How do I let users update their channels?

I installed Nix 2.7.0 multi-user on Ubuntu, but I can’t figure out how to let users update their channels:

• the default installation gives users no channels of their own, but their nix-env commands include the root user’s channels, which are default set to have nixpkgs. Running nix-channel --update as a user in this setup does nothing (updates zero channels).
• Adding a nixpkgs channel as a user (nix-channel --add https://nixos.org/channels/nixpkgs-unstable) is ignored because there’s already a root channel for nixpkgs, warning: name collision in input Nix expressions, skipping '/home/$USER/.nix-defexpr/channels_root/nixpkgs'
• I tried removing the root channel so that user channels will work, and it seems to work for the non-root user, but I can’t stick with that because I want to let root have its own channels so that it can install some system-wide services into its own profile.

So what is the recommended setup to let my root user and non-root users have independent channels that they each can update on their own schedules without interfering with one another (and so that users can update their own channels without needing sudo?

so that users can update their own channels without needing sudo

For a user, nix-channel shouldn’t be run with sudo. Nor should nix-env be run with sudo.

I went and tried installing nix onto a Linux Mint installation: indeed, I was able to add/update channels (and install a package to the user’s profile) with an unprivileged user. – If I understand correctly, what you’re asking for is the intended out-of-the-box functionality.

Hmm, so my steps were:

• Install Kubuntu 21.10 (same thing also happened for me using Ubuntu 20.04)
• Create and log in as user1
• Install Nix multi-user sh <(curl -L https://nixos.org/nix/install) --daemon
• Reboot (probably not needed)
• Log in as user1
• nix-channel --add https://nixos.org/channels/nixpkgs-unstable (works fine)
• nix-channel --update (works fine)
• nix-env -i git – seems to use the un-updated root nixpkgs channel instead of the updated user1’s nixpkgs channel (gives the message warning: name collision in input Nix expressions, skipping '/home/user1/.nix-defexpr/channels_root/nixpkgs')

You’re saying the behavior was different in your installation? Or did I do an incorrect step? Or am I misunderstanding what the warning means?

Ahh, right. I hadn’t seen that warning before.

The warning suggest it’s using the user’s nixpkgs channel, and ignoring the root user’s nixpkgs channel. – To avoid the warning, give the channel a different name for root. nix-channel can be given a name when it’s added, something like:

# nix-channel --remove nixpkgs
# nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs-root

But, uh, to try and explain what I think is going on:

Recall, as user1, after running nix-channel --add ... and nix-channel --update, the directory under ~/.nix-defexpr will have:

~/.nix-defexpr/channels/nixpkgs
~/.nix-defexpr/channels_root/nixpkgs

And so the nix-env -i command. I don’t fully understand how exacly “nixpkgs” comes into it. (The nix-env documentation page does discuss .nix-defexpr a bit, though). But rather than running:

nix-env -i git

it’s somewhat quicker to run:

nix-env -iA nixpkgs.git

which ends up doing the same thing.

I guess what’s going on is that when nix-env is loading the files from ~/.nix-defexpr, it’s seeing nixpkgs in both channels and channels_root and warning about that.

If instead the root user named their nixpkgs-unstable channel as “nixpkgs-root” or whatever, then the equivalent nix-env command would be:

# nix-env --iA nixpkgs-root.git

Which leaves the user free to name their channel nixpkgs & update it as they see fit, root user free to install packages which all users will have access to.

Thank you for all the details! That’s very helpful to understand.