macOS - User does not own "system" or "default" profile

[tlindsay]

I'd like to be able to install packages ad-hoc without generating a whole new profile generation. Sometimes I'm test driving something, sometimes I'm just in a hurry and don't want to go through the whole process of editing a nix file and rebuilding my system. I understand that installing packages this way isn't "permanent" in the way that declaring them in my nix config is, and I still want to be able to do this.

$ nix-channel --list
nixpkgs https://nixos.org/channels/nixpkgs-23.11-darwin
nixpkgs-23.11-darwin https://nixos.org/channels/nixpkgs-23.11-darwin

Using $ nix-env -iA nixpkgs.hello I get errors saying that nixpkgs isn't in my default search path, which is confusing to me given the output from nix-channel --list.

My next idea was to try $ nix profile install 'nixpkgs#hello', but that also has issues.

If I understand things correctly, I have 3 nix profiles: ~/.local/state/nix/profiles/home-manager, /nix/var/nix/profiles/system and /nix/var/nix/profiles/default -> /nix/var/nix/profiles/per-user/root/profile

Trying to $ nix profile install to the HM profile seems like a bad idea and not what I want, so that leaves me with the system and per-user/root profiles to try, but those both give permission denied:

$ nix profile install 'nixpkgs#hello'
error: creating symlink from '/nix/var/nix/profiles/system-76-link.tmp-47457-239703633' to '/nix/store/wp55qs45bkwd6wnvrf2syjr2abymwbxk-profile': Permission denied
$ nix profile install 'nixpkgs#hello' --profile /nix/var/nix/profiles/system
error: creating symlink from '/nix/var/nix/profiles/system-76-link.tmp-48959-324922186' to '/nix/store/wp55qs45bkwd6wnvrf2syjr2abymwbxk-profile': Permission denied
$ nix profile install 'nixpkgs#hello' --profile /nix/var/nix/profiles/default
error: creating symlink from '/nix/var/nix/profiles/default-1-link.tmp-47660-1073039347' to '/nix/store/mds25w525q6wdmcz78clz7dpqw05bnj3-profile': Permission denied
$ nix profile install 'nixpkgs#hello' --profile /nix/var/nix/profiles/per-user/root/profile
error: creating symlink from '/nix/var/nix/profiles/per-user/root/profile-3-link.tmp-47945-91487723' to '/nix/store/mds25w525q6wdmcz78clz7dpqw05bnj3-profile': Permission denied

I don't know if I've installed something incorrectly, or if I'm going about this the wrong way.

[dustinlyons]

Try this

nix shell nixpkgs#<package name>

[dustinlyons]

Nix is so damn confusing 😆

When you see any Nix command with a - in it, like nix-env, nix-shell, that's "legacy" and using Nix channels.

Anything with a space, like nix shell, is the "new" way and uses flakes.

https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-shell

I dropped all usage of channels in this project, so it's flakes only.

[tlindsay]

That works, but only for the shell in which it's run. I use tmux a lot and am constantly spawning/killing shell sessions as part of the same workflow. Is there no way to install an ad-hoc package to a profile?

[dustinlyons]

I kind of skipped the whole Nix profile feature in this project, as I felt it was somewhat overkill. Here's my workflow:

1. Use nix shell for things I want to try out quickly
2. If I like it and want to use it, just add the package to my configuration if it's something I want to stick around. Then nix run .#build-switch.

Most of my packages end up in shared:
https://github.com/dustinlyons/nixos-config/blob/main/modules/shared/packages.nix

But for Darwin specific, I put them here:
https://github.com/dustinlyons/nixos-config/blob/main/modules/darwin/packages.nix

It's really easy to add and remove them without any consequence. From my understanding, profiles just give you the ability to rotate between different sets of packages in your environment, which I don't really use.

As long as you don't update your flake.lock file, and just add a package to your configuration, it's very fast to install it (~same speed as profile or nix shell). It's only when you run nix flake update that it takes a while (as it's rebuilding all new updates).

[dustinlyons]

Hi @tlindsay, curious if the above workflow is sufficient for your use case. I'd just install tmux as part of your configuration if you use it all the time (it's what I do).

[tlindsay]

tmux is installed as part of my configuration, that's not really the issue. The issue is that I lose access to whatever command I need from $ nix shell ... as soon as I drop into a new shell (which I do frequently using tmux).

It would be nice to be able to install something and have it persist until I generate a new generation from my flake. That lets me try things out, but have them automatically garbage collected whenever I rebuild my flake. If I need something past that point, it tells me something about how useful that tool actually is, and whether it deserves to become a permanent addition.

(Also, sorry for the long delay between responses. I need to tame my Github notification settings 😅)

[dustinlyons]

Okay, I understand now.

When nix shell nixpkgs#hello runs, all it's doing is looking up if you have hello in the Nix store, then if you don't, building it, then dropping you in a shell and adding a path like this to your PATH variable:

/nix/store/h92a9jd0lhhniv2q417hpwszd4jhys7q-hello-2.12.1/bin

So nothing is ever really installed, it's just sitting in the Nix Store. Your PATH is the only thing that is mutated.

You may want to look at nix-direnv, or for more complex projects nix-direnv + devenv. It doesn't exactly meet your use case (installing temporary packages with nix shell and having them available everywhere), but it automatically makes packages available to you when you drop into a particular directory. So, if you're trying project-specific stuff, you could edit that file and not touch your main configuration. I do this for most projects I'm working on.

Otherwise, you're looking at a script that exports your PATH from within the Nix shell and imports it back in your regular shell.

You could do something like this:

Add to your .bashrc/.zshrc:

function export_nix_path_and_exit() {
  if [ -n "$IN_NIX_SHELL" ]; then
    echo $PATH > /tmp/nix_path_export
  fi
  exit
}

trap export_nix_path_and_exit EXIT

function check_nix_shell_exit() {
  if [ -n "$IN_NIX_SHELL" ]; then
    # Inside Nix shell, do nothing
    return
  fi

  if [ -f /tmp/nix_path_export ]; then
    export PATH=$(cat /tmp/nix_path_export)
  fi
}

PROMPT_COMMAND="check_nix_shell_exit; $PROMPT_COMMAND" (for `bash`)
precmd_functions+=(check_nix_shell_exit) (for `zsh`)

This says:

• on shell exit, check if I'm in a nix shell, and if I am, export my PATH
• on entering any shell, check if I've exported a nix shell PATH, and if I have, override my current PATH

To reset/clear it, you can just delete the /tmp/nix_path_export file. This could be something you do on every rebuild with a script.

[dustinlyons]

Hi @tlindsay, I'm spending some time cleaning up Github Issues. I hope the answer above helps in some way. Let me know here (on this Issue) if you have any more questions.