nixos-rebuild: use sudo when whoami != root

[balsoft]

Description of changes

Currently, executing nixos-rebuild switch as a non-root user will
result in a somewhat confusing error about being unable to link a
profile to a nix store path. This is not ideal, especially as we already
have most of the code to handle this properly and use sudo to elevate
permissions to install.

This is preferrable for flakes (better eval caching), and also more
intuitive for new users.

FIXME

• Add this to the release notes
• Mention it in the documentation
• Consider printing some message about using sudo

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 23.05 Release Notes (or backporting 22.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

[algorithmiker]

I think there should be a way to disable this functionality.

I know this is not advised, but one might get a surprise if
a) they are not root
b) they're not running with sudo

but
c) they have rights to write /nix/store.

maybe a --force-disable-auto-sudo flag?

[balsoft]

That's fair enough.

Although, that said, nixos-rebuild switch/boot/test requires quite a lot more permissions then just write access to /nix/var/nix/profiles/system.

[misuzu]

#170501

[balsoft]

I think this version is a bit better, since it focuses on just the local build case. The remote build case is more complicated to handle well.

[SuperSandro2000]

Why not use --use-remote-sudo as a fallback? I am using that with an increased sudo timeout and think it should be better than running nix as root.

Also does this overwrite --use-remote-sudo?

Can this write flake.lock files with sudo?

[winterqt]

This isn't related to the change itself, but why use a branch on NixOS/nixpkgs?

[balsoft]

Why not use --use-remote-sudo as a fallback? I am using that with an increased sudo timeout and think it should be better than running nix as root.

This change pretty much enables the use-remote-sudo behavior by default when

1. Deploying to localhost, and
2. User running nixos-rebuild is not root

With this change, if you run nixos-rebuild switch as a non-root user, the only commands executed as root will be nix-env and then switch-to-configuration.

And no, --no-auto-sudo does not override --use-remote-sudo; the lack of it enables automatic use of sudo which could previously done by passing --use-remote-sudo in some situations.

Can this write flake.lock files with sudo?

No, all evaluation and realization happen without sudo, as they do with --use-remote-sudo.

[balsoft]

This isn't related to the change itself, but why use a branch on NixOS/nixpkgs?

Sorry, I just have an alias that does git push --set-upstream origin/$GIT_CURRENT_BRANCH, and have been (mindlessly) using it for all my PRs. I will push to my fork in the future.

[roberth]

Isn't everything in the script automatic?

Suggested change

	.It Fl -no-auto-sudo
	.It Fl -no-sudo

[balsoft]

Not quite, you can technically do --no-auto-sudo --use-remote-sudo. Although, there's no real reason for this, I guess. I'll make --use-remote-sudo and --no-sudo mutually exclusive.

[roberth]

an alias that does git push --set-upstream origin/$GIT_CURRENT_BRANCH,

That'd be equivalent to my pohu

$ git help pohu
'pohu' is aliased to 'push origin HEAD -u'

I've made a habit out of renaming origin to upstream for everything I don't own.