aboutsummaryrefslogtreecommitdiff
path: root/doc/manual/installation
diff options
context:
space:
mode:
authorEelco Dolstra <edolstra@gmail.com>2020-07-24 15:48:40 +0200
committerEelco Dolstra <edolstra@gmail.com>2020-07-24 15:48:40 +0200
commit1308c8404e19aacc6458b3813d445857620a60a8 (patch)
tree78f64ccd6f05b29991e74fccfa1d9d22bfaa91b2 /doc/manual/installation
parent05a282295f3d454c811f9bdd9b755f6a5c07c190 (diff)
Remove DocBook manual
Diffstat (limited to 'doc/manual/installation')
-rw-r--r--doc/manual/installation/building-source.xml49
-rw-r--r--doc/manual/installation/env-variables.xml89
-rw-r--r--doc/manual/installation/installation.xml34
-rw-r--r--doc/manual/installation/installing-binary.xml469
-rw-r--r--doc/manual/installation/installing-source.xml16
-rw-r--r--doc/manual/installation/multi-user.xml107
-rw-r--r--doc/manual/installation/nix-security.xml27
-rw-r--r--doc/manual/installation/obtaining-source.xml30
-rw-r--r--doc/manual/installation/prerequisites-source.xml101
-rw-r--r--doc/manual/installation/single-user.xml21
-rw-r--r--doc/manual/installation/supported-platforms.xml36
-rw-r--r--doc/manual/installation/upgrading.xml27
12 files changed, 0 insertions, 1006 deletions
diff --git a/doc/manual/installation/building-source.xml b/doc/manual/installation/building-source.xml
deleted file mode 100644
index 469aaebe9..000000000
--- a/doc/manual/installation/building-source.xml
+++ /dev/null
@@ -1,49 +0,0 @@
-<section xmlns="http://docbook.org/ns/docbook"
- xmlns:xlink="http://www.w3.org/1999/xlink"
- xmlns:xi="http://www.w3.org/2001/XInclude"
- version="5.0"
- xml:id="sec-building-source">
-
-<title>Building Nix from Source</title>
-
-<para>After unpacking or checking out the Nix sources, issue the
-following commands:
-
-<screen>
-$ ./configure <emphasis>options...</emphasis>
-$ make
-$ make install</screen>
-
-Nix requires GNU Make so you may need to invoke
-<command>gmake</command> instead.</para>
-
-<para>When building from the Git repository, these should be preceded
-by the command:
-
-<screen>
-$ ./bootstrap.sh</screen>
-
-</para>
-
-<para>The installation path can be specified by passing the
-<option>--prefix=<emphasis>prefix</emphasis></option> to
-<command>configure</command>. The default installation directory is
-<filename>/usr/local</filename>. You can change this to any location
-you like. You must have write permission to the
-<emphasis>prefix</emphasis> path.</para>
-
-<para>Nix keeps its <emphasis>store</emphasis> (the place where
-packages are stored) in <filename>/nix/store</filename> by default.
-This can be changed using
-<option>--with-store-dir=<emphasis>path</emphasis></option>.</para>
-
-<warning><para>It is best <emphasis>not</emphasis> to change the Nix
-store from its default, since doing so makes it impossible to use
-pre-built binaries from the standard Nixpkgs channels — that is, all
-packages will need to be built from source.</para></warning>
-
-<para>Nix keeps state (such as its database and log files) in
-<filename>/nix/var</filename> by default. This can be changed using
-<option>--localstatedir=<emphasis>path</emphasis></option>.</para>
-
-</section>
diff --git a/doc/manual/installation/env-variables.xml b/doc/manual/installation/env-variables.xml
deleted file mode 100644
index cbce8559a..000000000
--- a/doc/manual/installation/env-variables.xml
+++ /dev/null
@@ -1,89 +0,0 @@
-<chapter xmlns="http://docbook.org/ns/docbook"
- xmlns:xlink="http://www.w3.org/1999/xlink"
- xmlns:xi="http://www.w3.org/2001/XInclude"
- version="5.0"
- xml:id="ch-env-variables">
-
-<title>Environment Variables</title>
-
-<para>To use Nix, some environment variables should be set. In
-particular, <literal>PATH</literal> should contain the directories
-<filename><emphasis>prefix</emphasis>/bin</filename> and
-<filename>~/.nix-profile/bin</filename>. The first directory contains
-the Nix tools themselves, while <filename>~/.nix-profile</filename> is
-a symbolic link to the current <emphasis>user environment</emphasis>
-(an automatically generated package consisting of symlinks to
-installed packages). The simplest way to set the required environment
-variables is to include the file
-<filename><emphasis>prefix</emphasis>/etc/profile.d/nix.sh</filename>
-in your <filename>~/.profile</filename> (or similar), like this:</para>
-
-<screen>
-source <emphasis>prefix</emphasis>/etc/profile.d/nix.sh</screen>
-
-<section xml:id="sec-nix-ssl-cert-file">
-
-<title><literal>NIX_SSL_CERT_FILE</literal></title>
-
-<para>If you need to specify a custom certificate bundle to account
-for an HTTPS-intercepting man in the middle proxy, you must specify
-the path to the certificate bundle in the environment variable
-<literal>NIX_SSL_CERT_FILE</literal>.</para>
-
-
-<para>If you don't specify a <literal>NIX_SSL_CERT_FILE</literal>
-manually, Nix will install and use its own certificate
-bundle.</para>
-
-<procedure>
- <step><para>Set the environment variable and install Nix</para>
- <screen>
-$ export NIX_SSL_CERT_FILE=/etc/ssl/my-certificate-bundle.crt
-$ sh &lt;(curl -L https://nixos.org/nix/install)
-</screen></step>
-
- <step><para>In the shell profile and rc files (for example,
- <filename>/etc/bashrc</filename>, <filename>/etc/zshrc</filename>),
- add the following line:</para>
-<programlisting>
-export NIX_SSL_CERT_FILE=/etc/ssl/my-certificate-bundle.crt
-</programlisting>
-</step>
-</procedure>
-
-<note><para>You must not add the export and then do the install, as
-the Nix installer will detect the presense of Nix configuration, and
-abort.</para></note>
-
-<section xml:id="sec-nix-ssl-cert-file-with-nix-daemon-and-macos">
-<title><literal>NIX_SSL_CERT_FILE</literal> with macOS and the Nix daemon</title>
-
-<para>On macOS you must specify the environment variable for the Nix
-daemon service, then restart it:</para>
-
-<screen>
-$ sudo launchctl setenv NIX_SSL_CERT_FILE /etc/ssl/my-certificate-bundle.crt
-$ sudo launchctl kickstart -k system/org.nixos.nix-daemon
-</screen>
-</section>
-
-<section xml:id="sec-installer-proxy-settings">
-
-<title>Proxy Environment Variables</title>
-
-<para>The Nix installer has special handling for these proxy-related
-environment variables:
-<varname>http_proxy</varname>, <varname>https_proxy</varname>,
-<varname>ftp_proxy</varname>, <varname>no_proxy</varname>,
-<varname>HTTP_PROXY</varname>, <varname>HTTPS_PROXY</varname>,
-<varname>FTP_PROXY</varname>, <varname>NO_PROXY</varname>.
-</para>
-<para>If any of these variables are set when running the Nix installer,
-then the installer will create an override file at
-<filename>/etc/systemd/system/nix-daemon.service.d/override.conf</filename>
-so <command>nix-daemon</command> will use them.
-</para>
-</section>
-
-</section>
-</chapter>
diff --git a/doc/manual/installation/installation.xml b/doc/manual/installation/installation.xml
deleted file mode 100644
index 878959352..000000000
--- a/doc/manual/installation/installation.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<part xmlns="http://docbook.org/ns/docbook"
- xmlns:xlink="http://www.w3.org/1999/xlink"
- xmlns:xi="http://www.w3.org/2001/XInclude"
- version="5.0"
- xml:id="chap-installation">
-
-<title>Installation</title>
-
-<partintro>
-<para>This section describes how to install and configure Nix for first-time use.</para>
-</partintro>
-
-<xi:include href="supported-platforms.xml" />
-<xi:include href="installing-binary.xml" />
-<xi:include href="installing-source.xml" />
-<xi:include href="nix-security.xml" />
-<xi:include href="env-variables.xml" />
-
-<!-- TODO: should be updated
-<section><title>Upgrading Nix through Nix</title>
-
-<para>You can install the latest stable version of Nix through Nix
-itself by subscribing to the channel <link
-xlink:href="http://nixos.org/releases/nix/channels/nix-stable" />,
-or the latest unstable version by subscribing to the channel <link
-xlink:href="http://nixos.org/releases/nix/channels/nix-unstable" />.
-You can also do a <link linkend="sec-one-click">one-click
-installation</link> by clicking on the package links at <link
-xlink:href="http://nixos.org/releases/full-index-nix.html" />.</para>
-
-</section>
--->
-
-</part>
diff --git a/doc/manual/installation/installing-binary.xml b/doc/manual/installation/installing-binary.xml
deleted file mode 100644
index 439198e6c..000000000
--- a/doc/manual/installation/installing-binary.xml
+++ /dev/null
@@ -1,469 +0,0 @@
-<chapter xmlns="http://docbook.org/ns/docbook"
- xmlns:xlink="http://www.w3.org/1999/xlink"
- xmlns:xi="http://www.w3.org/2001/XInclude"
- version="5.0"
- xml:id="ch-installing-binary">
-
-<title>Installing a Binary Distribution</title>
-
-<para>
- If you are using Linux or macOS versions up to 10.14 (Mojave), the
- easiest way to install Nix is to run the following command:
-</para>
-
-<screen>
- $ sh &lt;(curl -L https://nixos.org/nix/install)
-</screen>
-
-<para>
- If you're using macOS 10.15 (Catalina) or newer, consult
- <link linkend="sect-macos-installation">the macOS installation instructions</link>
- before installing.
-</para>
-
-<para>
- As of Nix 2.1.0, the Nix installer will always default to creating a
- single-user installation, however opting in to the multi-user
- installation is highly recommended.
- <!-- TODO: this explains *neither* why the default version is
- single-user, nor why we'd recommend multi-user over the default.
- True prospective users don't have much basis for evaluating this.
- What's it to me? Who should pick which? Why? What if I pick wrong?
- -->
-</para>
-
-<section xml:id="sect-single-user-installation">
- <title>Single User Installation</title>
-
- <para>
- To explicitly select a single-user installation on your system:
-
- <screen>
- sh &lt;(curl -L https://nixos.org/nix/install) --no-daemon
-</screen>
- </para>
-
-<para>
-This will perform a single-user installation of Nix, meaning that
-<filename>/nix</filename> is owned by the invoking user. You should
-run this under your usual user account, <emphasis>not</emphasis> as
-root. The script will invoke <command>sudo</command> to create
-<filename>/nix</filename> if it doesn’t already exist. If you don’t
-have <command>sudo</command>, you should manually create
-<filename>/nix</filename> first as root, e.g.:
-
-<screen>
-$ mkdir /nix
-$ chown alice /nix
-</screen>
-
-The install script will modify the first writable file from amongst
-<filename>.bash_profile</filename>, <filename>.bash_login</filename>
-and <filename>.profile</filename> to source
-<filename>~/.nix-profile/etc/profile.d/nix.sh</filename>. You can set
-the <literal>NIX_INSTALLER_NO_MODIFY_PROFILE</literal> environment
-variable before executing the install script to disable this
-behaviour.
-</para>
-
-
-<para>You can uninstall Nix simply by running:
-
-<screen>
-$ rm -rf /nix
-</screen>
-
-</para>
-</section>
-
-<section xml:id="sect-multi-user-installation">
- <title>Multi User Installation</title>
- <para>
- The multi-user Nix installation creates system users, and a system
- service for the Nix daemon.
- </para>
-
- <itemizedlist>
- <title>Supported Systems</title>
-
- <listitem>
- <para>Linux running systemd, with SELinux disabled</para>
- </listitem>
- <listitem><para>macOS</para></listitem>
- </itemizedlist>
-
- <para>
- You can instruct the installer to perform a multi-user
- installation on your system:
- </para>
-
- <screen>sh &lt;(curl -L https://nixos.org/nix/install) --daemon</screen>
-
- <para>
- The multi-user installation of Nix will create build users between
- the user IDs 30001 and 30032, and a group with the group ID 30000.
-
- You should run this under your usual user account,
- <emphasis>not</emphasis> as root. The script will invoke
- <command>sudo</command> as needed.
- </para>
-
- <note><para>
- If you need Nix to use a different group ID or user ID set, you
- will have to download the tarball manually and <link
- linkend="sect-nix-install-binary-tarball">edit the install
- script</link>.
- </para></note>
-
- <para>
- The installer will modify <filename>/etc/bashrc</filename>, and
- <filename>/etc/zshrc</filename> if they exist. The installer will
- first back up these files with a
- <literal>.backup-before-nix</literal> extension. The installer
- will also create <filename>/etc/profile.d/nix.sh</filename>.
- </para>
-
- <para>You can uninstall Nix with the following commands:
-
-<screen>
-sudo rm -rf /etc/profile/nix.sh /etc/nix /nix ~root/.nix-profile ~root/.nix-defexpr ~root/.nix-channels ~/.nix-profile ~/.nix-defexpr ~/.nix-channels
-
-# If you are on Linux with systemd, you will need to run:
-sudo systemctl stop nix-daemon.socket
-sudo systemctl stop nix-daemon.service
-sudo systemctl disable nix-daemon.socket
-sudo systemctl disable nix-daemon.service
-sudo systemctl daemon-reload
-
-# If you are on macOS, you will need to run:
-sudo launchctl unload /Library/LaunchDaemons/org.nixos.nix-daemon.plist
-sudo rm /Library/LaunchDaemons/org.nixos.nix-daemon.plist
-</screen>
-
- There may also be references to Nix in
- <filename>/etc/profile</filename>,
- <filename>/etc/bashrc</filename>, and
- <filename>/etc/zshrc</filename> which you may remove.
- </para>
-
-</section>
-
-<section xml:id="sect-macos-installation">
- <title>macOS Installation</title>
-
- <para>
- Starting with macOS 10.15 (Catalina), the root filesystem is read-only.
- This means <filename>/nix</filename> can no longer live on your system
- volume, and that you'll need a workaround to install Nix.
- </para>
-
- <para>
- The recommended approach, which creates an unencrypted APFS volume
- for your Nix store and a "synthetic" empty directory to mount it
- over at <filename>/nix</filename>, is least likely to impair Nix
- or your system.
- </para>
-
- <note><para>
- With all separate-volume approaches, it's possible something on
- your system (particularly daemons/services and restored apps) may
- need access to your Nix store before the volume is mounted. Adding
- additional encryption makes this more likely.
- </para></note>
-
- <para>
- If you're using a recent Mac with a
- <link xlink:href="https://www.apple.com/euro/mac/shared/docs/Apple_T2_Security_Chip_Overview.pdf">T2 chip</link>,
- your drive will still be encrypted at rest (in which case "unencrypted"
- is a bit of a misnomer). To use this approach, just install Nix with:
- </para>
-
- <screen>$ sh &lt;(curl -L https://nixos.org/nix/install) --darwin-use-unencrypted-nix-store-volume</screen>
-
- <para>
- If you don't like the sound of this, you'll want to weigh the
- other approaches and tradeoffs detailed in this section.
- </para>
-
- <note>
- <title>Eventual solutions?</title>
- <para>
- All of the known workarounds have drawbacks, but we hope
- better solutions will be available in the future. Some that
- we have our eye on are:
- </para>
- <orderedlist>
- <listitem>
- <para>
- A true firmlink would enable the Nix store to live on the
- primary data volume without the build problems caused by
- the symlink approach. End users cannot currently
- create true firmlinks.
- </para>
- </listitem>
- <listitem>
- <para>
- If the Nix store volume shared FileVault encryption
- with the primary data volume (probably by using the same
- volume group and role), FileVault encryption could be
- easily supported by the installer without requiring
- manual setup by each user.
- </para>
- </listitem>
- </orderedlist>
- </note>
-
- <section xml:id="sect-macos-installation-change-store-prefix">
- <title>Change the Nix store path prefix</title>
- <para>
- Changing the default prefix for the Nix store is a simple
- approach which enables you to leave it on your root volume,
- where it can take full advantage of FileVault encryption if
- enabled. Unfortunately, this approach also opts your device out
- of some benefits that are enabled by using the same prefix
- across systems:
-
- <itemizedlist>
- <listitem>
- <para>
- Your system won't be able to take advantage of the binary
- cache (unless someone is able to stand up and support
- duplicate caching infrastructure), which means you'll
- spend more time waiting for builds.
- </para>
- </listitem>
- <listitem>
- <para>
- It's harder to build and deploy packages to Linux systems.
- </para>
- </listitem>
- <!-- TODO: may be more here -->
- </itemizedlist>
-
- <!-- TODO: Yes, but how?! -->
-
- It would also possible (and often requested) to just apply this
- change ecosystem-wide, but it's an intrusive process that has
- side effects we want to avoid for now.
- <!-- magnificent hand-wavy gesture -->
- </para>
- <para>
- </para>
- </section>
-
- <section xml:id="sect-macos-installation-encrypted-volume">
- <title>Use a separate encrypted volume</title>
- <para>
- If you like, you can also add encryption to the recommended
- approach taken by the installer. You can do this by pre-creating
- an encrypted volume before you run the installer--or you can
- run the installer and encrypt the volume it creates later.
- <!-- TODO: see later note about whether this needs both add-encryption and from-scratch directions -->
- </para>
- <para>
- In either case, adding encryption to a second volume isn't quite
- as simple as enabling FileVault for your boot volume. Before you
- dive in, there are a few things to weigh:
- </para>
- <orderedlist>
- <listitem>
- <para>
- The additional volume won't be encrypted with your existing
- FileVault key, so you'll need another mechanism to decrypt
- the volume.
- </para>
- </listitem>
- <listitem>
- <para>
- You can store the password in Keychain to automatically
- decrypt the volume on boot--but it'll have to wait on Keychain
- and may not mount before your GUI apps restore. If any of
- your launchd agents or apps depend on Nix-installed software
- (for example, if you use a Nix-installed login shell), the
- restore may fail or break.
- </para>
- <para>
- On a case-by-case basis, you may be able to work around this
- problem by using <command>wait4path</command> to block
- execution until your executable is available.
- </para>
- <para>
- It's also possible to decrypt and mount the volume earlier
- with a login hook--but this mechanism appears to be
- deprecated and its future is unclear.
- </para>
- </listitem>
- <listitem>
- <para>
- You can hard-code the password in the clear, so that your
- store volume can be decrypted before Keychain is available.
- </para>
- </listitem>
- </orderedlist>
- <para>
- If you are comfortable navigating these tradeoffs, you can encrypt the volume with
- something along the lines of:
- <!-- TODO:
- I don't know if this also needs from-scratch instructions?
- can we just recommend use-the-installer-and-then-encrypt?
- -->
- </para>
- <!--
- TODO: it looks like this option can be encryptVolume|encrypt|enableFileVault
-
- It may be more clear to use encryptVolume, here? FileVault seems
- heavily associated with the boot-volume behavior; I worry
- a little that it can mislead here, especially as it gets
- copied around minus doc context...?
- -->
- <screen>alice$ diskutil apfs enableFileVault /nix -user disk</screen>
-
- <!-- TODO: and then go into detail on the mount/decrypt approaches? -->
- </section>
-
- <section xml:id="sect-macos-installation-symlink">
- <!--
- Maybe a good razor is: if we'd hate having to support someone who
- installed Nix this way, it shouldn't even be detailed?
- -->
- <title>Symlink the Nix store to a custom location</title>
- <para>
- Another simple approach is using <filename>/etc/synthetic.conf</filename>
- to symlink the Nix store to the data volume. This option also
- enables your store to share any configured FileVault encryption.
- Unfortunately, builds that resolve the symlink may leak the
- canonical path or even fail.
- </para>
- <para>
- Because of these downsides, we can't recommend this approach.
- </para>
- <!-- Leaving out instructions for this one. -->
- </section>
-
- <section xml:id="sect-macos-installation-recommended-notes">
- <title>Notes on the recommended approach</title>
- <para>
- This section goes into a little more detail on the recommended
- approach. You don't need to understand it to run the installer,
- but it can serve as a helpful reference if you run into trouble.
- </para>
- <orderedlist>
- <listitem>
- <para>
- In order to compose user-writable locations into the new
- read-only system root, Apple introduced a new concept called
- <literal>firmlinks</literal>, which it describes as a
- "bi-directional wormhole" between two filesystems. You can
- see the current firmlinks in <filename>/usr/share/firmlinks</filename>.
- Unfortunately, firmlinks aren't (currently?) user-configurable.
- </para>
-
- <para>
- For special cases like NFS mount points or package manager roots,
- <link xlink:href="https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man5/synthetic.conf.5.html">synthetic.conf(5)</link>
- supports limited user-controlled file-creation (of symlinks,
- and synthetic empty directories) at <filename>/</filename>.
- To create a synthetic empty directory for mounting at <filename>/nix</filename>,
- add the following line to <filename>/etc/synthetic.conf</filename>
- (create it if necessary):
- </para>
-
- <screen>nix</screen>
- </listitem>
-
- <listitem>
- <para>
- This configuration is applied at boot time, but you can use
- <command>apfs.util</command> to trigger creation (not deletion)
- of new entries without a reboot:
- </para>
-
- <screen>alice$ /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B</screen>
- </listitem>
-
- <listitem>
- <para>
- Create the new APFS volume with diskutil:
- </para>
-
- <screen>alice$ sudo diskutil apfs addVolume diskX APFS 'Nix Store' -mountpoint /nix</screen>
- </listitem>
-
- <listitem>
- <para>
- Using <command>vifs</command>, add the new mount to
- <filename>/etc/fstab</filename>. If it doesn't already have
- other entries, it should look something like:
- </para>
-
-<screen>
-#
-# Warning - this file should only be modified with vifs(8)
-#
-# Failure to do so is unsupported and may be destructive.
-#
-LABEL=Nix\040Store /nix apfs rw,nobrowse
-</screen>
-
- <para>
- The nobrowse setting will keep Spotlight from indexing this
- volume, and keep it from showing up on your desktop.
- </para>
- </listitem>
- </orderedlist>
- </section>
-
-</section>
-
-<section xml:id="sect-nix-install-pinned-version-url">
- <title>Installing a pinned Nix version from a URL</title>
-
- <para>
- NixOS.org hosts version-specific installation URLs for all Nix
- versions since 1.11.16, at
- <literal>https://releases.nixos.org/nix/nix-<emphasis>version</emphasis>/install</literal>.
- </para>
-
- <para>
- These install scripts can be used the same as the main
- NixOS.org installation script:
-
- <screen>
- sh &lt;(curl -L https://nixos.org/nix/install)
-</screen>
- </para>
-
- <para>
- In the same directory of the install script are sha256 sums, and
- gpg signature files.
- </para>
-</section>
-
-<section xml:id="sect-nix-install-binary-tarball">
- <title>Installing from a binary tarball</title>
-
- <para>
- You can also download a binary tarball that contains Nix and all
- its dependencies. (This is what the install script at
- <uri>https://nixos.org/nix/install</uri> does automatically.) You
- should unpack it somewhere (e.g. in <filename>/tmp</filename>),
- and then run the script named <command>install</command> inside
- the binary tarball:
-
-
-<screen>
-alice$ cd /tmp
-alice$ tar xfj nix-1.8-x86_64-darwin.tar.bz2
-alice$ cd nix-1.8-x86_64-darwin
-alice$ ./install
-</screen>
- </para>
-
- <para>
- If you need to edit the multi-user installation script to use
- different group ID or a different user ID range, modify the
- variables set in the file named
- <filename>install-multi-user</filename>.
- </para>
-</section>
-</chapter>
diff --git a/doc/manual/installation/installing-source.xml b/doc/manual/installation/installing-source.xml
deleted file mode 100644
index c261a109d..000000000
--- a/doc/manual/installation/installing-source.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<chapter xmlns="http://docbook.org/ns/docbook"
- xmlns:xlink="http://www.w3.org/1999/xlink"
- xmlns:xi="http://www.w3.org/2001/XInclude"
- version="5.0"
- xml:id="ch-installing-source">
-
-<title>Installing Nix from Source</title>
-
-<para>If no binary package is available, you can download and compile
-a source distribution.</para>
-
-<xi:include href="prerequisites-source.xml" />
-<xi:include href="obtaining-source.xml" />
-<xi:include href="building-source.xml" />
-
-</chapter>
diff --git a/doc/manual/installation/multi-user.xml b/doc/manual/installation/multi-user.xml
deleted file mode 100644
index 835bd3a52..000000000
--- a/doc/manual/installation/multi-user.xml
+++ /dev/null
@@ -1,107 +0,0 @@
-<section xmlns="http://docbook.org/ns/docbook"
- xmlns:xlink="http://www.w3.org/1999/xlink"
- xmlns:xi="http://www.w3.org/2001/XInclude"
- version="5.0"
- xml:id="ssec-multi-user">
-
-<title>Multi-User Mode</title>
-
-<para>To allow a Nix store to be shared safely among multiple users,
-it is important that users are not able to run builders that modify
-the Nix store or database in arbitrary ways, or that interfere with
-builds started by other users. If they could do so, they could
-install a Trojan horse in some package and compromise the accounts of
-other users.</para>
-
-<para>To prevent this, the Nix store and database are owned by some
-privileged user (usually <literal>root</literal>) and builders are
-executed under special user accounts (usually named
-<literal>nixbld1</literal>, <literal>nixbld2</literal>, etc.). When a
-unprivileged user runs a Nix command, actions that operate on the Nix
-store (such as builds) are forwarded to a <emphasis>Nix
-daemon</emphasis> running under the owner of the Nix store/database
-that performs the operation.</para>
-
-<note><para>Multi-user mode has one important limitation: only
-<systemitem class="username">root</systemitem> and a set of trusted
-users specified in <filename>nix.conf</filename> can specify arbitrary
-binary caches. So while unprivileged users may install packages from
-arbitrary Nix expressions, they may not get pre-built
-binaries.</para></note>
-
-
-<section>
-
-<title>Setting up the build users</title>
-
-<para>The <emphasis>build users</emphasis> are the special UIDs under
-which builds are performed. They should all be members of the
-<emphasis>build users group</emphasis> <literal>nixbld</literal>.
-This group should have no other members. The build users should not
-be members of any other group. On Linux, you can create the group and
-users as follows:
-
-<screen>
-$ groupadd -r nixbld
-$ for n in $(seq 1 10); do useradd -c "Nix build user $n" \
- -d /var/empty -g nixbld -G nixbld -M -N -r -s "$(which nologin)" \
- nixbld$n; done
-</screen>
-
-This creates 10 build users. There can never be more concurrent builds
-than the number of build users, so you may want to increase this if
-you expect to do many builds at the same time.</para>
-
-</section>
-
-
-<section>
-
-<title>Running the daemon</title>
-
-<para>The <link linkend="sec-nix-daemon">Nix daemon</link> should be
-started as follows (as <literal>root</literal>):
-
-<screen>
-$ nix-daemon</screen>
-
-You’ll want to put that line somewhere in your system’s boot
-scripts.</para>
-
-<para>To let unprivileged users use the daemon, they should set the
-<link linkend="envar-remote"><literal>NIX_REMOTE</literal> environment
-variable</link> to <literal>daemon</literal>. So you should put a
-line like
-
-<programlisting>
-export NIX_REMOTE=daemon</programlisting>
-
-into the users’ login scripts.</para>
-
-</section>
-
-
-<section>
-
-<title>Restricting access</title>
-
-<para>To limit which users can perform Nix operations, you can use the
-permissions on the directory
-<filename>/nix/var/nix/daemon-socket</filename>. For instance, if you
-want to restrict the use of Nix to the members of a group called
-<literal>nix-users</literal>, do
-
-<screen>
-$ chgrp nix-users /nix/var/nix/daemon-socket
-$ chmod ug=rwx,o= /nix/var/nix/daemon-socket
-</screen>
-
-This way, users who are not in the <literal>nix-users</literal> group
-cannot connect to the Unix domain socket
-<filename>/nix/var/nix/daemon-socket/socket</filename>, so they cannot
-perform Nix operations.</para>
-
-</section>
-
-
-</section>
diff --git a/doc/manual/installation/nix-security.xml b/doc/manual/installation/nix-security.xml
deleted file mode 100644
index d888ff14d..000000000
--- a/doc/manual/installation/nix-security.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<chapter xmlns="http://docbook.org/ns/docbook"
- xmlns:xlink="http://www.w3.org/1999/xlink"
- xmlns:xi="http://www.w3.org/2001/XInclude"
- version="5.0"
- xml:id="ch-nix-security">
-
-<title>Security</title>
-
-<para>Nix has two basic security models. First, it can be used in
-“single-user mode”, which is similar to what most other package
-management tools do: there is a single user (typically <systemitem
-class="username">root</systemitem>) who performs all package
-management operations. All other users can then use the installed
-packages, but they cannot perform package management operations
-themselves.</para>
-
-<para>Alternatively, you can configure Nix in “multi-user mode”. In
-this model, all users can perform package management operations — for
-instance, every user can install software without requiring root
-privileges. Nix ensures that this is secure. For instance, it’s not
-possible for one user to overwrite a package used by another user with
-a Trojan horse.</para>
-
-<xi:include href="single-user.xml" />
-<xi:include href="multi-user.xml" />
-
-</chapter> \ No newline at end of file
diff --git a/doc/manual/installation/obtaining-source.xml b/doc/manual/installation/obtaining-source.xml
deleted file mode 100644
index 968822cc0..000000000
--- a/doc/manual/installation/obtaining-source.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<section xmlns="http://docbook.org/ns/docbook"
- xmlns:xlink="http://www.w3.org/1999/xlink"
- xmlns:xi="http://www.w3.org/2001/XInclude"
- version="5.0"
- xml:id="sec-obtaining-source">
-
-<title>Obtaining a Source Distribution</title>
-
-<para>The source tarball of the most recent stable release can be
-downloaded from the <link
-xlink:href="http://nixos.org/nix/download.html">Nix homepage</link>.
-You can also grab the <link
-xlink:href="http://hydra.nixos.org/job/nix/master/release/latest-finished#tabs-constituents">most
-recent development release</link>.</para>
-
-<para>Alternatively, the most recent sources of Nix can be obtained
-from its <link
-xlink:href="https://github.com/NixOS/nix">Git
-repository</link>. For example, the following command will check out
-the latest revision into a directory called
-<filename>nix</filename>:</para>
-
-<screen>
-$ git clone https://github.com/NixOS/nix</screen>
-
-<para>Likewise, specific releases can be obtained from the <link
-xlink:href="https://github.com/NixOS/nix/tags">tags</link> of the
-repository.</para>
-
-</section> \ No newline at end of file
diff --git a/doc/manual/installation/prerequisites-source.xml b/doc/manual/installation/prerequisites-source.xml
deleted file mode 100644
index 77955eecc..000000000
--- a/doc/manual/installation/prerequisites-source.xml
+++ /dev/null
@@ -1,101 +0,0 @@
-<section xmlns="http://docbook.org/ns/docbook"
- xmlns:xlink="http://www.w3.org/1999/xlink"
- xmlns:xi="http://www.w3.org/2001/XInclude"
- version="5.0"
- xml:id="sec-prerequisites-source">
-
-<title>Prerequisites</title>
-
-<itemizedlist>
-
- <listitem><para>GNU Autoconf
- (<link xlink:href="https://www.gnu.org/software/autoconf/"/>)
- and the autoconf-archive macro collection
- (<link xlink:href="https://www.gnu.org/software/autoconf-archive/"/>).
- These are only needed to run the bootstrap script, and are not necessary
- if your source distribution came with a pre-built
- <literal>./configure</literal> script.</para></listitem>
-
- <listitem><para>GNU Make.</para></listitem>
-
- <listitem><para>Bash Shell. The <literal>./configure</literal> script
- relies on bashisms, so Bash is required.</para></listitem>
-
- <listitem><para>A version of GCC or Clang that supports C++17.</para></listitem>
-
- <listitem><para><command>pkg-config</command> to locate
- dependencies. If your distribution does not provide it, you can get
- it from <link
- xlink:href="http://www.freedesktop.org/wiki/Software/pkg-config"
- />.</para></listitem>
-
- <listitem><para>The OpenSSL library to calculate cryptographic hashes.
- If your distribution does not provide it, you can get it from <link
- xlink:href="https://www.openssl.org"/>.</para></listitem>
-
- <listitem><para>The <literal>libbrotlienc</literal> and
- <literal>libbrotlidec</literal> libraries to provide implementation
- of the Brotli compression algorithm. They are available for download
- from the official repository <link
- xlink:href="https://github.com/google/brotli" />.</para></listitem>
-
- <listitem><para>The bzip2 compressor program and the
- <literal>libbz2</literal> library. Thus you must have bzip2
- installed, including development headers and libraries. If your
- distribution does not provide these, you can obtain bzip2 from <link
- xlink:href="https://web.archive.org/web/20180624184756/http://www.bzip.org/"
- />.</para></listitem>
-
- <listitem><para><literal>liblzma</literal>, which is provided by
- XZ Utils. If your distribution does not provide this, you can
- get it from <link xlink:href="https://tukaani.org/xz/"/>.</para></listitem>
-
- <listitem><para>cURL and its library. If your distribution does not
- provide it, you can get it from <link
- xlink:href="https://curl.haxx.se/"/>.</para></listitem>
-
- <listitem><para>The SQLite embedded database library, version 3.6.19
- or higher. If your distribution does not provide it, please install
- it from <link xlink:href="http://www.sqlite.org/" />.</para></listitem>
-
- <listitem><para>The <link
- xlink:href="http://www.hboehm.info/gc/">Boehm
- garbage collector</link> to reduce the evaluator’s memory
- consumption (optional). To enable it, install
- <literal>pkgconfig</literal> and the Boehm garbage collector, and
- pass the flag <option>--enable-gc</option> to
- <command>configure</command>.</para></listitem>
-
- <listitem><para>The <literal>boost</literal> library of version
- 1.66.0 or higher. It can be obtained from the official web site
- <link xlink:href="https://www.boost.org/" />.</para></listitem>
-
- <listitem><para>The <literal>editline</literal> library of version
- 1.14.0 or higher. It can be obtained from the its repository
- <link xlink:href="https://github.com/troglobit/editline" />.</para></listitem>
-
- <listitem><para>Recent versions of Bison and Flex to build the
- parser. (This is because Nix needs GLR support in Bison and
- reentrancy support in Flex.) For Bison, you need version 2.6, which
- can be obtained from the <link
- xlink:href="ftp://alpha.gnu.org/pub/gnu/bison">GNU FTP
- server</link>. For Flex, you need version 2.5.35, which is
- available on <link
- xlink:href="http://lex.sourceforge.net/">SourceForge</link>.
- Slightly older versions may also work, but ancient versions like the
- ubiquitous 2.5.4a won't. Note that these are only required if you
- modify the parser or when you are building from the Git
- repository.</para></listitem>
-
- <listitem><para>The <literal>libseccomp</literal> is used to provide
- syscall filtering on Linux. This is an optional dependency and can
- be disabled passing a <option>--disable-seccomp-sandboxing</option>
- option to the <command>configure</command> script (Not recommended
- unless your system doesn't support
- <literal>libseccomp</literal>). To get the library, visit <link
- xlink:href="https://github.com/seccomp/libseccomp"
- />.</para></listitem>
-
-</itemizedlist>
-
-</section>
diff --git a/doc/manual/installation/single-user.xml b/doc/manual/installation/single-user.xml
deleted file mode 100644
index e9a761af3..000000000
--- a/doc/manual/installation/single-user.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<section xmlns="http://docbook.org/ns/docbook"
- xmlns:xlink="http://www.w3.org/1999/xlink"
- xmlns:xi="http://www.w3.org/2001/XInclude"
- version="5.0"
- xml:id="sec-single-user">
-
-<title>Single-User Mode</title>
-
-<para>In single-user mode, all Nix operations that access the database
-in <filename><emphasis>prefix</emphasis>/var/nix/db</filename>
-or modify the Nix store in
-<filename><emphasis>prefix</emphasis>/store</filename> must be
-performed under the user ID that owns those directories. This is
-typically <systemitem class="username">root</systemitem>. (If you
-install from RPM packages, that’s in fact the default ownership.)
-However, on single-user machines, it is often convenient to
-<command>chown</command> those directories to your normal user account
-so that you don’t have to <command>su</command> to <systemitem
-class="username">root</systemitem> all the time.</para>
-
-</section> \ No newline at end of file
diff --git a/doc/manual/installation/supported-platforms.xml b/doc/manual/installation/supported-platforms.xml
deleted file mode 100644
index 3e74be49d..000000000
--- a/doc/manual/installation/supported-platforms.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<chapter xmlns="http://docbook.org/ns/docbook"
- xmlns:xlink="http://www.w3.org/1999/xlink"
- xmlns:xi="http://www.w3.org/2001/XInclude"
- version="5.0"
- xml:id="ch-supported-platforms">
-
-<title>Supported Platforms</title>
-
-<para>Nix is currently supported on the following platforms:
-
-<itemizedlist>
-
- <listitem><para>Linux (i686, x86_64, aarch64).</para></listitem>
-
- <listitem><para>macOS (x86_64).</para></listitem>
-
- <!--
- <listitem><para>FreeBSD (only tested on Intel).</para></listitem>
- -->
-
- <!--
- <listitem><para>Windows through <link
- xlink:href="http://www.cygwin.com/">Cygwin</link>.</para>
-
- <warning><para>On Cygwin, Nix <emphasis>must</emphasis> be installed
- on an NTFS partition. It will not work correctly on a FAT
- partition.</para></warning>
-
- </listitem>
- -->
-
-</itemizedlist>
-
-</para>
-
-</chapter>
diff --git a/doc/manual/installation/upgrading.xml b/doc/manual/installation/upgrading.xml
deleted file mode 100644
index 592f63895..000000000
--- a/doc/manual/installation/upgrading.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<chapter xmlns="http://docbook.org/ns/docbook"
- xmlns:xlink="http://www.w3.org/1999/xlink"
- xmlns:xi="http://www.w3.org/2001/XInclude"
- version="5.0"
- xml:id="ch-upgrading-nix">
-
- <title>Upgrading Nix</title>
-
- <para>
- Multi-user Nix users on macOS can upgrade Nix by running:
- <command>sudo -i sh -c 'nix-channel --update &amp;&amp;
- nix-env -iA nixpkgs.nix &amp;&amp;
- launchctl remove org.nixos.nix-daemon &amp;&amp;
- launchctl load /Library/LaunchDaemons/org.nixos.nix-daemon.plist'</command>
- </para>
-
-
- <para>
- Single-user installations of Nix should run this:
- <command>nix-channel --update; nix-env -iA nixpkgs.nix nixpkgs.cacert</command>
- </para>
-
- <para>
- Multi-user Nix users on Linux should run this with sudo:
- <command>nix-channel --update; nix-env -iA nixpkgs.nix nixpkgs.cacert; systemctl daemon-reload; systemctl restart nix-daemon</command>
- </para>
-</chapter>