summary refs log tree commit diff
path: root/nix.conf.example
blob: e2735d180760fe22dfff5f5d1b2a5cc5deacef88 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
### Option `gc-keep-outputs'
#
# If `true', the garbage collector will keep the outputs of
# non-garbage derivations.  If `false' (default), outputs will be
# deleted unless they are GC roots themselves (or reachable from other
# roots).
# 
# In general, outputs must be registered as roots separately.
# However, even if the output of a derivation is registered as a root,
# the collector will still delete store paths that are used only at
# build time (e.g., the C compiler, or source tarballs downloaded from
# the network).  To prevent it from doing so, set this option to
# `true'.
gc-keep-outputs = false


### Option `gc-keep-derivations'
#
# If `true' (default), the garbage collector will keep the derivations
# from which non-garbage store paths were built.  If `false', they
# will be deleted unless explicitly registered as a root (or reachable
# from other roots).
#
# Keeping derivation around is useful for querying and traceability
# (e.g., it allows you to ask with what dependencies or options a
# store path was built), so by default this option is on.  Turn it off
# to safe a bit of disk space (or a lot if `gc-keep-outputs' is also
# turned on).
gc-keep-derivations = true


### Option `env-keep-derivations'
#
# If `false' (default), derivations are not stored in Nix user
# environments.  That is, the derivation any build-time-only
# dependencies may be garbage-collected.
#
# If `true', when you add a Nix derivation to a user environment, the
# path of the derivation is stored in the user environment.  Thus, the
# derivation will not be garbage-collected until the user environment
# generation is deleted (`nix-env --delete-generations').  To prevent
# build-time-only dependencies from being collected, you should also
# turn on `gc-keep-outputs'.
#
# The difference between this option and `gc-keep-derivations' is that
# this one is `sticky': it applies to any user environment created
# while this option was enabled, while `gc-keep-derivations' only
# applies at the moment the garbage collector is run.
env-keep-derivations = false


### Option `build-allow-root'
#
# This option controls Nix's behaviour when it is invoked under the
# `root' user (or setuid-root).  If `true' (default), builds are
# performed under the `root' user.  If `false', builds are performed
# under one of the users listed in the `build-users' option (see
# below).
build-allow-root = true


### Option `build-users'
#
# This option is only applicable if `build-allow-root' is `false' and
# Nix is invoked under the `root' user (or setuid-root).  It contains
# a list of user names under which Nix can execute builds.  Builds
# cannot be performed by root since that would allow users to take
# over the system by supplying specially crafted builders; and they
# cannot be performed by the calling user since that would allow
# him/her to influence the build result.
#
# Thus this list should contain a number of `special' user accounts
# created specifically for Nix, e.g., `nix-builder-1',
# `nix-builder-2', and so on.  The more users the better, since at
# most a number of builds equal to the number of build users can be
# started.
#
# Example:
#   build-users = nix-builder-1 nix-builder-2 nix-builder-3
build-users =