diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/misc/nix-daemon.nix')
| -rw-r--r-- | nixpkgs/nixos/modules/services/misc/nix-daemon.nix | 89 |
1 files changed, 24 insertions, 65 deletions
diff --git a/nixpkgs/nixos/modules/services/misc/nix-daemon.nix b/nixpkgs/nixos/modules/services/misc/nix-daemon.nix index 3826f728afd..ff4e4f5b97d 100644 --- a/nixpkgs/nixos/modules/services/misc/nix-daemon.nix +++ b/nixpkgs/nixos/modules/services/misc/nix-daemon.nix @@ -10,7 +10,7 @@ let nixVersion = getVersion nix; - isNix20 = versionAtLeast nixVersion "2.0pre"; + isNix23 = versionAtLeast nixVersion "2.3pre"; makeNixBuildUser = nr: { name = "nixbld${toString nr}"; @@ -27,43 +27,30 @@ let nixbldUsers = map makeNixBuildUser (range 1 cfg.nrBuildUsers); nixConf = - let - # In Nix < 2.0, If we're using sandbox for builds, then provide - # /bin/sh in the sandbox as a bind-mount to bash. This means we - # also need to include the entire closure of bash. Nix >= 2.0 - # provides a /bin/sh by default. - sh = pkgs.runtimeShell; - binshDeps = pkgs.writeReferencesToFile sh; - in - pkgs.runCommand "nix.conf" { preferLocalBuild = true; extraOptions = cfg.extraOptions; } ('' - ${optionalString (!isNix20) '' - extraPaths=$(for i in $(cat ${binshDeps}); do if test -d $i; then echo $i; fi; done) - ''} + assert versionAtLeast nixVersion "2.2"; + pkgs.runCommand "nix.conf" { preferLocalBuild = true; extraOptions = cfg.extraOptions; } ( + '' cat > $out <<END # WARNING: this file is generated from the nix.* options in # your NixOS configuration, typically # /etc/nixos/configuration.nix. Do not edit it! build-users-group = nixbld - ${if isNix20 then "max-jobs" else "build-max-jobs"} = ${toString (cfg.maxJobs)} - ${if isNix20 then "cores" else "build-cores"} = ${toString (cfg.buildCores)} - ${if isNix20 then "sandbox" else "build-use-sandbox"} = ${if (builtins.isBool cfg.useSandbox) then boolToString cfg.useSandbox else cfg.useSandbox} - ${if isNix20 then "extra-sandbox-paths" else "build-sandbox-paths"} = ${toString cfg.sandboxPaths} ${optionalString (!isNix20) "/bin/sh=${sh} $(echo $extraPaths)"} - ${if isNix20 then "substituters" else "binary-caches"} = ${toString cfg.binaryCaches} - ${if isNix20 then "trusted-substituters" else "trusted-binary-caches"} = ${toString cfg.trustedBinaryCaches} - ${if isNix20 then "trusted-public-keys" else "binary-cache-public-keys"} = ${toString cfg.binaryCachePublicKeys} + max-jobs = ${toString (cfg.maxJobs)} + cores = ${toString (cfg.buildCores)} + sandbox = ${if (builtins.isBool cfg.useSandbox) then boolToString cfg.useSandbox else cfg.useSandbox} + extra-sandbox-paths = ${toString cfg.sandboxPaths} + substituters = ${toString cfg.binaryCaches} + trusted-substituters = ${toString cfg.trustedBinaryCaches} + trusted-public-keys = ${toString cfg.binaryCachePublicKeys} auto-optimise-store = ${boolToString cfg.autoOptimiseStore} - ${if isNix20 then '' - require-sigs = ${if cfg.requireSignedBinaryCaches then "true" else "false"} - '' else '' - signed-binary-caches = ${if cfg.requireSignedBinaryCaches then "*" else ""} - ''} + require-sigs = ${if cfg.requireSignedBinaryCaches then "true" else "false"} trusted-users = ${toString cfg.trustedUsers} allowed-users = ${toString cfg.allowedUsers} - ${optionalString (isNix20 && !cfg.distributedBuilds) '' + ${optionalString (!cfg.distributedBuilds) '' builders = ''} system-features = ${toString cfg.systemFeatures} - ${optionalString (versionAtLeast nixVersion "2.3pre") '' + ${optionalString isNix23 '' sandbox-fallback = false ''} $extraOptions @@ -74,7 +61,7 @@ let '' else '' echo "Checking that Nix can read nix.conf..." ln -s $out ./nix.conf - NIX_CONF_DIR=$PWD ${cfg.package}/bin/nix show-config >/dev/null + NIX_CONF_DIR=$PWD ${cfg.package}/bin/nix show-config ${optionalString isNix23 "--no-net"} >/dev/null '') ); @@ -421,8 +408,7 @@ in systemd.services.nix-daemon = { path = [ nix pkgs.utillinux config.programs.ssh.package ] - ++ optionals cfg.distributedBuilds [ pkgs.gzip ] - ++ optionals (!isNix20) [ pkgs.openssl.bin ]; + ++ optionals cfg.distributedBuilds [ pkgs.gzip ]; environment = cfg.envVars // { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-certificates.crt"; } @@ -439,34 +425,13 @@ in restartTriggers = [ nixConf ]; }; - nix.envVars = - optionalAttrs (!isNix20) { - NIX_CONF_DIR = "/etc/nix"; - - # Enable the copy-from-other-stores substituter, which allows - # builds to be sped up by copying build results from remote - # Nix stores. To do this, mount the remote file system on a - # subdirectory of /run/nix/remote-stores. - NIX_OTHER_STORES = "/run/nix/remote-stores/*/nix"; - } - - // optionalAttrs (cfg.distributedBuilds && !isNix20) { - NIX_BUILD_HOOK = "${nix}/libexec/nix/build-remote.pl"; - }; - # Set up the environment variables for running Nix. environment.sessionVariables = cfg.envVars // { NIX_PATH = cfg.nixPath; }; - environment.extraInit = optionalString (!isNix20) + environment.extraInit = '' - # Set up secure multi-user builds: non-root users build through the - # Nix daemon. - if [ "$USER" != root -o ! -w /nix/var/nix/db ]; then - export NIX_REMOTE=daemon - fi - '' + '' if [ -e "$HOME/.nix-defexpr/channels" ]; then export NIX_PATH="$HOME/.nix-defexpr/channels''${NIX_PATH:+:$NIX_PATH}" fi @@ -478,21 +443,15 @@ in services.xserver.displayManager.hiddenUsers = map ({ name, ... }: name) nixbldUsers; - # FIXME: use systemd-tmpfiles to create Nix directories. system.activationScripts.nix = stringAfter [ "etc" "users" ] '' - # Nix initialisation. - install -m 0755 -d \ - /nix/var/nix/gcroots \ - /nix/var/nix/temproots \ - /nix/var/nix/userpool \ - /nix/var/nix/profiles \ - /nix/var/nix/db \ - /nix/var/log/nix/drvs - install -m 1777 -d \ - /nix/var/nix/gcroots/per-user \ - /nix/var/nix/profiles/per-user \ - /nix/var/nix/gcroots/tmp + # Create directories in /nix. + ${nix}/bin/nix ping-store --no-net + + # Subscribe the root user to the NixOS channel by default. + if [ ! -e "/root/.nix-channels" ]; then + echo "${config.system.defaultChannel} nixos" > "/root/.nix-channels" + fi ''; nix.systemFeatures = mkDefault ( |