nh icon indicating copy to clipboard operation
nh copied to clipboard
verified publisher icon viperML

Doas support

Open maningreen opened this issue 9 months ago • 9 comments

Currently if you use doas instead of sudo it doesn't work. I'm unsure how this would work in implementation but a nix option of what to use for superuser access would be great.

maningreen avatar Mar 25 '25 04:03 maningreen

Updoot!

notjiatan avatar May 19 '25 03:05 notjiatan

There is no interest from maintainers to suppory doas, as we do not use it and are not presented a strong argument for supporting it. Please consider opening a pull request if this is important to you.

NotAShelf avatar May 19 '25 11:05 NotAShelf

@NotAShelf Ok, will try to make a PR for this

I was also wondering the reasoning behind why nh doesn't support being invoked with sudo, one such case where this may be useful is if a user wants to rebuild a system & leave their machine (i.e. to make a sandwich) while it rebuilds as the current implementation requires you to be present to enter your password.

notjiatan avatar May 20 '25 23:05 notjiatan

sudo nh os switch -R

viperML avatar May 21 '25 05:05 viperML

I was also wondering the reasoning behind why nh doesn't support being invoked with sudo, one such case where this may be useful is if a user wants to rebuild a system & leave their machine (i.e. to make a sandwich) while it rebuilds as the current implementation requires you to be present to enter your password.

It does support being invoked with sudo, but it's not recommended. Running all commands with sudo even when there is no need for it is a security flaw. By default nh only elevates privileges when necessary, i.e., when we're switching generations.

NotAShelf avatar May 21 '25 06:05 NotAShelf

Oh, ok thanks for clearing that up

$ sudo nh os switch -f '<nixpkgs/nixos>' -- -I nixos-config=/etc/nixos/configuration.nix -R                        
Error: 
   0: Don't run nh os as root. I will call sudo internally as needed

Location:
   src/nixos.rs:59

as seen above it was previously not working when I was parsing the -R flag however, it seems to work fine with the long flag (--bypass-root-check), but this only seems to be an issue on my current system, weird.

notjiatan avatar May 21 '25 07:05 notjiatan

You have to pass -R to nh, not to nix:

sudo nh os switch -R -f '<nixpkgs/nixos>' -- -I nixos-config=/etc/nixos/configuration.nix

viperML avatar May 21 '25 08:05 viperML

On my two machines, nh works with doas flawlesly with doas-sudo-shim package installed. There is no sudo installed on my systems and everything works as expected.

mighty-spirit avatar Jul 07 '25 19:07 mighty-spirit

nh os switch works with doas-sudo-shim but nh clean fails because --preserve-env is not supported

bandithedoge avatar Jul 09 '25 19:07 bandithedoge