a413594baf
On a systemd-based Linux distribution: If the user has previously had multi-user Nix installed on the system, removed it and then reinstalled multi-user Nix again the old nix-daemon.service will still be running when `scripts/install-systemd-multi-user.sh` tries to start it which results in nothing being done and the old daemon continuing its run. When a normal user then tries to use Nix through the daemon the nix binary will fail to connect to the nix-daemon as it does not belong to the currently installed Nix system. See below for steps to reproduce the issue that motivated this change. $ sh <(curl https://nixos.org/nix/install) --daemon $ sudo rm -rf /etc/nix /nix /root/.nix-profile /root/.nix-defexpr /root/.nix-channels /home/nix-installer/.nix-profile /home/nix-installer/.nix-defexpr /home/nix-installer/.nix-channels ~/.nix-channels ~/.nix-defexpr/ ~/.nix-profile /etc/profile.d/nix.sh.backup-before-nix /etc/profile.d/nix.sh; sed -i '/added by Nix installer$/d' ~/.bash_profile $ unset NIX_REMOTE $ sh <(curl https://nixos.org/nix/install) --daemon └$ export NIX_REMOTE=daemon └$ nix-env -iA nixpkgs.hello installing 'hello-2.10' error: cannot connect to daemon at '/nix/var/nix/daemon-socket/socket': No such file or directory (use '--show-trace' to show detailed location information) └$ sudo systemctl restart nix-daemon.service └$ nix-env -iA nixpkgs.hello installing 'hello-2.10' these paths will be fetched (6.09 MiB download, 27.04 MiB unpacked): /nix/store/2g75chlbpxlrqn15zlby2dfh8hr9qwbk-hello-2.10 /nix/store/aag9d1y4wcddzzrpfmfp9lcmc7skd7jk-glibc-2.27 copying path '/nix/store/aag9d1y4wcddzzrpfmfp9lcmc7skd7jk-glibc-2.27' from 'https://cache.nixos.org'... copying path '/nix/store/2g75chlbpxlrqn15zlby2dfh8hr9qwbk-hello-2.10' from 'https://cache.nixos.org'... building '/nix/store/w9adagg6vlikr799nkkqc9la5hbbpgmi-user-environment.drv'... created 2 symlinks in user environment
188 lines
4.5 KiB
Bash
Executable file
188 lines
4.5 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
|
|
set -eu
|
|
set -o pipefail
|
|
|
|
readonly SERVICE_SRC=/lib/systemd/system/nix-daemon.service
|
|
readonly SERVICE_DEST=/etc/systemd/system/nix-daemon.service
|
|
|
|
readonly SOCKET_SRC=/lib/systemd/system/nix-daemon.socket
|
|
readonly SOCKET_DEST=/etc/systemd/system/nix-daemon.socket
|
|
|
|
|
|
# Path for the systemd override unit file to contain the proxy settings
|
|
readonly SERVICE_OVERRIDE=${SERVICE_DEST}.d/override.conf
|
|
|
|
create_systemd_override() {
|
|
header "Configuring proxy for the nix-daemon service"
|
|
_sudo "create directory for systemd unit override" mkdir -p "$(dirname $SERVICE_OVERRIDE)"
|
|
cat <<EOF | _sudo "create systemd unit override" tee "$SERVICE_OVERRIDE"
|
|
[Service]
|
|
$1
|
|
EOF
|
|
}
|
|
|
|
# Gather all non-empty proxy environment variables into a string
|
|
create_systemd_proxy_env() {
|
|
vars="http_proxy https_proxy ftp_proxy no_proxy HTTP_PROXY HTTPS_PROXY FTP_PROXY NO_PROXY"
|
|
for v in $vars; do
|
|
if [ "x${!v:-}" != "x" ]; then
|
|
echo "Environment=${v}=${!v}"
|
|
fi
|
|
done
|
|
}
|
|
|
|
handle_network_proxy() {
|
|
# Create a systemd unit override with proxy environment variables
|
|
# if any proxy environment variables are not empty.
|
|
PROXY_ENV_STRING=$(create_systemd_proxy_env)
|
|
if [ -n "${PROXY_ENV_STRING}" ]; then
|
|
create_systemd_override "${PROXY_ENV_STRING}"
|
|
fi
|
|
}
|
|
|
|
poly_validate_assumptions() {
|
|
if [ "$(uname -s)" != "Linux" ]; then
|
|
failure "This script is for use with Linux!"
|
|
fi
|
|
}
|
|
|
|
poly_service_installed_check() {
|
|
[ "$(systemctl is-enabled nix-daemon.service)" = "linked" ] \
|
|
|| [ "$(systemctl is-enabled nix-daemon.socket)" = "enabled" ]
|
|
}
|
|
|
|
poly_service_uninstall_directions() {
|
|
cat <<EOF
|
|
$1. Delete the systemd service and socket units
|
|
|
|
sudo systemctl stop nix-daemon.socket
|
|
sudo systemctl stop nix-daemon.service
|
|
sudo systemctl disable nix-daemon.socket
|
|
sudo systemctl disable nix-daemon.service
|
|
sudo systemctl daemon-reload
|
|
EOF
|
|
}
|
|
|
|
poly_service_setup_note() {
|
|
cat <<EOF
|
|
- load and start a service (at $SERVICE_DEST
|
|
and $SOCKET_DEST) for nix-daemon
|
|
|
|
EOF
|
|
}
|
|
|
|
poly_configure_nix_daemon_service() {
|
|
_sudo "to set up the nix-daemon service" \
|
|
systemctl link "/nix/var/nix/profiles/default$SERVICE_SRC"
|
|
|
|
_sudo "to set up the nix-daemon socket service" \
|
|
systemctl enable "/nix/var/nix/profiles/default$SOCKET_SRC"
|
|
|
|
handle_network_proxy
|
|
|
|
_sudo "to load the systemd unit for nix-daemon" \
|
|
systemctl daemon-reload
|
|
|
|
_sudo "to start the nix-daemon.socket" \
|
|
systemctl start nix-daemon.socket
|
|
|
|
_sudo "to start the nix-daemon.service" \
|
|
systemctl restart nix-daemon.service
|
|
|
|
}
|
|
|
|
poly_group_exists() {
|
|
getent group "$1" > /dev/null 2>&1
|
|
}
|
|
|
|
poly_group_id_get() {
|
|
getent group "$1" | cut -d: -f3
|
|
}
|
|
|
|
poly_create_build_group() {
|
|
_sudo "Create the Nix build group, $NIX_BUILD_GROUP_NAME" \
|
|
groupadd -g "$NIX_BUILD_GROUP_ID" --system \
|
|
"$NIX_BUILD_GROUP_NAME" >&2
|
|
}
|
|
|
|
poly_user_exists() {
|
|
getent passwd "$1" > /dev/null 2>&1
|
|
}
|
|
|
|
poly_user_id_get() {
|
|
getent passwd "$1" | cut -d: -f3
|
|
}
|
|
|
|
poly_user_hidden_get() {
|
|
echo "1"
|
|
}
|
|
|
|
poly_user_hidden_set() {
|
|
true
|
|
}
|
|
|
|
poly_user_home_get() {
|
|
getent passwd "$1" | cut -d: -f6
|
|
}
|
|
|
|
poly_user_home_set() {
|
|
_sudo "in order to give $1 a safe home directory" \
|
|
usermod --home "$2" "$1"
|
|
}
|
|
|
|
poly_user_note_get() {
|
|
getent passwd "$1" | cut -d: -f5
|
|
}
|
|
|
|
poly_user_note_set() {
|
|
_sudo "in order to give $1 a useful comment" \
|
|
usermod --comment "$2" "$1"
|
|
}
|
|
|
|
poly_user_shell_get() {
|
|
getent passwd "$1" | cut -d: -f7
|
|
}
|
|
|
|
poly_user_shell_set() {
|
|
_sudo "in order to prevent $1 from logging in" \
|
|
usermod --shell "$2" "$1"
|
|
}
|
|
|
|
poly_user_in_group_check() {
|
|
groups "$1" | grep -q "$2" > /dev/null 2>&1
|
|
}
|
|
|
|
poly_user_in_group_set() {
|
|
_sudo "Add $1 to the $2 group"\
|
|
usermod --append --groups "$2" "$1"
|
|
}
|
|
|
|
poly_user_primary_group_get() {
|
|
getent passwd "$1" | cut -d: -f4
|
|
}
|
|
|
|
poly_user_primary_group_set() {
|
|
_sudo "to let the nix daemon use this user for builds (this might seem redundant, but there are two concepts of group membership)" \
|
|
usermod --gid "$2" "$1"
|
|
|
|
}
|
|
|
|
poly_create_build_user() {
|
|
username=$1
|
|
uid=$2
|
|
builder_num=$3
|
|
|
|
_sudo "Creating the Nix build user, $username" \
|
|
useradd \
|
|
--home-dir /var/empty \
|
|
--comment "Nix build user $builder_num" \
|
|
--gid "$NIX_BUILD_GROUP_ID" \
|
|
--groups "$NIX_BUILD_GROUP_NAME" \
|
|
--no-user-group \
|
|
--system \
|
|
--shell /sbin/nologin \
|
|
--uid "$uid" \
|
|
--password "!" \
|
|
"$username"
|
|
}
|