diff options
Diffstat (limited to 'system/nix/README')
-rw-r--r-- | system/nix/README | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/system/nix/README b/system/nix/README new file mode 100644 index 0000000000000..e59a68ec39fcf --- /dev/null +++ b/system/nix/README @@ -0,0 +1,46 @@ +nix (functional package manager) + +Nix is a purely functional package manager. This means that it treats packages +like values in purely functional programming languages such as Haskell -- they +are built by functions that don't have side-effects, and they never change +after they have been built. Nix stores packages in the Nix store, usually the +directory /nix/store, where each package has its own unique subdirectory such +as + + /nix/store/b6gvzjyb2pg0kjfwrjmg1vfhh54ad73z-firefox-33.1/ + +where b6gvzjyb2pg0... is a unique identifier for the package that captures all +its dependencies (it's a cryptographic hash of the package's build dependency +graph). + +Nix may be run in single or multi-user mode (which requires the nix-daemon). To +have the nix daemon start and stop with your host, add to /etc/rc.d/rc.local: + + if [ -x /etc/rc.d/rc.nix ]; then + /etc/rc.d/rc.nix start + fi + +and to /etc/rc.d/rc.local_shutdown (creating it if needed): + + if [ -x /etc/rc.d/rc.nix ]; then + /etc/rc.d/rc.nix stop + fi + +The daemon requires users for building the nix packages, which should be added +under the 'nixbld' group. + + groupadd -g 314 nixbld + for n in $(seq 1 10); do useradd -c "Nix build user $n" \ + -d /var/empty -g nixbld -G nixbld -M -N -r -s "$(which nologin)" \ + nixbld$n; done + +Restricting access to the daemon is acheived by setting file permissions for +the daemon's socket's folder. + + chgrp nix-users /nix/var/nix/daemon-socket + chmod ug=rwx,o= /nix/var/nix/daemon-socket + +Correct permissions must also be set for the following profile directories to give users access. + + /nix/var/nix/profiles + /var/nix/profiles |