[RFC 0068] Minimal daemon

[Ericson2314]

Rendered

[lheckemann]

👍 since the separate nix-daemon is also what allows things like guix

[JohnAZoidberg]

What do you mean it allows guix?

[AndersonTorres]

In the sense the daemon can work in other frameworks not directly related to Nix language. Guix can use the same daemon as us and they don't need to read a single line of Nix code, only Scheme (and maybe C++).

[edolstra]

What is the advantage over the current situation? Logically nix-daemon doesn't know anything about the Nix language, flakes, etc. We just link everything into one executable to reduce distribution size.

[Ericson2314]

@edolstra Besides the reasons I wrote about taking baby steps towards more modularity, in the short term, I don't think it's wise to have tons of dead code exposed to a program running as root written in a language that doesn't try very hard to prevent memory errors. (I'll add that to the proposal.)

[edolstra]

This RFC is open for shepherd nominations.

I'd like to nominate myself :-)

[kloenk]

I just started working on nix. But I would give it a try as a shepherd meber

[Ericson2314]

Fine with me :), I don't think this RFC doesn't require much prior knowledge/experience to reach a decision.

[kloenk]

Maybe this also could be a time to redesign the protocol? Bools stored as 64 Bits sound kind of huge, and also there are many unused values and packages.

[Ericson2314]

Yes that would be good. I wrote this RFC as a toe-hold to then propose such things, but if during the shepherding meetings there is consensus that we should, up front, commit to making the daemon more conceptually standalone to motivate this, I don't mind adding those extra steps.

[wmertens]

Just a note: in #17 (comment) I'm imagining a very minimal store daemon that communicates via staging directories. That's probably a few steps beyond what you're trying to achieve here though.

[Mic92]

I would say we need at least one more shepherd here.

[thufschmitt]

I'd like to nominate myself too

[asymmetric]

I would either remove the square brackets, or remove this.

[asymmetric]

Can we specify exactly what privileges the daemon is running with, here? I think it's pertinent to the motivations of this RFC.

[asymmetric]

And what is meant here by dead code?

[Ericson2314]

Will explain the "dead code". The elevated privileges thing I am not sure what to right: in theory the nix daemon just needs to be make sandboxes and access the store, but in practice we run it as root last I checked.

[kloenk]

Yes, it is run as Root. Currently the source doesn't allow anything else. We could check for CAPs, but we only check for Root prior to remounting the store in rw

[asymmetric]

Would be good to mention the other solutions in Future Work, methinks.

[asymmetric]

I think this could be moved to the Motivations section.

[asymmetric]

What would it take to remove the perhaps and know for sure? :)

[asymmetric]

Same here, I would try to be (a bit more) specific.

[Ericson2314]

Well, I'm trying to elude to various things people have told me they'd like to see happen over the years, without poisoning the specifics. I rather have this stuff organically come back in the RFC shepherd meetings.

[spacekookie]

There's enough shepherds on this RFC, right? @edolstra do you want to organise a meeting?

[edolstra]

@Ericson2314 @regnat @kloenk I've made a doodle for a meeting next week: https://doodle.com/poll/6gs9h3zvacbtev43. Could you fill in your availability?

[thufschmitt]

@Ericson2314 @regnat @kloenk I've made a doodle for a meeting next week: https://doodle.com/poll/6gs9h3zvacbtev43. Could you fill in your availability?

Unfortunately I'm away for the whole next week. But feel free to do a first meeting without me if you want to

[edolstra]

@Ericson2314 Would you be opposed to closing this RFC and creating a new feature request issue in the Nix repo? Having a minimal daemon is not really a potentially controversial or hard change that requires a shepherd team and all that :-) What do you think?

[kloenk]

My idea of how to implement this would probably need an rfc. Maybe we could/should open a new rfc when I got time to make it working.

CC @grahamc

[Ericson2314]

I am hoping to bolster the motivation here with some new developments I hope will arise soon. Marking it WIP until I do so.

[spacekookie]

Closing this until there's more progress. Feel free to re-open a new PR with an updated RFC

[Ericson2314]

Well, the "new developments" I was hoping for would be something like sharing a daemon / libnixstore with Guix, but they didn't seem vary interested at the time.

I might revise this to make it a more expansive call for layering Nix / separate packages, in which case it could become more RFC-worthy.