Page MenuHomePhabricator

[Nix] Warn user of writes to /etc/nix/nix.conf
ClosedPublic

Authored by jon on Aug 18 2022, 5:08 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 5, 8:14 AM
Unknown Object (File)
Oct 19 2024, 1:23 AM
Unknown Object (File)
Oct 19 2024, 1:23 AM
Unknown Object (File)
Oct 19 2024, 1:23 AM
Unknown Object (File)
Oct 19 2024, 1:19 AM
Unknown Object (File)
Sep 1 2024, 5:44 AM
Unknown Object (File)
Sep 1 2024, 5:44 AM
Unknown Object (File)
Sep 1 2024, 5:43 AM
Subscribers

Details

Summary

If a user already has nix installed, it's a bit
jarring to being prompted immediately for sudo access.

Indicate to the user what's going on to make experience
less frightening.

https://linear.app/comm/issue/ENG-1668

Test Plan
sudo vim /etc/nix/nix.conf
# remove line with cores, max-jobs, or trusted-users

./scripts/install_nix.sh
# get prompted with message with missing value
# enter password

# assert value is now appended to /etc/nix/nix.conf
cat /etc/nix/nix.conf

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

abosh added inline comments.
scripts/install_nix.sh
49 ↗(On Diff #15772)

Wait, how can a user add a value to their nix.conf if it's read-only? Or if they can, maybe the comment on line 43 should be revised? If the user can't write to the file, how can they add ${key} = ${value} to their nix.conf?

This revision now requires changes to proceed.Aug 19 2022, 1:32 PM
jon marked an inline comment as done.
jon added inline comments.
scripts/install_nix.sh
49 ↗(On Diff #15772)

For NixOS, this is read only as it's a system related configuration value:

$ ls -l $(realpath /etc/nix/nix.conf)
.r--r--r-- 660 root 31 Dec  1969 /nix/store/ji2nvpw4sg5qgqk378lhjajra0ci6zlw-nix.conf

The proper way to edit this would be in the system's configuration.nix. Here's my server's configuration.nix for example: https://github.com/jonringer/server-configuration/blob/c9035456fedccd196f2c01f3d1ca670b6534b6ce/configuration.nix#L23-L33, the error emitted is to remind the user that something should be done.

For MacOS, they should never see this message. But it would be a little odd to have NixOS fail hard, as it's the most "nix native" environment.

There may be other reasons why the file isn't writable. But it's pretty common in the nix community and best practice to not assume that something is mutable outside of the canonical user directories like $XDG_CONFIG_HOME (which usually defaults to a directory under $HOME). Also why I'm using those values in the scripts everywhere.

abosh added inline comments.
scripts/install_nix.sh
49 ↗(On Diff #15772)

I see! So the else case can only be entered if the user is on NixOS? I didn't read your comment on line 47, but maybe this is because I thought nix.conf was read-only on MacOS too. I guess it's not read only if you run it with sudo test -w instead of [[ -w ... since the sudo elevates permissions.

So if MacOS will never see this message, maybe this should be documented better? Like explicitly writing something like Only NixOS will see this message in the comment on line 47 or something, because the case is unreachable if the user is on MacOS, which is most developers.

This revision is now accepted and ready to land.Aug 22 2022, 1:36 PM
jon added inline comments.
scripts/install_nix.sh
49 ↗(On Diff #15772)

Like explicitly writing something like Only NixOS will see this message in the comment on line 47 or something,

I can't make the determination why something is read only, just that it is not-writable. NixOS is just one example, but there could be others (they are not an admin on the machine, HPC environment, running nix-docker with /etc/nix mounted read-only, etc).

The best thing would be to say, "Hey, we assume this to be here, but we can't make that happen, so will you please make that happen". And that's what the error currently conveys.

jon marked an inline comment as done.

Just to make sure I'm not out-of-line

This revision is now accepted and ready to land.Aug 23 2022, 10:10 AM