Why do this?
Let's just say I want to restrict all users from polluting /nix/store but still allow them to use Nix toolchains.
Installation
fish
sh (curl -L https://nixos.org/nix/install | psub) --daemon
zsh
sh =(curl -L https://nixos.org/nix/install) --daemon
bash
sh <(curl -L https://nixos.org/nix/install) --daemon
Replace channel
When you list the channel in a normal way you will get an empty list.
nix-channel --list
However, when you run it as a superuser then you will see nixpkgs channel.
This channel is available to all users. Let's make this channel only accessible to you!
1. Remove default channel
sudo nix-channel --remove nixpkgs
2. Re-add channel
nix-channel --add https://nixos.org/channels/nixpkgs-unstable
3. Add yourself to the group
sudo groupadd -r nixbld
sudo useradd -c "Nix build user $USER" \
-d /var/empty -g nixbld -G nixbld \
-M -N -r -s "$(which nologin)" \
nixbld_$USER
For fish user: remove
"and$so that it would be(which nologin)
4. Update nix channel and toolchains
To update channel
nix-channel --update
if you get a permission error and
sysemctl status nix-daemonhas FAIL messages, try rebooting your system
Optionally, upgrade all Nix toolchains
nix-env -iA nixpkgs.nix nixpkgs.cacert
systemctl daemon-reload
systemctl restart nix-daemon
5. Fixing NIX_PATH
Comment for
#2033
If I understand things correctly I believe your issues could be solved by adding the following line (which this issue is proposing should be included by default) to your $HOME/.zshrc (or other startup file depending on your preferences):
export NIX_PATH=$NIX_PATH:$HOME/.nix-defexpr/channels
I'm still learning Nix myself so I don't have context on why that is not the default already. Let me know if that doesn't work and we can try to keep debugging things
echo "export NIX_PATH=$NIX_PATH:$HOME/.nix-defexpr/channels" >> ~/.profile
(in my case, I add it to my .xprofile)
if you don't do this, nix-shell will complain:
Default Nix installations don't include user channels in NIX_PATH, causing inconsistent tool behavior
#2033
Should Nix installations include $HOME/.nix-defexpr/channels in the NIX_PATH? Should it appear before or after root channels?
nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels
$ nix-channel --list
nixpkgsunstable https://nixos.org/channels/nixpkgs-unstable
$ nix-env -iA nixpkgsunstable.git
installing 'git-minimal-2.16.2'
$ nix-shell -p nixpkgsunstable.git
error: undefined variable 'nixpkgsunstable' at (string):1:94
(use '--show-trace' to show detailed location information)
$ nix-shell '<nixpkgsunstable>' -p git
error: file 'nixpkgsunstable' was not found in the Nix search path (add it using $NIX_PATH or -I), at (string):1:94
(use '--show-trace' to show detailed location information)
$ nix-build '<nixpkgsunstable>' -A git
error: file 'nixpkgsunstable' was not found in the Nix search path (add it using $NIX_PATH or -I)
vs:
$ export NIX_PATH=$NIX_PATH:$HOME/.nix-defexpr/channels
$ nix-env -iA nixpkgsunstable.git
replacing old 'git-minimal-2.16.2'
installing 'git-minimal-2.16.2'
$ nix-shell -p nixpkgsunstable.git
error: undefined variable 'nixpkgsunstable' at (string):1:94
(use '--show-trace' to show detailed location information)
$ nix-shell '<nixpkgsunstable>' -p git
[nix-shell:~]$ exit
$ nix-build '<nixpkgsunstable>' -A git
/nix/store/jaani1kx4a4kvz11d0myfkjjiiklfl7w-git-2.16.2
With this configuration, and the explicitly specified nixpkgs, is it possible for users to override nixpkgs without redefining the NIX_PATH? Does it matter?
TIPS: use nix-direnv for this
Top comments (0)