New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/flake: set up NIX_PATH and system flake registry automatically #254405
Conversation
2078be3
to
3120b3e
Compare
3120b3e
to
8651130
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
overall looks great, I want this!
nixos/modules/misc/nixpkgs.nix
Outdated
default = false; | ||
|
||
description = mdDoc '' | ||
Whether to create /etc/nix/inputs/nixpkgs as a symlink and set |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This could use more documentation about where the symlink points to. I mean, I assume it points to the path to the derivation that nixos is being built out of, but there must be an appropriately precise way to say that...
nixos/modules/misc/nixpkgs.nix
Outdated
default = false; | ||
|
||
description = mdDoc '' | ||
Whether to set nixpkgs in the local flake registry and disable the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similarly, I assume this points to the derivation nixos is built out of, but find some precise way to say that. Also specify explicitly whether this option relies on the /etc/nix/inputs/nixpkgs symlink to exist or not.
Also, it's called the system registry not the local registry. Since that term is vague and confusing and doesn't help a user to understand why they'd want this option turned on, by all means keep the present wording about "local" as well, but do use it in conjunction with the official name.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, not quite the one nixos is built out of, which means my docs are bad. I will write better ones than I wrote while originally writing this whilst tired at nixcon tomorrow :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apparently I misunderstood what you wrote because it was 2am. This option doesn't require /etc/nix/inputs/nixpkgs
to exist, and is completely independent of the other option.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it sure was 2am <3
e0c648f
to
bc3b186
Compare
Alright, I have pushed a change rewriting the documentation to have examples and to use more clear wording. I have also turned it on by default. The reasoning for enabling it by default on flake configurations is that we do things that are suboptimal for closure size by default, for example This change only affects systems built with flakes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks solid to me! note that this is by way of peer review, I'm not a committer, somebody else will need to approve it
nixos/modules/config/nix.nix
Outdated
@@ -332,6 +332,16 @@ in | |||
always allowed to connect. | |||
''; | |||
}; | |||
|
|||
flake-registry = mkOption { | |||
type = types.str; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
don't you mean nullOr str
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I didn't realize null was coerced to empty string.
nixos/modules/misc/nixpkgs.nix
Outdated
|
||
description = mdDoc '' | ||
Whether to create `/etc/nix/inputs/nixpkgs` as a symlink to the version of nixpkgs that | ||
the NixOS system was built with and set `NIX_PATH` to include `/etc/nix/inputs/nixpkgs`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just to be absolutely clear: the symlink points to a path in the store, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep. I will word this more carefully.
nixos/modules/misc/nixpkgs.nix
Outdated
|
||
description = mdDoc '' | ||
Whether to pin nixpkgs in the system-wide flake registry (`/etc/nix/registry.json`) to the | ||
version of nixpkgs that the NixOS system has been built with. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so the understanding I get from this is that it replicates the protocol, URL, etc but pins based on rev. correct? I still feel like there could be a bit more wording to say so explicitly, but it's good as-is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nope. It is a string-with-context that introduces a simple dependency:
nix-repl> nixosConfigurations.micro.options.nix.registry.value.nixpkgs.to
{ path = "/nix/store/c8cz4q0y6jw9qvjwk45nf6pvwysj7yn6-source"; type = "path"; }
nix-repl> :p builtins.getContext nixosConfigurations.micro.options.nix.registry.value.nixpkgs.to.path
{ "/nix/store/c8cz4q0y6jw9qvjwk45nf6pvwysj7yn6-source" = { path = true; }; }
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah! that's nice and simple. the clearest way to say that might be "by referencing it in the store"?
nixos/modules/misc/nixpkgs.nix
Outdated
version of nixpkgs that the NixOS system has been built with. | ||
|
||
This also sets a default to disable the global (online) flake registry due to | ||
<https://github.com/NixOS/nix/issues/9087>. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah good call
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bad call: unnecessary breaking change. Why not fix the bug instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't want to try getting anything into Nix after a one line change to fix nix-shell in shebangs by a former coworker continues to sit unreviewed for going on two years now, in spite of repeated prodding for reviews including by back channels.
I understand the Nix team has been improving things, and I think more prompt reviews generally happen now but I'm still not interested.
I can remove the workaround because the bug isn't that bad.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@lf- i have an interest in the shebangs features, but I am not finding the referenced shebang PR. (my own effort in bringing shebangs to nix-command took more than two years with 5189, so I understand the patience can get worn out)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i had it written down somewhere; it's NixOS/nix#5088
bc3b186
to
fd80a9f
Compare
I have done a final pass through the docs. I am not sure if they are too verbose, but even if they are, usually we have the opposite problem and I have rarely thought that of module docs. |
the latest revision of the docs looks great. thanks for indulging me! I know I tend to prefer more verbose docs than others do, but I feel that a lot of flake semantics are under-documented and I'd much rather not have to guess at these details. |
The diff looks very weird, are there formatting changes or something? Related PR #197424 |
Yes. I moved the whole existing config= contents right one indent, put it in a mkMerge, and added my own things. When I rebased I did these changes manually because git had made such an absolute dog's breakfast of the diff and I couldn't make any sense of it. I don't know what made git fail so hard on this PR's diff, but I am sorry it is annoying to review. |
fd80a9f
to
0c919c2
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- blocking: /etc/nix/inputs/nixpkgs is awkward, please examine some other possibilities mentioned above
- thought: having nixpkgs.flake.setNixPath interacting with nix.nixPath (same with nixpkgs.flake.setFlakeRegistry / nix.registry) might cause confusion. There are then two ways to do the same thing, which takes precedence, etc. Here i don't yet know of solid suggestion; there is merit to having it in both option sets.
0c919c2
to
ec806b7
Compare
…nfigs Currently there are a bunch of really wacky hacks required to get nixpkgs path correctly set up under flake configs such that `nix run nixpkgs#hello` and `nix run -f '<nixpkgs>' hello` hit the nixpkgs that the system was built with. In particular you have to use specialArgs or an anonymous module, and everyone has to include this hack in their own configs. We can do this for users automatically. I have tested these manually with a basic config; I don't know if it is even possible to write a nixos test for it since you can't really get a string-with-context to yourself unless you are in a flake context.
5ec755d
to
e456032
Compare
While I like this change a lot, I understood that this breaks (at least works unexpectedly for) initializing new flake.lock files using nixpkgs name on such a system, am I wrong? |
I didn't test this PR specifically, but I do have my config set up to point This happens, for instance, with the default flake template:
I'm not sure if |
Good grief, our default flake template is really really broken then. We should fix that. |
Thanks for pointing this out; I wish to throw my computer into the sea. The remote flake registry should be removed imo or at least not used in lock file updates. NixOS/nix#7422 I've now found the previous attempt at this pr, which had a lot more respect for wrongly written flakes that use the registry for their inputs, a use case which should not be allowed imo. #197424 Fortunately the default template is here, so I'll send a pr to stop doing bad things in there at least: https://github.com/NixOS/templates/blob/master/trivial/flake.nix But this needs to be fixed in nix flake update to issue a warning at least. Putting it at nixos in the system registry like the previous pr does is not an acceptable solution as it makes "get random packages" invocations different on NixOS; it's |
This is the PR from ages ago that should be merged to fix |
Makes me a bit uneasy that all references are to open unfinished discussions, but this is the experimental unstable new thing anyway so ymmv. I have been recommending people to use aliases in their flakes on the main channel without any interjections so I would assume not everyone knows or agrees that they should not be used. I don't have strong opinion on the matter, but at least it would be good to standardize that opinion. |
wow :( good research. what a distressing situation. for sure, nix flake update needs to stop doing this >< |
wait, really? this looks Haskell-specific |
Clicked wrong, meant NixOS/templates#53 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This has been reviewed, scrutinized for a long time, this change makes a lot of sense and improves the statut-quo. Let's iterate from now on.
No longer needed via NixOS/nixpkgs#254405
Just for reference, in case someone is looking for the change that caused their flake-based NixOS systems to no longer rebuild. Since I previously had
The suggested use of If you do not wish to do so, you can also disable the newly added option, as described in the release notes (look for NIX_PATH).
IMO the documentation of this change in the release notes is good, but users might still look for this error in the issues and PRs of the nixpkgs repository, so I thought I'd mention it. |
No longer needed since NixOS/nixpkgs#254405 got merged See NixOS/nixpkgs#254405 (comment) for more information
Since <NixOS/nixpkgs#254405> was merged, `nix.nixPath` is set when you use `lib.nixosSystem`
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/use-a-system-nixpkgs-version-in-a-flake/43784/3 |
- Don't auto-optimise-store by default - We should avoid arbitrary "sane defaults" in this template, as nixpkgs already has pretty sane defaults nowadays - Simplify registry+nixPath - Instead of using a file as indirection (to avoid staleness), indirect it through the registry using `flake:nixpkgs` - Add a comment about NixOS/nixpkgs#254405, which all this by default for nixpkgs - Disable channels and flake registry by default
Currently there are a bunch of really wacky hacks required to get nixpkgs path correctly set up under flake configs such that
nix run nixpkgs#hello
andnix run -f '<nixpkgs>' hello
hit the nixpkgs that the system was built with. In particular you have to use specialArgs or an anonymous module, and everyone has to include this hack in their own configs.We can do this for users automatically.
I have tested these manually with a basic config; I don't know if it is even possible to write a nixos test for it since you can't really get a string-with-context to yourself unless you are in a flake context.
cc @RaitoBezarius
Description of changes
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)