I want to prevent nix using builder user accounts when running nixos-rebuild because I have outgoing firewall rules implemented with opensnitch and having many user accounts and user ids needing network access to run nixos-rebuild makes the rules much more complex!
I have looked up the docs and have found build-users-group
It states
If the build users group is empty, builds will be performed under the uid of the Nix process (that is, the uid of the caller if
NIX_REMOTE
is empty, the uid under which the Nix daemon runs ifNIX_REMOTE
isdaemon
).
I would like to know how to set the build-users-group config option to empty so that builds will only be performed by the user who ran it.
I have tried
nix.settings.build-users-group = " '' ";
But that results in the warning:
warning: the group ‘’‘’ specified in ‘build-users-group’ does not exist
and then the error that prevents all new builds:
error: the group ‘’‘’ specified in ‘build-users-group’ does not exist
the next time nixos-rebuild is run