--- title: "Nix installer workgroup meeting #1" date: 2022-09-14 tags: nix meeting --- :::info ### Agenda - Round table to get the different expectations from the installer - Presentation of DetSys's experimental installer ::: ## Pre-meeting notes :::warning Anything that you'd like to have written-down before the meeting ::: - Notes from @domen: > - document the difference between single/multi user install and the decision that the user needs > - merge 4-6 scripts that create the installer so that the logic is centralized (right now each script has a different syle, functions, etc) > - installer should be idempotent > - there should be an uninstaller that works (this is mainly not to gain Nix haters) > - create automation to test the installer on many platforms, especially for the new ones (macOS) - Notes from @Solène > - The installer has issues with Linux systems using SELinux. > - Having an official standalone nix binary would also be awesome, I count this as “installing” because it’s a non-installation case. - Notes from @matnosner > For the upcoming tools abstracting nix usage, namely: > > - devbox > - riff > - bob > > a more “lightweight install” could be beneficial. The nix install can feel a bit “intrusive” for some users when the entire nix tool chain is installed. Also avoiding changes to the users environment would be beneficial. Not sure which part’s could possibly be left out. - Notes from @fricklerhandwerk > - existing test setups > - [grahamc/nix-install-matrix](https://github.com/grahamc/nix-install-matrix) > - installer tests based on vagrant and Virtualbox VMs > - [flox/install-matrix/](https://github.com/flox/install-matrix/) > - updates by @tomberek > - does not work out of the box! > - [Anton-Latukha/nix-tests-terraform](https://github.com/Anton-Latukha/nix-tests-terraform) > - made for [NixOS/nix#1565](https://github.com/NixOS/nix/pull/1565) (a POSIXly correct installer by @Anton-Latukha, abandoned out of frustration) > - tests based on terraform > - no fully automated setup yet, still to be tested > - [cachix/nix-install-action](https://github.com/cachix/install-nix-action) > - GitHub action to run the most recent installer > - [installer issues](https://github.com/NixOS/nix/issues?page=1&q=is%3Aissue+is%3Aopen+installer) > - [attempt at triage](https://discourse.nixos.org/t/anyone-up-for-picking-at-some-nix-onboarding-improvements/13152/6) by @abathur > - I will go through issues to set labels to enable more reliable search > - [installer pull requests](https://github.com/NixOS/nix/pulls?q=is%3Aopen+is%3Apr+label%3Ainstaller) > - installation should be silent and ask no questions > - installer should be idempotent > - uninstallation should be one command and leave no trace - Notes from @edolstra > - Revived Nix-based installer test: https://github.com/NixOS/nix/pull/7043 > - We should minimize the amount of code duplication / divergence between different installation paths, e.g. daemon vs non-daemon, bash vs. fish. > - The best way to simplify the installer is to minimize the amount of work done by the installer, i.e. have more defaults in Nix or Nix auto-creating directories. > - Even better is if you don't need to install Nix at all, e.g. by using the auto-chroot statically linked nix binary. ## Meeting notes ### Round table - **Ana** - Determinate Systems (DetSys) - No strong opinion on what the installer should do, just wanna work on it - **Chris** - Tweag - Same thing mostly - Onboarded a couple friends, nearly everyone got bitten by some installer quirk - **Travis** - Suffers for people encountering install issues - Worked on some MacOS-specific issues on the installer. - Needs testing, testing , testing - **Alexander** - RedHat (unrelated to Nix) - Install on Fedora is… interesting - Heard about SELinux issues - **Solène** - Tweag, part of the Nix group - Learned about the installer issues only recently because exclusively uses NixOS - Interested to help with testing - A standalone binary could be great too - **Graham** - Determinate Systems - Talked about that for a few months at DetSys - Installer is bad - Uninstaller doesn't exists and the instructions are scary - Started to reimplement the installer in the last couple weeks - **Matthew** - Flox - Not fetching a random script from the installer - Make it more “pure” because it's a bad intro to the ecosystem right now - **Eelco** - Determinate Systems - Used to have an automated installer test in the Nix testsuite, but deprecated - Revived it with Graham's matrix installer test - The installer should do less stuff (like not having to create all the build users) - Extreme form of that: Standalone statically linked binary - **Théophane** - Tweag - Installer is the entrypoint to the ecosystem for most people. So it needs to be perfect ### DetSys installer Just uses bash to bootstrap the actual installer which is a compiled binary. **Demo** Rust binary - Idempotency - The installer is doing a lot of things that should all be reversible - Should save the exact steps that have been done _somewhere_ so that it can be rolled back (or replayed, or shared) - Architecture: - Fetch a (bash) script that does some feature checks then fetches the binary installer for the current platform (could adapt the Rustup wrapper script for that) - Currently very opinionated - Will switch `flakes` on by default - Only uses the daemon #### Single-user install? Not supported by DetSys installer. Because they feel that single-user mode is not a good experience and makes the ecosystem less uniform (so the userbase more complex). How useful is the single user install? - Docker containers (because no nested sandboxing) - No-systemd systems - Security-constrained envs @Solène offers to create a discourse poll to get a sense of how much it is used WSL? - Can run systemd (even NixOS there), though in a hacky way - Technically uses its own init system, might be worth having a dedicated support for it ### Installer language Having a binary installer means running a binary blob, while a bash script is _somewhat_ more introspectable. But people will run a precompiled Nix anyways, so that doesn't change too much. And the benefit of having a proper language over bash outweights this by far ### Distro packaging - Ubuntu has it (slightly outdated) in its repos, which is great - Rust gave up on that - `nix-community` has rpms Having stuff on distro's repos is a lot of pain. Having Nix packaged as a `deb`/`rpm` is simpler, and makes people more comfortable, and we avoid the problem of having them outdated in the repos. To be discussed later. ### Testing - The installer should test itself at the end to make sure that stuff is available in the user's shell - Manage the expectations. If people have a weird system that prevents the installer from working, it must be made explicit so that they know it ## Future steps - Follow-up meeting in 2 weeks (Sept. 28, 16:00 CEST) - Eelco working on the installer test (https://github.com/NixOS/nix/pull/7043) - DetSys to hopefully release their Poc