The daemon is not powerful at all, almost all the logic happens in the client.
The client does the parsing, job ordering, and tells the daemon exactly what to do.
The daemon, only required in multiuser environments, does only two things really.
- ensure that the /nix/store is protected as the daemon should be the only process able to _write_ to it. Everything can read from the nix store; no nix required at all.
- execute build commands in a sandbox. Providing isolation between multiple builds.
The daemon is not powerful at all, almost all the logic happens in the client.
The client does the parsing, job ordering, and tells the daemon exactly what to do.
The daemon, only required in multiuser environments, does only two things really.
- ensure that the /nix/store is protected as the daemon should be the only process able to _write_ to it. Everything can read from the nix store; no nix required at all.
- execute build commands in a sandbox. Providing isolation between multiple builds.