Install Nix rootless on rhel

I’m trying to install Nix rootless (user namespace) on a rhel system.

I got a copy of a statically linked nix from like this:

curl -L https://hydra.nixos.org/job/nix/maintenance-2.16/buildStatic.x86_64-linux/latest/download-by-type/file/binary-dist > nix

Then, trying to follow the example from the Nix wiki:

https://nixos.wiki/wiki/Nix_Installation_Guide#Installing_without_root_permissions

under the heading, “nix 2.0’s native method”:

./nix --extra-experimental-features nix-command --extra-experimental-features flakes run --store ~/my-nix nixpkgs.nix nixpkgs.bashInteractive

I get:

path '/p/home/jraa/pks/nix/nixpkgs.nix' does not contain a 'flake.nix', searching up
**error:** getting status of '**/p/home/jraa/pks/nix/nixpkgs.nix**': **No such file or directory**

Do I need to get a file nixpkgs.nix from somewhere?
How can I fix this error?

I think it’s a misunderstanding, typo or outdated or something. Should probably be:

./nix --extra-experimental-features nix-command --extra-experimental-features flakes run --store ~/my-nix nixpkgs#nix nixpkgs#bashInteractive

I gave it a try, but it didn’t work, though differently…

$ ./nix --extra-experimental-features nix-command --extra-experimental-features flakes run --store ~/my-nix nixpkgs#nix nixpkgs#bashInteractive
warning: error: unable to download 'https://channels.nixos.org/flake-registry.json': SSL connect error (35); retrying in 342 ms
warning: error: unable to download 'https://channels.nixos.org/flake-registry.json': SSL connect error (35); retrying in 690 ms
warning: error: unable to download 'https://channels.nixos.org/flake-registry.json': SSL connect error (35); retrying in 1030 ms
warning: error: unable to download 'https://channels.nixos.org/flake-registry.json': SSL connect error (35); retrying in 2285 ms
error: unable to download 'https://channels.nixos.org/flake-registry.json': SSL connect error (35)

which seems weird, because I can:

wget https://channels.nixos.org/flake-registry.json

and get the file, no problem.

That’s a deeper issue, could be anything from issues with the ssl backend to the root cert being in an unexpected location. I’d start checking what ssl backend ends up being used, and if that doesn’t seem fishy I’d get straceing.

Not unlikely someone with more experience running statically compiled nix will be able to tell what’s wrong at a glance, though.

Sigh… might attempting a local build of nix be worth the effort, or is that unlikely to succeed or solve the issue?

Should be reasonably easy, it’s just a C++ codebase with mostly rather usual dependencies. Being easy to spin up on new platforms is a deliberate design goal. I wouldn’t be too surprised if a natively compiled nix either just worked out of the box or going through the process showed you what the issue is.

That said, again, I’m not the most experienced with nix on older platforms, certainly not following non-standard installation mechanisms, so it’s possible it’s actually something rather simple. Share if you figure it out, I’d love to know!

I’ve seen this error recently while trying to make nix work on fedora through a MITM proxy. In multi-user though so I’m not sure it’ll help but some of the stuff I tried which could lead you to the cause:

• NIX_SSL_CERT_FILE or just SSL_CERT_FILE
• CURL_CA_BUNDLE
• double checking the proxy env variables (HTTP_PROXY and HTTPS_PROXY)
• adding --verbose to the command line
• trying curl instead of wget to check that the network setup is working, can give different result

I got it to run without rebuilding, and using hints from @badcold. This command worked:

NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt ./nix --extra-experimental-features nix-command --extra-experimental-features flakes run 'nixpkgs/release-22.11#cowsay' -- "Hey\!"

Probably worth updating the wiki?

I tried to edit the wiki, but was not allowed; guessing it was to do with cloudflare?