The Nix build user prefix (user numbers will be postfixed)
#[cfg_attr(
feature = "cli",
clap(long, env = "NIX_INSTALLER_NIX_BUILD_USER_PREFIX", global = true)
)]
#[cfg_attr(
all(target_os = "macos", feature = "cli"),
clap(default_value = "_nixbld")
)]
#[cfg_attr(
all(target_os = "linux", feature = "cli"),
clap(default_value = "nixbld")
)]
pub nix_build_user_prefix: String,
/// The Nix build user base UID (ascending)
#[cfg_attr(
feature = "cli",
clap(long, env = "NIX_INSTALLER_NIX_BUILD_USER_ID_BASE", global = true)
)]
// Service users on Mac should be between 200-400
#[cfg_attr(all(target_os = "macos", feature = "cli"), clap(default_value_t = 300))]
#[cfg_attr(
all(target_os = "linux", feature = "cli"),
clap(default_value_t = 30_000)
)]
pub nix_build_user_id_base: u32,
/// The Nix package URL /// The Nix package URL
#[cfg_attr( #[cfg_attr(
feature = "cli", feature = "cli",
@ -230,42 +189,30 @@ impl CommonSettings {
/// The default settings for the given Architecture & Operating System /// The default settings for the given Architecture & Operating System
pub async fn default() -> Result<Self, InstallSettingsError> { pub async fn default() -> Result<Self, InstallSettingsError> {
let url; let url;
let nix_build_user_prefix;
let nix_build_user_id_base;
use target_lexicon::{Architecture, OperatingSystem}; use target_lexicon::{Architecture, OperatingSystem};
match (Architecture::host(), OperatingSystem::host()) { match (Architecture::host(), OperatingSystem::host()) {
#[cfg(target_os = "linux")] #[cfg(target_os = "linux")]
(Architecture::X86_64, OperatingSystem::Linux) => { (Architecture::X86_64, OperatingSystem::Linux) => {
url = NIX_X64_64_LINUX_URL; url = NIX_X64_64_LINUX_URL;
nix_build_user_prefix = "nixbld";
nix_build_user_id_base = 30000;
}, },
#[cfg(target_os = "linux")] #[cfg(target_os = "linux")]
(Architecture::X86_32(_), OperatingSystem::Linux) => { (Architecture::X86_32(_), OperatingSystem::Linux) => {
url = NIX_I686_LINUX_URL; url = NIX_I686_LINUX_URL;
nix_build_user_prefix = "nixbld";
nix_build_user_id_base = 30000;
}, },
#[cfg(target_os = "linux")] #[cfg(target_os = "linux")]
(Architecture::Aarch64(_), OperatingSystem::Linux) => { (Architecture::Aarch64(_), OperatingSystem::Linux) => {
url = NIX_AARCH64_LINUX_URL; url = NIX_AARCH64_LINUX_URL;
nix_build_user_prefix = "nixbld";
nix_build_user_id_base = 30000;
}, },
#[cfg(target_os = "macos")] #[cfg(target_os = "macos")]
(Architecture::X86_64, OperatingSystem::MacOSX { .. }) (Architecture::X86_64, OperatingSystem::MacOSX { .. })
| (Architecture::X86_64, OperatingSystem::Darwin) => { | (Architecture::X86_64, OperatingSystem::Darwin) => {
url = NIX_X64_64_DARWIN_URL; url = NIX_X64_64_DARWIN_URL;
nix_build_user_prefix = "_nixbld";
nix_build_user_id_base = 300;
}, },
#[cfg(target_os = "macos")] #[cfg(target_os = "macos")]
(Architecture::Aarch64(_), OperatingSystem::MacOSX { .. }) (Architecture::Aarch64(_), OperatingSystem::MacOSX { .. })
| (Architecture::Aarch64(_), OperatingSystem::Darwin) => { | (Architecture::Aarch64(_), OperatingSystem::Darwin) => {
url = NIX_AARCH64_DARWIN_URL; url = NIX_AARCH64_DARWIN_URL;
nix_build_user_prefix = "_nixbld";
nix_build_user_id_base = 300;
}, },
_ => { _ => {
return Err(InstallSettingsError::UnsupportedArchitecture( return Err(InstallSettingsError::UnsupportedArchitecture(
@ -275,12 +222,9 @@ impl CommonSettings {
}; };
Ok(Self { Ok(Self {
nix_build_user_count: 32,
modify_profile: true, modify_profile: true,
nix_build_group_name: String::from("nixbld"), nix_build_group_name: String::from("nixbld"),
nix_build_group_id: 30_000, nix_build_group_id: 30_000,
nix_build_user_prefix: nix_build_user_prefix.to_string(),
nix_build_user_id_base,
nix_package_url: url.parse()?, nix_package_url: url.parse()?,
proxy: Default::default(), proxy: Default::default(),
extra_conf: Default::default(), extra_conf: Default::default(),
@ -295,11 +239,8 @@ impl CommonSettings {
pub fn settings(&self) -> Result<HashMap<String, serde_json::Value>, InstallSettingsError> { pub fn settings(&self) -> Result<HashMap<String, serde_json::Value>, InstallSettingsError> {
let Self { let Self {
modify_profile, modify_profile,
nix_build_user_count,
nix_build_group_name, nix_build_group_name,
nix_build_group_id, nix_build_group_id,
nix_build_user_prefix,
nix_build_user_id_base,
nix_package_url, nix_package_url,
proxy, proxy,
extra_conf, extra_conf,
@ -314,10 +255,6 @@ impl CommonSettings {
"modify_profile".into(), "modify_profile".into(),
serde_json::to_value(modify_profile)?, serde_json::to_value(modify_profile)?,
); );
map.insert(
"nix_build_user_count".into(),
serde_json::to_value(nix_build_user_count)?,
);
map.insert( map.insert(
"nix_build_group_name".into(), "nix_build_group_name".into(),
serde_json::to_value(nix_build_group_name)?, serde_json::to_value(nix_build_group_name)?,
@ -326,14 +263,6 @@ impl CommonSettings {
"nix_build_group_id".into(), "nix_build_group_id".into(),
serde_json::to_value(nix_build_group_id)?, serde_json::to_value(nix_build_group_id)?,
); );
map.insert(
"nix_build_user_prefix".into(),
serde_json::to_value(nix_build_user_prefix)?,
);
map.insert(
"nix_build_user_id_base".into(),
serde_json::to_value(nix_build_user_id_base)?,
);
map.insert( map.insert(
"nix_package_url".into(), "nix_package_url".into(),
serde_json::to_value(nix_package_url)?, serde_json::to_value(nix_package_url)?,

View file

@ -17,18 +17,14 @@
"action": "provision_nix", "action": "provision_nix",
"fetch_nix": { "fetch_nix": {
"action": { "action": {
"url": "https://releases.nixos.org/nix/nix-2.13.3/nix-2.13.3-x86_64-linux.tar.xz", "url": "https://releases.nixos.org/nix/nix-2.15.0/nix-2.15.0-x86_64-linux.tar.xz",
"dest": "/nix/temp-install-dir" "dest": "/nix/temp-install-dir",
"proxy": null,
"ssl_cert_file": null
}, },
"state": "Uncompleted" "state": "Uncompleted"
}, },
"create_users_and_group": { "delete_users": [],
"action": {
"nix_build_user_count": 32,
"nix_build_group_name": "nixbld",
"nix_build_group_id": 30000,
"nix_build_user_prefix": "nixbld",
"nix_build_user_id_base": 30000,
"create_group": { "create_group": {
"action": { "action": {
"name": "nixbld", "name": "nixbld",
@ -36,628 +32,13 @@
}, },
"state": "Uncompleted" "state": "Uncompleted"
}, },
"create_users": [
{
"action": {
"comment": "Nix build user 1",
"name": "nixbld1",
"uid": 30001,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 2",
"name": "nixbld2",
"uid": 30002,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 3",
"name": "nixbld3",
"uid": 30003,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 4",
"name": "nixbld4",
"uid": 30004,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 5",
"name": "nixbld5",
"uid": 30005,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 6",
"name": "nixbld6",
"uid": 30006,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 7",
"name": "nixbld7",
"uid": 30007,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 8",
"name": "nixbld8",
"uid": 30008,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 9",
"name": "nixbld9",
"uid": 30009,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 10",
"name": "nixbld10",
"uid": 30010,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 11",
"name": "nixbld11",
"uid": 30011,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 12",
"name": "nixbld12",
"uid": 30012,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 13",
"name": "nixbld13",
"uid": 30013,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 14",
"name": "nixbld14",
"uid": 30014,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 15",
"name": "nixbld15",
"uid": 30015,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 16",
"name": "nixbld16",
"uid": 30016,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 17",
"name": "nixbld17",
"uid": 30017,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 18",
"name": "nixbld18",
"uid": 30018,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 19",
"name": "nixbld19",
"uid": 30019,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 20",
"name": "nixbld20",
"uid": 30020,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 21",
"name": "nixbld21",
"uid": 30021,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 22",
"name": "nixbld22",
"uid": 30022,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 23",
"name": "nixbld23",
"uid": 30023,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 24",
"name": "nixbld24",
"uid": 30024,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 25",
"name": "nixbld25",
"uid": 30025,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 26",
"name": "nixbld26",
"uid": 30026,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 27",
"name": "nixbld27",
"uid": 30027,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 28",
"name": "nixbld28",
"uid": 30028,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 29",
"name": "nixbld29",
"uid": 30029,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 30",
"name": "nixbld30",
"uid": 30030,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 31",
"name": "nixbld31",
"uid": 30031,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 32",
"name": "nixbld32",
"uid": 30032,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
}
],
"add_users_to_groups": [
{
"action": {
"name": "nixbld1",
"uid": 30001,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld2",
"uid": 30002,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld3",
"uid": 30003,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld4",
"uid": 30004,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld5",
"uid": 30005,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld6",
"uid": 30006,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld7",
"uid": 30007,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld8",
"uid": 30008,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld9",
"uid": 30009,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld10",
"uid": 30010,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld11",
"uid": 30011,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld12",
"uid": 30012,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld13",
"uid": 30013,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld14",
"uid": 30014,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld15",
"uid": 30015,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld16",
"uid": 30016,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld17",
"uid": 30017,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld18",
"uid": 30018,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld19",
"uid": 30019,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld20",
"uid": 30020,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld21",
"uid": 30021,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld22",
"uid": 30022,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld23",
"uid": 30023,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld24",
"uid": 30024,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld25",
"uid": 30025,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld26",
"uid": 30026,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld27",
"uid": 30027,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld28",
"uid": 30028,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld29",
"uid": 30029,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld30",
"uid": 30030,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld31",
"uid": 30031,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld32",
"uid": 30032,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
}
]
},
"state": "Uncompleted"
},
"create_nix_tree": { "create_nix_tree": {
"action": { "action": {
"create_directories": [ "create_directories": [
{ {
"action": { "action": {
"path": "/nix/var", "path": "/nix/var",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -667,7 +48,7 @@
{ {
"action": { "action": {
"path": "/nix/var/log", "path": "/nix/var/log",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -677,7 +58,7 @@
{ {
"action": { "action": {
"path": "/nix/var/log/nix", "path": "/nix/var/log/nix",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -687,7 +68,7 @@
{ {
"action": { "action": {
"path": "/nix/var/log/nix/drvs", "path": "/nix/var/log/nix/drvs",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -697,7 +78,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix", "path": "/nix/var/nix",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -707,7 +88,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/db", "path": "/nix/var/nix/db",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -717,7 +98,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/gcroots", "path": "/nix/var/nix/gcroots",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -727,7 +108,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/gcroots/per-user", "path": "/nix/var/nix/gcroots/per-user",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -737,7 +118,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/profiles", "path": "/nix/var/nix/profiles",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -747,7 +128,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/profiles/per-user", "path": "/nix/var/nix/profiles/per-user",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -757,7 +138,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/temproots", "path": "/nix/var/nix/temproots",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -767,7 +148,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/userpool", "path": "/nix/var/nix/userpool",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -777,7 +158,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/daemon-socket", "path": "/nix/var/nix/daemon-socket",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -833,7 +214,18 @@
"/etc/zsh/zshrc" "/etc/zsh/zshrc"
] ]
}, },
"create_directories": [], "create_directories": [
{
"action": {
"path": "/usr/share/fish/vendor_conf.d",
"user": null,
"group": null,
"mode": 493,
"force_prune_on_revert": false
},
"state": "Completed"
}
],
"create_or_insert_into_files": [ "create_or_insert_into_files": [
{ {
"action": { "action": {
@ -859,7 +251,7 @@
}, },
{ {
"action": { "action": {
"path": "/etc/zshenv", "path": "/etc/bash.bashrc",
"user": null, "user": null,
"group": null, "group": null,
"mode": 420, "mode": 420,
@ -870,7 +262,7 @@
}, },
{ {
"action": { "action": {
"path": "/etc/bash.bashrc", "path": "/etc/zshrc",
"user": null, "user": null,
"group": null, "group": null,
"mode": 420, "mode": 420,
@ -878,6 +270,17 @@
"position": "Beginning" "position": "Beginning"
}, },
"state": "Uncompleted" "state": "Uncompleted"
},
{
"action": {
"path": "/usr/share/fish/vendor_conf.d/nix.fish",
"user": null,
"group": null,
"mode": 420,
"buf": "\n# Nix\nif test -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish'\n . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish'\nend\n# End Nix\n\n",
"position": "Beginning"
},
"state": "Uncompleted"
} }
] ]
}, },
@ -900,11 +303,12 @@
"path": "/etc/nix/nix.conf", "path": "/etc/nix/nix.conf",
"pending_nix_config": { "pending_nix_config": {
"settings": { "settings": {
"experimental-features": "nix-command flakes", "experimental-features": "nix-command flakes auto-allocate-uids",
"auto-optimise-store": "true",
"extra-nix-path": "nixpkgs=flake:nixpkgs",
"build-users-group": "nixbld", "build-users-group": "nixbld",
"bash-prompt-prefix": "(nix:$name)\\040" "auto-optimise-store": "true",
"bash-prompt-prefix": "(nix:$name)\\040",
"extra-nix-path": "nixpkgs=flake:nixpkgs",
"auto-allocate-uids": "true"
} }
} }
}, },
@ -920,7 +324,8 @@
"action": { "action": {
"action": "configure_init_service", "action": "configure_init_service",
"init": "Systemd", "init": "Systemd",
"start_daemon": true "start_daemon": true,
"ssl_cert_file": null
}, },
"state": "Uncompleted" "state": "Uncompleted"
}, },
@ -936,12 +341,11 @@
"planner": "linux", "planner": "linux",
"settings": { "settings": {
"modify_profile": true, "modify_profile": true,
"nix_build_user_count": 32,
"nix_build_group_name": "nixbld", "nix_build_group_name": "nixbld",
"nix_build_group_id": 30000, "nix_build_group_id": 30000,
"nix_build_user_prefix": "nixbld", "nix_package_url": "https://releases.nixos.org/nix/nix-2.15.0/nix-2.15.0-x86_64-linux.tar.xz",
"nix_build_user_id_base": 30000, "proxy": null,
"nix_package_url": "https://releases.nixos.org/nix/nix-2.13.3/nix-2.13.3-x86_64-linux.tar.xz", "ssl_cert_file": null,
"extra_conf": [], "extra_conf": [],
"force": false, "force": false,
"diagnostic_endpoint": "https://install.determinate.systems/nix/diagnostic" "diagnostic_endpoint": "https://install.determinate.systems/nix/diagnostic"
@ -956,10 +360,11 @@
"planner": "linux", "planner": "linux",
"configured_settings": [], "configured_settings": [],
"os_name": "Ubuntu", "os_name": "Ubuntu",
"os_version": "22.04.1 LTS (Jammy Jellyfish)", "os_version": "22.04.2 LTS (Jammy Jellyfish)",
"triple": "x86_64-unknown-linux-musl", "triple": "x86_64-unknown-linux-musl",
"is_ci": false, "is_ci": false,
"endpoint": "https://install.determinate.systems/nix/diagnostic", "endpoint": "https://install.determinate.systems/nix/diagnostic",
"ssl_cert_file": null,
"failure_chain": null "failure_chain": null
} }
} }

View file

@ -61,18 +61,14 @@
"action": "provision_nix", "action": "provision_nix",
"fetch_nix": { "fetch_nix": {
"action": { "action": {
"url": "https://releases.nixos.org/nix/nix-2.13.3/nix-2.13.3-x86_64-linux.tar.xz", "url": "https://releases.nixos.org/nix/nix-2.15.0/nix-2.15.0-x86_64-linux.tar.xz",
"dest": "/nix/temp-install-dir" "dest": "/nix/temp-install-dir",
"proxy": null,
"ssl_cert_file": null
}, },
"state": "Uncompleted" "state": "Uncompleted"
}, },
"create_users_and_group": { "delete_users": [],
"action": {
"nix_build_user_count": 32,
"nix_build_group_name": "nixbld",
"nix_build_group_id": 30000,
"nix_build_user_prefix": "nixbld",
"nix_build_user_id_base": 30000,
"create_group": { "create_group": {
"action": { "action": {
"name": "nixbld", "name": "nixbld",
@ -80,628 +76,13 @@
}, },
"state": "Uncompleted" "state": "Uncompleted"
}, },
"create_users": [
{
"action": {
"comment": "Nix build user 1",
"name": "nixbld1",
"uid": 30001,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 2",
"name": "nixbld2",
"uid": 30002,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 3",
"name": "nixbld3",
"uid": 30003,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 4",
"name": "nixbld4",
"uid": 30004,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 5",
"name": "nixbld5",
"uid": 30005,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 6",
"name": "nixbld6",
"uid": 30006,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 7",
"name": "nixbld7",
"uid": 30007,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 8",
"name": "nixbld8",
"uid": 30008,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 9",
"name": "nixbld9",
"uid": 30009,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 10",
"name": "nixbld10",
"uid": 30010,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 11",
"name": "nixbld11",
"uid": 30011,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 12",
"name": "nixbld12",
"uid": 30012,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 13",
"name": "nixbld13",
"uid": 30013,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 14",
"name": "nixbld14",
"uid": 30014,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 15",
"name": "nixbld15",
"uid": 30015,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 16",
"name": "nixbld16",
"uid": 30016,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 17",
"name": "nixbld17",
"uid": 30017,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 18",
"name": "nixbld18",
"uid": 30018,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 19",
"name": "nixbld19",
"uid": 30019,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 20",
"name": "nixbld20",
"uid": 30020,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 21",
"name": "nixbld21",
"uid": 30021,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 22",
"name": "nixbld22",
"uid": 30022,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 23",
"name": "nixbld23",
"uid": 30023,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 24",
"name": "nixbld24",
"uid": 30024,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 25",
"name": "nixbld25",
"uid": 30025,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 26",
"name": "nixbld26",
"uid": 30026,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 27",
"name": "nixbld27",
"uid": 30027,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 28",
"name": "nixbld28",
"uid": 30028,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 29",
"name": "nixbld29",
"uid": 30029,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 30",
"name": "nixbld30",
"uid": 30030,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 31",
"name": "nixbld31",
"uid": 30031,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 32",
"name": "nixbld32",
"uid": 30032,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
}
],
"add_users_to_groups": [
{
"action": {
"name": "nixbld1",
"uid": 30001,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld2",
"uid": 30002,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld3",
"uid": 30003,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld4",
"uid": 30004,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld5",
"uid": 30005,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld6",
"uid": 30006,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld7",
"uid": 30007,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld8",
"uid": 30008,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld9",
"uid": 30009,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld10",
"uid": 30010,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld11",
"uid": 30011,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld12",
"uid": 30012,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld13",
"uid": 30013,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld14",
"uid": 30014,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld15",
"uid": 30015,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld16",
"uid": 30016,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld17",
"uid": 30017,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld18",
"uid": 30018,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld19",
"uid": 30019,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld20",
"uid": 30020,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld21",
"uid": 30021,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld22",
"uid": 30022,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld23",
"uid": 30023,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld24",
"uid": 30024,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld25",
"uid": 30025,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld26",
"uid": 30026,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld27",
"uid": 30027,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld28",
"uid": 30028,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld29",
"uid": 30029,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld30",
"uid": 30030,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld31",
"uid": 30031,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
},
{
"action": {
"name": "nixbld32",
"uid": 30032,
"groupname": "nixbld",
"gid": 30000
},
"state": "Uncompleted"
}
]
},
"state": "Uncompleted"
},
"create_nix_tree": { "create_nix_tree": {
"action": { "action": {
"create_directories": [ "create_directories": [
{ {
"action": { "action": {
"path": "/nix/var", "path": "/nix/var",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -711,7 +92,7 @@
{ {
"action": { "action": {
"path": "/nix/var/log", "path": "/nix/var/log",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -721,7 +102,7 @@
{ {
"action": { "action": {
"path": "/nix/var/log/nix", "path": "/nix/var/log/nix",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -731,7 +112,7 @@
{ {
"action": { "action": {
"path": "/nix/var/log/nix/drvs", "path": "/nix/var/log/nix/drvs",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -741,7 +122,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix", "path": "/nix/var/nix",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -751,7 +132,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/db", "path": "/nix/var/nix/db",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -761,7 +142,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/gcroots", "path": "/nix/var/nix/gcroots",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -771,7 +152,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/gcroots/per-user", "path": "/nix/var/nix/gcroots/per-user",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -781,7 +162,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/profiles", "path": "/nix/var/nix/profiles",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -791,7 +172,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/profiles/per-user", "path": "/nix/var/nix/profiles/per-user",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -801,7 +182,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/temproots", "path": "/nix/var/nix/temproots",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -811,7 +192,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/userpool", "path": "/nix/var/nix/userpool",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -821,7 +202,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/daemon-socket", "path": "/nix/var/nix/daemon-socket",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -902,7 +283,7 @@
}, },
{ {
"action": { "action": {
"path": "/etc/zshenv", "path": "/etc/bash.bashrc",
"user": null, "user": null,
"group": null, "group": null,
"mode": 420, "mode": 420,
@ -913,7 +294,7 @@
}, },
{ {
"action": { "action": {
"path": "/etc/bash.bashrc", "path": "/etc/zshrc",
"user": null, "user": null,
"group": null, "group": null,
"mode": 420, "mode": 420,
@ -943,11 +324,12 @@
"path": "/etc/nix/nix.conf", "path": "/etc/nix/nix.conf",
"pending_nix_config": { "pending_nix_config": {
"settings": { "settings": {
"experimental-features": "nix-command flakes",
"auto-optimise-store": "true", "auto-optimise-store": "true",
"bash-prompt-prefix": "(nix:$name)\\040",
"build-users-group": "nixbld", "build-users-group": "nixbld",
"experimental-features": "nix-command flakes auto-allocate-uids",
"extra-nix-path": "nixpkgs=flake:nixpkgs", "extra-nix-path": "nixpkgs=flake:nixpkgs",
"bash-prompt-prefix": "(nix:$name)\\040" "auto-allocate-uids": "true"
} }
} }
}, },
@ -963,7 +345,8 @@
"action": { "action": {
"action": "configure_init_service", "action": "configure_init_service",
"init": "Systemd", "init": "Systemd",
"start_daemon": true "start_daemon": true,
"ssl_cert_file": null
}, },
"state": "Uncompleted" "state": "Uncompleted"
}, },
@ -988,12 +371,11 @@
"persistence": "/home/nix", "persistence": "/home/nix",
"settings": { "settings": {
"modify_profile": true, "modify_profile": true,
"nix_build_user_count": 32,
"nix_build_group_name": "nixbld", "nix_build_group_name": "nixbld",
"nix_build_group_id": 30000, "nix_build_group_id": 30000,
"nix_build_user_prefix": "nixbld", "nix_package_url": "https://releases.nixos.org/nix/nix-2.15.0/nix-2.15.0-x86_64-linux.tar.xz",
"nix_build_user_id_base": 30000, "proxy": null,
"nix_package_url": "https://releases.nixos.org/nix/nix-2.13.3/nix-2.13.3-x86_64-linux.tar.xz", "ssl_cert_file": null,
"extra_conf": [], "extra_conf": [],
"force": false, "force": false,
"diagnostic_endpoint": "https://install.determinate.systems/nix/diagnostic" "diagnostic_endpoint": "https://install.determinate.systems/nix/diagnostic"
@ -1004,10 +386,11 @@
"planner": "steam-deck", "planner": "steam-deck",
"configured_settings": [], "configured_settings": [],
"os_name": "Ubuntu", "os_name": "Ubuntu",
"os_version": "22.04.1 LTS (Jammy Jellyfish)", "os_version": "22.04.2 LTS (Jammy Jellyfish)",
"triple": "x86_64-unknown-linux-musl", "triple": "x86_64-unknown-linux-musl",
"is_ci": false, "is_ci": false,
"endpoint": "https://install.determinate.systems/nix/diagnostic", "endpoint": "https://install.determinate.systems/nix/diagnostic",
"ssl_cert_file": null,
"failure_chain": null "failure_chain": null
} }
} }

View file

@ -4,10 +4,10 @@
{ {
"action": { "action": {
"action": "create_apfs_volume", "action": "create_apfs_volume",
"disk": "disk1", "disk": "disk3",
"name": "Nix Store", "name": "Nix Store",
"case_sensitive": false, "case_sensitive": false,
"encrypt": true, "encrypt": false,
"create_or_append_synthetic_conf": { "create_or_append_synthetic_conf": {
"action": { "action": {
"path": "/etc/synthetic.conf", "path": "/etc/synthetic.conf",
@ -25,14 +25,14 @@
}, },
"unmount_volume": { "unmount_volume": {
"action": { "action": {
"disk": "disk1", "disk": "disk3",
"name": "Nix Store" "name": "Nix Store"
}, },
"state": "Uncompleted" "state": "Uncompleted"
}, },
"create_volume": { "create_volume": {
"action": { "action": {
"disk": "disk1", "disk": "disk3",
"name": "Nix Store", "name": "Nix Store",
"case_sensitive": false "case_sensitive": false
}, },
@ -45,13 +45,7 @@
}, },
"state": "Uncompleted" "state": "Uncompleted"
}, },
"encrypt_volume": { "encrypt_volume": null,
"action": {
"disk": "disk1",
"name": "Nix Store"
},
"state": "Uncompleted"
},
"setup_volume_daemon": { "setup_volume_daemon": {
"action": { "action": {
"path": "/Library/LaunchDaemons/org.nixos.darwin-store.plist", "path": "/Library/LaunchDaemons/org.nixos.darwin-store.plist",
@ -92,637 +86,18 @@
"action": "provision_nix", "action": "provision_nix",
"fetch_nix": { "fetch_nix": {
"action": { "action": {
"url": "https://releases.nixos.org/nix/nix-2.13.2/nix-2.13.2-x86_64-darwin.tar.xz", "url": "https://releases.nixos.org/nix/nix-2.15.0/nix-2.15.0-aarch64-darwin.tar.xz",
"dest": "/nix/temp-install-dir" "dest": "/nix/temp-install-dir",
"proxy": null,
"ssl_cert_file": null
}, },
"state": "Uncompleted" "state": "Uncompleted"
}, },
"create_users_and_group": { "delete_users": [],
"action": {
"nix_build_user_count": 32,
"nix_build_group_name": "nixbld",
"nix_build_group_id": 3000,
"nix_build_user_prefix": "_nixbld",
"nix_build_user_id_base": 300,
"create_group": { "create_group": {
"action": { "action": {
"name": "nixbld", "name": "nixbld",
"gid": 3000 "gid": 30000
},
"state": "Uncompleted"
},
"create_users": [
{
"action": {
"comment": "Nix build user 1",
"name": "_nixbld1",
"uid": 301,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 2",
"name": "_nixbld2",
"uid": 302,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 3",
"name": "_nixbld3",
"uid": 303,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 4",
"name": "_nixbld4",
"uid": 304,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 5",
"name": "_nixbld5",
"uid": 305,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 6",
"name": "_nixbld6",
"uid": 306,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 7",
"name": "_nixbld7",
"uid": 307,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 8",
"name": "_nixbld8",
"uid": 308,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 9",
"name": "_nixbld9",
"uid": 309,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 10",
"name": "_nixbld10",
"uid": 310,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 11",
"name": "_nixbld11",
"uid": 311,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 12",
"name": "_nixbld12",
"uid": 312,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 13",
"name": "_nixbld13",
"uid": 313,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 14",
"name": "_nixbld14",
"uid": 314,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 15",
"name": "_nixbld15",
"uid": 315,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 16",
"name": "_nixbld16",
"uid": 316,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 17",
"name": "_nixbld17",
"uid": 317,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 18",
"name": "_nixbld18",
"uid": 318,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 19",
"name": "_nixbld19",
"uid": 319,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 20",
"name": "_nixbld20",
"uid": 320,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 21",
"name": "_nixbld21",
"uid": 321,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 22",
"name": "_nixbld22",
"uid": 322,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 23",
"name": "_nixbld23",
"uid": 323,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 24",
"name": "_nixbld24",
"uid": 324,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 25",
"name": "_nixbld25",
"uid": 325,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 26",
"name": "_nixbld26",
"uid": 326,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 27",
"name": "_nixbld27",
"uid": 327,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 28",
"name": "_nixbld28",
"uid": 328,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 29",
"name": "_nixbld29",
"uid": 329,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 30",
"name": "_nixbld30",
"uid": 330,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 31",
"name": "_nixbld31",
"uid": 331,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"comment": "Nix build user 32",
"name": "_nixbld32",
"uid": 332,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
}
],
"add_users_to_groups": [
{
"action": {
"name": "_nixbld1",
"uid": 301,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld2",
"uid": 302,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld3",
"uid": 303,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld4",
"uid": 304,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld5",
"uid": 305,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld6",
"uid": 306,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld7",
"uid": 307,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld8",
"uid": 308,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld9",
"uid": 309,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld10",
"uid": 310,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld11",
"uid": 311,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld12",
"uid": 312,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld13",
"uid": 313,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld14",
"uid": 314,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld15",
"uid": 315,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld16",
"uid": 316,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld17",
"uid": 317,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld18",
"uid": 318,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld19",
"uid": 319,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld20",
"uid": 320,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld21",
"uid": 321,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld22",
"uid": 322,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld23",
"uid": 323,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld24",
"uid": 324,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld25",
"uid": 325,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld26",
"uid": 326,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld27",
"uid": 327,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld28",
"uid": 328,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld29",
"uid": 329,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld30",
"uid": 330,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld31",
"uid": 331,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
},
{
"action": {
"name": "_nixbld32",
"uid": 332,
"groupname": "nixbld",
"gid": 3000
},
"state": "Uncompleted"
}
]
}, },
"state": "Uncompleted" "state": "Uncompleted"
}, },
@ -732,7 +107,7 @@
{ {
"action": { "action": {
"path": "/nix/var", "path": "/nix/var",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -742,7 +117,7 @@
{ {
"action": { "action": {
"path": "/nix/var/log", "path": "/nix/var/log",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -752,7 +127,7 @@
{ {
"action": { "action": {
"path": "/nix/var/log/nix", "path": "/nix/var/log/nix",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -762,7 +137,7 @@
{ {
"action": { "action": {
"path": "/nix/var/log/nix/drvs", "path": "/nix/var/log/nix/drvs",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -772,7 +147,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix", "path": "/nix/var/nix",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -782,7 +157,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/db", "path": "/nix/var/nix/db",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -792,7 +167,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/gcroots", "path": "/nix/var/nix/gcroots",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -802,7 +177,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/gcroots/per-user", "path": "/nix/var/nix/gcroots/per-user",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -812,7 +187,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/profiles", "path": "/nix/var/nix/profiles",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -822,7 +197,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/profiles/per-user", "path": "/nix/var/nix/profiles/per-user",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -832,7 +207,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/temproots", "path": "/nix/var/nix/temproots",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -842,7 +217,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/userpool", "path": "/nix/var/nix/userpool",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -852,7 +227,7 @@
{ {
"action": { "action": {
"path": "/nix/var/nix/daemon-socket", "path": "/nix/var/nix/daemon-socket",
"user": null, "user": "root",
"group": null, "group": null,
"mode": 493, "mode": 493,
"force_prune_on_revert": false "force_prune_on_revert": false
@ -877,12 +252,6 @@
"action": "configure_nix", "action": "configure_nix",
"setup_default_profile": { "setup_default_profile": {
"action": { "action": {
"channels": [
[
"nixpkgs",
"https://nixos.org/channels/nixpkgs-unstable"
]
],
"unpacked_path": "/nix/temp-install-dir" "unpacked_path": "/nix/temp-install-dir"
}, },
"state": "Uncompleted" "state": "Uncompleted"
@ -921,18 +290,7 @@
"path": "/etc/bashrc", "path": "/etc/bashrc",
"user": null, "user": null,
"group": null, "group": null,
"mode": 33060, "mode": 420,
"buf": "\n# Nix\nif [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then\n . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'\nfi\n# End Nix\n\n \n",
"position": "Beginning"
},
"state": "Uncompleted"
},
{
"action": {
"path": "/etc/zshenv",
"user": null,
"group": null,
"mode": 33060,
"buf": "\n# Nix\nif [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then\n . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'\nfi\n# End Nix\n\n \n", "buf": "\n# Nix\nif [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then\n . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'\nfi\n# End Nix\n\n \n",
"position": "Beginning" "position": "Beginning"
}, },
@ -943,7 +301,18 @@
"path": "/etc/bash.bashrc", "path": "/etc/bash.bashrc",
"user": null, "user": null,
"group": null, "group": null,
"mode": 33060, "mode": 420,
"buf": "\n# Nix\nif [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then\n . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'\nfi\n# End Nix\n\n \n",
"position": "Beginning"
},
"state": "Uncompleted"
},
{
"action": {
"path": "/etc/zshrc",
"user": null,
"group": null,
"mode": 420,
"buf": "\n# Nix\nif [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then\n . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'\nfi\n# End Nix\n\n \n", "buf": "\n# Nix\nif [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then\n . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'\nfi\n# End Nix\n\n \n",
"position": "Beginning" "position": "Beginning"
}, },
@ -970,10 +339,12 @@
"path": "/etc/nix/nix.conf", "path": "/etc/nix/nix.conf",
"pending_nix_config": { "pending_nix_config": {
"settings": { "settings": {
"bash-prompt-prefix": "(nix:$name)\\040", "experimental-features": "nix-command flakes auto-allocate-uids",
"extra-nix-path": "nixpkgs=flake:nixpkgs",
"auto-optimise-store": "true", "auto-optimise-store": "true",
"build-users-group": "nixbld", "build-users-group": "nixbld",
"experimental-features": "nix-command flakes" "bash-prompt-prefix": "(nix:$name)\\040",
"auto-allocate-uids": "true"
} }
} }
}, },
@ -989,7 +360,15 @@
"action": { "action": {
"action": "configure_init_service", "action": "configure_init_service",
"init": "Launchd", "init": "Launchd",
"start_daemon": true "start_daemon": true,
"ssl_cert_file": null
},
"state": "Uncompleted"
},
{
"action": {
"action": "remove_directory",
"path": "/nix/temp-install-dir"
}, },
"state": "Uncompleted" "state": "Uncompleted"
} }
@ -997,25 +376,31 @@
"planner": { "planner": {
"planner": "macos", "planner": "macos",
"settings": { "settings": {
"channels": [
[
"nixpkgs",
"https://nixos.org/channels/nixpkgs-unstable"
]
],
"modify_profile": true, "modify_profile": true,
"nix_build_user_count": 32,
"nix_build_group_name": "nixbld", "nix_build_group_name": "nixbld",
"nix_build_group_id": 3000, "nix_build_group_id": 30000,
"nix_build_user_prefix": "_nixbld", "nix_package_url": "https://releases.nixos.org/nix/nix-2.15.0/nix-2.15.0-aarch64-darwin.tar.xz",
"nix_build_user_id_base": 300, "proxy": null,
"nix_package_url": "https://releases.nixos.org/nix/nix-2.13.2/nix-2.13.2-x86_64-darwin.tar.xz", "ssl_cert_file": null,
"extra_conf": [], "extra_conf": [],
"force": false "force": false,
"diagnostic_endpoint": "https://install.determinate.systems/nix/diagnostic"
}, },
"encrypt": null, "encrypt": null,
"case_sensitive": false, "case_sensitive": false,
"volume_label": "Nix Store", "volume_label": "Nix Store",
"root_disk": "disk1" "root_disk": "disk3"
},
"diagnostic_data": {
"version": "0.8.1-unreleased",
"planner": "macos",
"configured_settings": [],
"os_name": "unknown",
"os_version": "unknown",
"triple": "aarch64-apple-darwin",
"is_ci": false,
"endpoint": "https://install.determinate.systems/nix/diagnostic",
"ssl_cert_file": null,
"failure_chain": null
} }
} }