nixos/flake: set up NIX_PATH and system flake registry automatically #254405
Conversation
ofborg
bot
added
10.rebuild-darwin: 1-10
10.rebuild-darwin: 1
10.rebuild-linux: 1-10
labels
lf-
force-pushed
the
jade/nix-path-flakes
branch
from
2078be3
to
3120b3e
Compare
lf-
force-pushed
the
jade/nix-path-flakes
branch
from
3120b3e
to
8651130
Compare
nixos/modules/misc/nixpkgs.nix
Outdated
| default = false; | ||
|
|
||
| description = mdDoc '' | ||
| Whether to create /etc/nix/inputs/nixpkgs as a symlink and set |
There was a problem hiding this comment.
This could use more documentation about where the symlink points to. I mean, I assume it points to the path to the derivation that nixos is being built out of, but there must be an appropriately precise way to say that...
nixos/modules/misc/nixpkgs.nix
Outdated
| default = false; | ||
|
|
||
| description = mdDoc '' | ||
| Whether to set nixpkgs in the local flake registry and disable the |
There was a problem hiding this comment.
Similarly, I assume this points to the derivation nixos is built out of, but find some precise way to say that. Also specify explicitly whether this option relies on the /etc/nix/inputs/nixpkgs symlink to exist or not.
Also, it's called the system registry not the local registry. Since that term is vague and confusing and doesn't help a user to understand why they'd want this option turned on, by all means keep the present wording about "local" as well, but do use it in conjunction with the official name.
There was a problem hiding this comment.
Ah, not quite the one nixos is built out of, which means my docs are bad. I will write better ones than I wrote while originally writing this whilst tired at nixcon tomorrow :)
There was a problem hiding this comment.
Apparently I misunderstood what you wrote because it was 2am. This option doesn't require /etc/nix/inputs/nixpkgs to exist, and is completely independent of the other option.
lf-
force-pushed
the
jade/nix-path-flakes
branch
3 times, most recently
from
e0c648f
to
bc3b186
Compare
|
Alright, I have pushed a change rewriting the documentation to have examples and to use more clear wording. I have also turned it on by default. The reasoning for enabling it by default on flake configurations is that we do things that are suboptimal for closure size by default, for example This change only affects systems built with flakes. |
lf-
changed the title
nixos/modules/config/nix.nix
Outdated
| @@ -332,6 +332,16 @@ in | |||
| always allowed to connect. | |||
| ''; | |||
| }; | |||
|
|
|||
| flake-registry = mkOption { | |||
| type = types.str; | |||
There was a problem hiding this comment.
don't you mean nullOr str?
There was a problem hiding this comment.
Yes, I didn't realize null was coerced to empty string.
nixos/modules/misc/nixpkgs.nix
Outdated
|
|
||
| description = mdDoc '' | ||
| Whether to create `/etc/nix/inputs/nixpkgs` as a symlink to the version of nixpkgs that | ||
| the NixOS system was built with and set `NIX_PATH` to include `/etc/nix/inputs/nixpkgs`. |
There was a problem hiding this comment.
just to be absolutely clear: the symlink points to a path in the store, right?
There was a problem hiding this comment.
Yep. I will word this more carefully.
nixos/modules/misc/nixpkgs.nix
Outdated
|
|
||
| description = mdDoc '' | ||
| Whether to pin nixpkgs in the system-wide flake registry (`/etc/nix/registry.json`) to the | ||
| version of nixpkgs that the NixOS system has been built with. |
There was a problem hiding this comment.
so the understanding I get from this is that it replicates the protocol, URL, etc but pins based on rev. correct? I still feel like there could be a bit more wording to say so explicitly, but it's good as-is.
There was a problem hiding this comment.
Nope. It is a string-with-context that introduces a simple dependency:
nix-repl> nixosConfigurations.micro.options.nix.registry.value.nixpkgs.to
{ path = "/nix/store/c8cz4q0y6jw9qvjwk45nf6pvwysj7yn6-source"; type = "path"; }
nix-repl> :p builtins.getContext nixosConfigurations.micro.options.nix.registry.value.nixpkgs.to.path
{ "/nix/store/c8cz4q0y6jw9qvjwk45nf6pvwysj7yn6-source" = { path = true; }; }
There was a problem hiding this comment.
ah! that's nice and simple. the clearest way to say that might be "by referencing it in the store"?
nixos/modules/misc/nixpkgs.nix
Outdated
| version of nixpkgs that the NixOS system has been built with. | ||
|
|
||
| This also sets a default to disable the global (online) flake registry due to | ||
| <https://github.com/NixOS/nix/issues/9087>. |
There was a problem hiding this comment.
Bad call: unnecessary breaking change. Why not fix the bug instead?
There was a problem hiding this comment.
I don't want to try getting anything into Nix after a one line change to fix nix-shell in shebangs by a former coworker continues to sit unreviewed for going on two years now, in spite of repeated prodding for reviews including by back channels.
I understand the Nix team has been improving things, and I think more prompt reviews generally happen now but I'm still not interested.
I can remove the workaround because the bug isn't that bad.
There was a problem hiding this comment.
@lf- i have an interest in the shebangs features, but I am not finding the referenced shebang PR. (my own effort in bringing shebangs to nix-command took more than two years with 5189, so I understand the patience can get worn out)
There was a problem hiding this comment.
i had it written down somewhere; it's NixOS/nix#5088
lf-
force-pushed
the
jade/nix-path-flakes
branch
from
bc3b186
to
fd80a9f
Compare
|
I have done a final pass through the docs. I am not sure if they are too verbose, but even if they are, usually we have the opposite problem and I have rarely thought that of module docs. |
|
the latest revision of the docs looks great. thanks for indulging me! I know I tend to prefer more verbose docs than others do, but I feel that a lot of flake semantics are under-documented and I'd much rather not have to guess at these details. |
|
The diff looks very weird, are there formatting changes or something? Related PR #197424 |
Yes. I moved the whole existing config= contents right one indent, put it in a mkMerge, and added my own things. When I rebased I did these changes manually because git had made such an absolute dog's breakfast of the diff and I couldn't make any sense of it. I don't know what made git fail so hard on this PR's diff, but I am sorry it is annoying to review. |
|
Hiding the whitespace changes makes it better
rightmost icon |
lf-
force-pushed
the
jade/nix-path-flakes
branch
from
fd80a9f
to
0c919c2
Compare
There was a problem hiding this comment.
- blocking: /etc/nix/inputs/nixpkgs is awkward, please examine some other possibilities mentioned above
- thought: having nixpkgs.flake.setNixPath interacting with nix.nixPath (same with nixpkgs.flake.setFlakeRegistry / nix.registry) might cause confusion. There are then two ways to do the same thing, which takes precedence, etc. Here i don't yet know of solid suggestion; there is merit to having it in both option sets.
lf-
force-pushed
the
jade/nix-path-flakes
branch
from
0c919c2
to
ec806b7
Compare
wait, really? this looks Haskell-specific |
Clicked wrong, meant NixOS/templates#53 |
No longer needed via NixOS/nixpkgs#254405
|
Just for reference, in case someone is looking for the change that caused their flake-based NixOS systems to no longer rebuild. Since I previously had The suggested use of If you do not wish to do so, you can also disable the newly added option, as described in the release notes (look for NIX_PATH).
IMO the documentation of this change in the release notes is good, but users might still look for this error in the issues and PRs of the nixpkgs repository, so I thought I'd mention it. |
No longer needed since NixOS/nixpkgs#254405 got merged See NixOS/nixpkgs#254405 (comment) for more information
Since <NixOS/nixpkgs#254405> was merged, `nix.nixPath` is set when you use `lib.nixosSystem`
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/use-a-system-nixpkgs-version-in-a-flake/43784/3 |
- Don't auto-optimise-store by default
- We should avoid arbitrary "sane defaults" in this template, as nixpkgs already has pretty sane defaults nowadays
- Simplify registry+nixPath
- Instead of using a file as indirection (to avoid staleness), indirect it through the registry using `flake:nixpkgs`
- Add a comment about NixOS/nixpkgs#254405, which all this by default for nixpkgs
- Disable channels and flake registry by default
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: |
|
Hmm should we also enable flakes when using |
|
@arianvp probably yes. I've been meaning to submit that exact change for like, months. |
|
Maybe we just need to replace registry link to a path? |
no, that is broken. the environment variable won't be updated in existing processes so you need at minimum a symlink indirection. i had one of those twice in the revision history of this pr if you want to see, and the current method is the simplest and most robust possible with the singular caveat that the resulting system needs flakes enabled. |
|
I appreciate this effort, but as long as nix allows pointing inputs to the local registry, this change practically seems to do more harm than good. I think we should consider at least turning the I ended up publishing broken flakes for some time now without noticing and I'm probably not the only one. Implementing a performance improvement (less networking/fetching) with the cost of introducing breakages in the wild doesn't seem to be a tradeoff worthwhile to me. I understand that there are opinions on how flake inputs should never point to the (local) registry, and I'm not opposed to that. It would be much better if nix itself is fixed first, in order to not allow local registry flake inputs or warn about using them, before breaking many peoples setups by such change. An alternative approach could be to point the registry override to |
|
Here's the lix bug number to do what you describe. https://git.lix.systems/lix-project/lix/issues/170 Don't write flakes that use registry indirect inputs. They were always broken regardless of this change because you have no idea which version of nixpkgs they will update to when someone else runs nix flake update. If you really are motivated, you can set the registry to point to be a github input type and pull the metadata out of flake.lock because I believe it never makes it into I think that people who work on broken flakes regularly should consider setting up the necessary custom code to allow them to do that safely and disable this feature. Or fix the flakes. You can absolutely see when you nix flake update and it did the wrong thing. My point here is that working on broken flakes that use the registry is the exceptional case and I've seen a lot of nix support questions in my time; I believe you to be the second one to complain about this, compared to probably a dozen or more times I've had to tell people how to set up NIX_PATH which this change eliminates completely. I don't think we should regress the default user experience (which, especially NIX_PATH being correct by default has completely eliminated a whole class of support issues to the extent that I've forgotten this was ever a problem). I would especially not advise blocking these UX improvements on changes in the nix implementation because those do not get to users quickly (even with Lix, releases have a long latency to get fixes out). |
|
As for your suggestion, it's broken if you have a local or private fork of nixpkgs. It's plausible it would cause redownloads as well if that commit is contained within a fork. Shipping it would be a regression, when the actual fix is making the nix implementations refuse to do registry indirect flake inputs. This isn't just a performance improvement. It's a correctness improvement. It makes it so that if you bring stuff in with nix-shell today and open a nested shell tomorrow, the stuff will be compatible with each other. |
|
FWIW personally I was very surprised that Namely I could do
For that reason I would also prefer setting |
|
To me, having versions of nixpkgs mismatched with the config is always unexpected behaviour because I expect nixos-rebuild switch to always be a no-op unless I changed something visible to git. It's very easy to e.g. do a channel update and forget to run nixos-rebuild (or it fails) and have it be non obvious this has happened. A workflow where there's only one nixpkgs at play is more intuitive for new users, as evidenced by flake users having channel problems completely vanishing from support rooms after this change. If I wanted the latest version of something, I would use, pre flakes, Semantically, nixpkgs in the registry and Now that being said, the detsys and lix installer (if flakes are on) both set nixpkgs=flake:nixpkgs in NIX_PATH because channels have horrible UX. It also doesn't automatically pin it for you. But this is sensible for UX: "give me some nixpkgs" should mean the same thing across flakes and non flakes and it was confusing it wasn't the case before, regardless of what it's actually pointed to and whether it's pinned or not. If you don't like it, turn it off. But I would really like to preserve the status quo in which this support problem is gone and the average user doesn't have to think about more than one version of nixpkgs. |
NixOS/nixpkgs#254405 Signed-off-by: Roman Volosatovs <[email protected]>
NixOS/nixpkgs#254405 Signed-off-by: Roman Volosatovs <[email protected]>
Currently there are a bunch of really wacky hacks required to get nixpkgs path correctly set up under flake configs such that
nix run nixpkgs#helloandnix run -f '<nixpkgs>' hellohit the nixpkgs that the system was built with. In particular you have to use specialArgs or an anonymous module, and everyone has to include this hack in their own configs.We can do this for users automatically.
I have tested these manually with a basic config; I don't know if it is even possible to write a nixos test for it since you can't really get a string-with-context to yourself unless you are in a flake context.
cc @RaitoBezarius
Description of changes
Things done
sandbox = trueset innix.conf? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)