mozempk/void-installer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix nix single-user mode for live ISO and installer

Browse Source 
- Store ownership: chown -R 1000:1000 at Docker build time (not runtime)
  so the live user can create lock files without flooding the tmpfs overlay
- nix.conf: add build-users-group= to force single-user mode and avoid
  daemon connection attempts (xbps nix-daemon v2.30.2 incompatible with
  pre-baked nix v2.34.6)
- profile.d: export NIX_REMOTE=local and NIXPKGS_ALLOW_UNFREE=1; wrap nix()
  to append --impure so flake installs work without extra flags
- Skel: add ~/.config/nixpkgs/config.nix with allowUnfree=true
- postinstall.sh: fix daemon socket path (/nix/var/nix/...), write
  ~/.config/nixpkgs/config.nix for installed user
- first-login.sh: add NIX_REMOTE=local alongside NIXPKGS_ALLOW_UNFREE=1
- Remove nix-daemon from live ISO services (wrong version for pre-baked client)
- Misc: bluetooth group, package list reorg, skip vscode install for niri profile

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
moze
2026-04-25 12:56:13 +00:00
parent 6d65f28844
commit 49d94bd2ac
11 changed files with 109 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
iso/build-live-iso.sh
View File

@@ -90,7 +90,7 @@ LIVE_USER="${USERNAME:-live}"
LIVE_USER="${USERNAME:-live}"
# Extra groups (dracut only adds audio,video,wheel)
for g in plugdev input network docker; do
for g in plugdev input network docker bluetooth; do
groupadd -f "$g" 2>/dev/null || true
usermod -aG "$g" "$LIVE_USER" 2>/dev/null || true
done
@@ -107,6 +107,7 @@ if [ -x /usr/bin/nix ]; then
install -d -m 0755 /etc/nix
cat > /etc/nix/nix.conf <<NIXCONF
experimental-features = nix-command flakes
build-users-group =
sandbox = false
auto-optimise-store = true
trusted-users = root $LIVE_USER
@@ -288,7 +289,7 @@ EOF
install -d -m 0755 "$INCLUDE_DIR/etc/runit/runsvdir/default"
# Enable services for the live session.
for svc in dbus NetworkManager lightdm nix-daemon; do
for svc in dbus NetworkManager lightdm bluetoothd; do
ln -sf "/etc/sv/$svc" "$INCLUDE_DIR/etc/runit/runsvdir/default/$svc" 2>/dev/null || true
done
@@ -570,6 +571,13 @@ if [[ -d "${HOME:-}/.nix-profile/bin" ]]; then
*) export PATH="$HOME/.nix-profile/bin:$PATH" ;;
esac
fi
export NIXPKGS_ALLOW_UNFREE=1
# Pre-baked nix is single-user (no daemon) — bypass daemon connection attempt
export NIX_REMOTE=local
# Flake commands ignore NIXPKGS_ALLOW_UNFREE unless --impure is passed.
# Wrap nix so interactive installs work without extra flags.
nix() { command nix "$@" --impure; }
export -f nix
NIXEOF
@@ -641,6 +649,10 @@ cat > "$INCLUDE_DIR/etc/profile.d/nix-packages-path.sh" <<'EOF'
export NIX_PACKAGES_FILE=/usr/local/libexec/nix-packages.list
EOF
# nixpkgs config: allow unfree packages for all users
install -d -m 0755 "$INCLUDE_DIR/etc/skel/.config/nixpkgs"
echo '{ allowUnfree = true; }' > "$INCLUDE_DIR/etc/skel/.config/nixpkgs/config.nix"
# ── 3g) Skel: .bash_profile sources .bashrc only (no first-login autorun) ──
install -d -m 0755 "$INCLUDE_DIR/etc/skel"
cat > "$INCLUDE_DIR/etc/skel/.bash_profile" <<'EOF'