Flakes: Difference between revisions

From NixOS Wiki
imported>Hypnosis2839
→‎Basic project usage: simplify warning, clarify git-related warning, remove imperative command
Sandro (talk | contribs)
Fix headlines order
 
(54 intermediate revisions by 30 users not shown)
Line 1: Line 1:
'''Nix flakes''' are an [https://nixos.org/manual/nix/stable/contributing/experimental-features.html experimental feature] of the Nix package manager.
<languages />
<translate>
<!--T:1-->
'''Nix flakes''' is an [https://nixos.org/manual/nix/stable/contributing/experimental-Features.html experimental feature] that was introduced with Nix 2.4 ([https://nixos.org/manual/nix/unstable/release-notes/rl-2.4.html see release notes]).


== Introduction ==
====Introduction==== <!--T:2-->


Flakes introduce a policy for managing dependencies between Nix expressions. It improves reproducibility, composability and usability in the Nix ecosystem. Although it's still an experimental feature, flakes have been widely used by the Nix community.
<!--T:3-->
Nix flakes enforce a uniform structure for Nix projects, pin versions of their dependencies in a lock file, and make it more convenient to write reproducible Nix expressions.


Technically, a [https://nixos.org/manual/nix/unstable/command-ref/new-cli/nix3-flake.html#description flake] is a file system tree that contains a Nix file named <code>flake.nix</code> in its root directory.
<!--T:4-->
* A [https://nixos.org/manual/nix/unstable/command-ref/new-cli/nix3-flake.html#description flake] refers to a file-system tree whose root directory contains the Nix file specification called <code>flake.nix</code>.


Flakes add the following behavior to Nix:
<!--T:141-->
* The contents of <code>flake.nix</code> file follow a uniform naming schema for declaring packages and their dependencies in the Nix language.


# A <code>flake.nix</code> file offers a uniform [https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-flake.html#flake-format schema], where:
<!--T:142-->
#* Other flakes can be referenced as dependencies providing Nix language code or other files.
* Flakes introduce a [https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-flake.html#flake-references URL-like syntax] for specifying remote sources.
#* The values produced by the Nix expression in <code>flake.nix</code> are structured according to pre-defined use cases.
# References to other flakes can be specified using a dedicated [https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-flake.html#flake-references URL-like syntax]. A [https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-registry.html flake registry] allows using symbolic identifiers for further brevity. References can be automatically locked to their current specific version and later updated programmatically.
# A [https://nixos.org/manual/nix/stable/command-ref/new-cli/nix.html new command line interface], implemented as a separate experimental feature, leverages flakes by accepting flake references in order to build, run, or deploy software defined as a flake.


== Enable flakes ==
<!--T:143-->
* To simplify the long URL syntax with shorter names, [https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-registry.html flakes uses a registry] of symbolic identifiers.


Flakes have been introduced with Nix 2.4 ([https://nixos.org/manual/nix/unstable/release-notes/rl-2.4.html release notes]).
<!--T:144-->
* Flakes also allow for locking references and versions that can then be queried and updated programmatically.


See [https://lazamar.co.uk/nix-versions/?channel=nixpkgs-unstable&package=nix Nix package versions] to find a channel or <code>nixpkgs</code> revision providing the required Nix version.
<!--T:145-->
* An [https://nixos.org/manual/nix/stable/command-ref/new-cli/nix.html experimental command-line interface] accepts flake references for expressions that build, run, and deploy packages.


Note: Flakes is automatically enabled if you installed Nix using the [https://github.com/DeterminateSystems/nix-installer Determinate Installer].
====Enable flakes temporarily==== <!--T:5-->


===Temporary===
<!--T:6-->
When using any <code>nix</code> command, add the following command-line options:
</translate>
<syntaxhighlight lang="shell">
--experimental-features 'nix-command flakes'
</syntaxhighlight>
<translate>


Add <code>--experimental-features 'nix-command flakes'</code> when calling the <code>nix</code> command.
====Enable flakes permanently in NixOS==== <!--T:7-->


=== Permanent ===
<!--T:8-->
Add the following to the [[Overview_of_the_NixOS_Linux_distribution#Declarative_Configuration system configuration |NixOS configuration]]:


Edit either <code>~/.config/nix/nix.conf</code> or <code>/etc/nix/nix.conf</code> and add:
</translate>
<syntaxHighlight lang=nix>
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
</syntaxHighlight>
<translate>
 
====Other Distros, with Home-Manager==== <!--T:10-->


<!--T:11-->
Add the following to your home-manager config:
</translate>
<syntaxhighlight lang="nix">
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
</syntaxhighlight>
<translate>
====Other Distros, without Home-Manager==== <!--T:13-->
<!--T:14-->
{{Note | The  [https://github.com/DeterminateSystems/nix-installer Determinate Nix Installer] enables flakes by default.}}
<!--T:15-->
Add the following to <code>~/.config/nix/nix.conf</code> or <code>/etc/nix/nix.conf</code>:
</translate>
<syntaxHighlight lang=text>
<syntaxHighlight lang=text>
experimental-features = nix-command flakes
experimental-features = nix-command flakes
</syntaxHighlight>
</syntaxHighlight>
<translate>


Here's a handy copy-paste:
===Basic Usage of Flake=== <!--T:17-->


<syntaxHighlight lang=text>
<!--T:18-->
mkdir -p ~/.config/nix
Before running any nix commands at this point, please note the two warnings below: one for encryption and the other for git.
echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
</syntaxHighlight>


If the Nix installation is in multi-user mode, don’t forget to restart the <code>nix-daemon</code>.
====Encryption WARNING==== <!--T:19-->


=== NixOS ===
<!--T:20-->
{{Warning | Since contents of flake files are copied to the world-readable Nix store folder, do not put any unencrypted secrets in flake files. You should instead use a [[Comparison of secret managing schemes|secret managing scheme]].}}


On NixOS set the following options in <code>configuration.nix</code> and run <code>nixos-rebuild</code>.
====Git WARNING==== <!--T:21-->


<syntaxHighlight lang=nix>
<!--T:146-->
{ pkgs, ... }: {
For flakes in git repos, only files in the working tree will be copied to the store.
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
}
</syntaxHighlight>


== Basic project usage ==
<!--T:22-->
Therefore, if you use <code>git</code> for your flake, ensure to <code>git add</code> any project files after you first create them.


{{warning | Files that are part of the flake will be copied to the world-readable nix store when the flake is evaluated; avoid putting unencrypted secrets in your flake.}}
<!--T:23-->
See also https://www.tweag.io/blog/2020-05-25-flakes/


In your repo, run <code>nix flake init</code> to generate the flake.nix file.
====Generate flake.nix file==== <!--T:24-->


If you use <code>git</code>, ensure to <code>git add</code> any project files, because for flakes in git repos, only files in the working tree will be copied to the store.
<!--T:25-->
To start the basic usage of flake, run the flake command in the project directory:


See also https://www.tweag.io/blog/2020-05-25-flakes/
</translate>
<syntaxHighlight lang=text>
nix flake init
</syntaxHighlight>
<translate>


== Flake schema ==
== Flake schema == <!--T:27-->


<!--T:28-->
The flake.nix file is a Nix file but that has special restrictions (more on that later).
The flake.nix file is a Nix file but that has special restrictions (more on that later).


<!--T:29-->
It has 4 top-level attributes:
It has 4 top-level attributes:


<!--T:30-->
* <code>description</code> is a string describing the flake.
* <code>description</code> is a string describing the flake.
<!--T:147-->
* <code>inputs</code> is an attribute set of all the dependencies of the flake. The schema is described below.
* <code>inputs</code> is an attribute set of all the dependencies of the flake. The schema is described below.
<!--T:148-->
* <code>outputs</code> is a function of one argument that takes an attribute set of all the realized inputs, and outputs another attribute set whose schema is described below.
* <code>outputs</code> is a function of one argument that takes an attribute set of all the realized inputs, and outputs another attribute set whose schema is described below.
<!--T:149-->
* <code>nixConfig</code> is an attribute set of values which reflect the [https://nixos.org/manual/nix/stable/command-ref/conf-file.html values given to nix.conf]. This can extend the normal behavior of a user's nix experience by adding flake-specific configuration, such as a binary cache.
* <code>nixConfig</code> is an attribute set of values which reflect the [https://nixos.org/manual/nix/stable/command-ref/conf-file.html values given to nix.conf]. This can extend the normal behavior of a user's nix experience by adding flake-specific configuration, such as a binary cache.


=== Input schema ===
=== Input schema === <!--T:31-->
 
<!--T:32-->
[https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-flake.html#flake-inputs The nix flake inputs manual].
 
<!--T:150-->
[https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-flake.html#flake-references The nix flake references manual].
 
<!--T:33-->
The inputs attribute defines the dependencies of the flake. For example, nixpkgs has to be defined as a dependency for a system flake in order for the system to build properly.


This is not a complete schema but should be enough to get you started:
<!--T:34-->
Nixpkgs can be defined using the following code:


<syntaxHighlight lang=nix>
</translate>
{
<code>inputs.nixpkgs.url = "github:NixOS/nixpkgs/<branch name>";</code>
  inputs = {
<translate>
    # use master branch of the GitHub repository as input, this is the most common input format
 
    nixpkgs.url = "github:Mic92/nixpkgs/master";
<!--T:36-->
    # Git URL, can be used for any Git repository based on https/ssh protocol
For any repository with its own flake.nix file, the website must also be defined. Nix knows where the nixpkgs repository is, so stating that it's on GitHub is unnecessary.
    git-example.url = "git+https://git.somehost.tld/user/path?ref=branch&rev=fdc8ef970de2b4634e1b3dca296e1ed918459a9e";
 
    # The example above will also copy .git, use this for (shallow) local Git repos
<!--T:37-->
    git-directory-example.url = "git+file:/path/to/repo?shallow=1";
For example, adding [[Hyprland]] as an input would look something like this:
    # Local directories (for absolute paths you can omit 'path:')
 
    directory-example.url = "path:/path/to/repo";
</translate>
<code>inputs.hyprland.url = "github:hyprwm/Hyprland";</code>
<translate>


    bar = {
<!--T:39-->
      url = "github:foo/bar/branch";
If you want to make Hyprland follow the nixpkgs input to avoid having multiple versions of nixpkgs, this can be done using the following code:
      # if the input is not a flake, you need to set flake=false
      flake = false;
    };


    sops-nix = {
</translate>
      url = "github:Mic92/sops-nix";
<code>inputs.hyprland.inputs.nixpkgs.follows = "nixpkgs";</code>
      # The `follows` keyword in inputs is used for inheritance.
<translate>
      # Here, `inputs.nixpkgs` of sops-nix is kept consistent with the `inputs.nixpkgs` of
      # the current flake, to avoid problems caused by different versions of nixpkgs.
      inputs.nixpkgs.follows = "nixpkgs";
    };


    # Pin flakes to a specific revision
<!--T:41-->
    nix-doom-emacs = {
Using curly brackets({}), we can shorten all of this and put it in a table. The code will look something like this:
      url = "github:vlaci/nix-doom-emacs?rev=238b18d7b2c8239f676358634bfb32693d3706f3";
      flake = false;
    };


    # To use a subdirectory of a repo, pass `dir=xxx`
</translate>
    nixpkgs.url = "github:foo/bar?dir=shu";
<syntaxhighlight lang="nix">
   }
inputs = {
}
  nixpkgs.url = "github:NixOS/nixpkgs/<branch name>";
</syntaxHighlight>
  hyprland = {
Also see [https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-flake.html#flake-references the nix flake manual].
    url = "github:hyprwm/Hyprland";
    inputs.nixpkgs.follows = "nixpkgs";
   };
};
</syntaxhighlight>
<translate>


The bar input is then passed to the output schema
=== Output schema === <!--T:42-->


=== Output schema ===
<!--T:151-->
This is described in the nix package manager [https://github.com/NixOS/nix/blob/master/src/nix/flake-check.md src/nix/flake-check.md].


<!--T:43-->
Once the inputs are resolved, they're passed to the function `outputs` along with with `self`, which is the directory of this flake in the store. `outputs` returns the outputs of the flake, according to the following schema.
Once the inputs are resolved, they're passed to the function `outputs` along with with `self`, which is the directory of this flake in the store. `outputs` returns the outputs of the flake, according to the following schema.


This is described in the nix package manager [https://github.com/NixOS/nix/blob/master/src/nix/flake.cc src/nix/flake.cc] in CmdFlakeCheck.
<!--T:44-->
 
Where:
Where:


<!--T:45-->
* <code><system></code> is something like "x86_64-linux", "aarch64-linux", "i686-linux", "x86_64-darwin"
* <code><system></code> is something like "x86_64-linux", "aarch64-linux", "i686-linux", "x86_64-darwin"
<!--T:152-->
* <code><name></code> is an attribute name like "hello".
* <code><name></code> is an attribute name like "hello".
<!--T:153-->
* <code><flake></code> is a flake name like "nixpkgs".
* <code><flake></code> is a flake name like "nixpkgs".
<!--T:154-->
* <code><store-path></code> is a <code>/nix/store..</code> path
* <code><store-path></code> is a <code>/nix/store..</code> path


</translate>
<syntaxHighlight lang=nix>
<syntaxHighlight lang=nix>
{ self, ... }@inputs:
{ self, ... }@inputs:
Line 159: Line 225:
   overlays.default = final: prev: { };
   overlays.default = final: prev: { };
   # Nixos module, consumed by other flakes
   # Nixos module, consumed by other flakes
   nixosModules."<name>" = { config }: { options = {}; config = {}; };
   nixosModules."<name>" = { config, ... }: { options = {}; config = {}; };
   # Default module
   # Default module
   nixosModules.default = { config }: { options = {}; config = {}; };
   nixosModules.default = { config, ... }: { options = {}; config = {}; };
   # Used with `nixos-rebuild --flake .#<hostname>`
   # Used with `nixos-rebuild switch --flake .#<hostname>`
   # nixosConfigurations."<hostname>".config.system.build.toplevel must be a derivation
   # nixosConfigurations."<hostname>".config.system.build.toplevel must be a derivation
   nixosConfigurations."<hostname>" = {};
   nixosConfigurations."<hostname>" = {};
Line 180: Line 246:
}
}
</syntaxHighlight>
</syntaxHighlight>
<translate>


<!--T:48-->
You can also define additional arbitrary attributes, but these are the outputs that Nix knows about.
You can also define additional arbitrary attributes, but these are the outputs that Nix knows about.


==== nix run ====
==== nix run ==== <!--T:49-->
 
<!--T:155-->
When output <code>apps.<system>.myapp</code> is not defined, <code>nix run myapp</code> runs <code><packages or legacyPackages.<system>.myapp>/bin/<myapp.meta.mainProgram or myapp.pname or myapp.name (the non-version part)></code>
When output <code>apps.<system>.myapp</code> is not defined, <code>nix run myapp</code> runs <code><packages or legacyPackages.<system>.myapp>/bin/<myapp.meta.mainProgram or myapp.pname or myapp.name (the non-version part)></code>


== Using flakes with stable Nix ==
== Using flakes with stable Nix == <!--T:50-->


<!--T:51-->
There exists the [https://github.com/edolstra/flake-compat flake-compat] library that you can use to shim <code>default.nix</code> and <code>shell.nix</code> files. It will download the inputs of the flake, pass them to the flake’s <code>outputs</code> function and return an attribute set containing <code>defaultNix</code> and <code>shellNix</code> attributes. The attributes will contain the output attribute set with an extra <code>default</code> attribute pointing to current platform’s <code>defaultPackage</code> (resp. <code>devShell</code> for <code>shellNix</code>).
There exists the [https://github.com/edolstra/flake-compat flake-compat] library that you can use to shim <code>default.nix</code> and <code>shell.nix</code> files. It will download the inputs of the flake, pass them to the flake’s <code>outputs</code> function and return an attribute set containing <code>defaultNix</code> and <code>shellNix</code> attributes. The attributes will contain the output attribute set with an extra <code>default</code> attribute pointing to current platform’s <code>defaultPackage</code> (resp. <code>devShell</code> for <code>shellNix</code>).


<!--T:52-->
Place the following into <code>default.nix</code> (for <code>shell.nix</code>, replace <code>defaultNix</code> with <code>shellNix</code>) to use the shim:
Place the following into <code>default.nix</code> (for <code>shell.nix</code>, replace <code>defaultNix</code> with <code>shellNix</code>) to use the shim:


</translate>
<syntaxHighlight lang=nix>
<syntaxHighlight lang=nix>
(import (
(import (
Line 201: Line 274:
}).defaultNix
}).defaultNix
</syntaxHighlight>
</syntaxHighlight>
<translate>


<!--T:54-->
You can also use the lockfile to make updating the hashes easier using <code>nix flake lock --update-input flake-compat</code>. Add the following to your <code>flake.nix</code>:
You can also use the lockfile to make updating the hashes easier using <code>nix flake lock --update-input flake-compat</code>. Add the following to your <code>flake.nix</code>:


</translate>
<syntaxHighlight lang=nix>
<syntaxHighlight lang=nix>
   inputs.flake-compat = {
   inputs.flake-compat = {
Line 210: Line 286:
   };
   };
</syntaxHighlight>
</syntaxHighlight>
<translate>


<!--T:56-->
and add <code>flake-compat</code> to the arguments of <code>outputs</code> attribute. Then you will be able to use <code>default.nix</code> like the following:
and add <code>flake-compat</code> to the arguments of <code>outputs</code> attribute. Then you will be able to use <code>default.nix</code> like the following:


<syntaxHighlight lang=nix>
</translate>
<syntaxhighlight lang="nix">
(import (
(import (
   let
   let
     lock = builtins.fromJSON (builtins.readFile ./flake.lock);
     lock = builtins.fromJSON (builtins.readFile ./flake.lock);
   in fetchTarball {
    nodeName = lock.nodes.root.inputs.flake-compat;
     url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
   in
     sha256 = lock.nodes.flake-compat.locked.narHash; }
  fetchTarball {
) {
     url =
  src = ./.;
      lock.nodes.${nodeName}.locked.url
}).defaultNix
        or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.${nodeName}.locked.rev}.tar.gz";
</syntaxHighlight>
     sha256 = lock.nodes.${nodeName}.locked.narHash;
  }
) { src = ./.; }).defaultNix
</syntaxhighlight>
<translate>


== Accessing flakes from Nix expressions ==
== Accessing flakes from Nix expressions == <!--T:58-->


If you want to access a flake from within a regular Nix expression on a system that has flakes enabled, you can use something like <code>(builtins.getFlake "path:/path/to/directory").packages.x86_64-linux.default</code>, where 'directory' is the directory that contains your <code>flake.nix</code>.
<!--T:59-->
If you want to access a flake from within a regular Nix expression on a system that has flakes enabled, you can use something like <code>(builtins.getFlake "/path/to/directory").packages.x86_64-linux.default</code>, where 'directory' is the directory that contains your <code>flake.nix</code>.


== Making your evaluations pure ==
== Making your evaluations pure == <!--T:60-->


<!--T:61-->
Nix flakes run in pure evaluation mode, which is underdocumented. Some tips for now:
Nix flakes run in pure evaluation mode, which is underdocumented. Some tips for now:


<!--T:62-->
* fetchurl and fetchtar [https://github.com/NixOS/nix/blob/36c4d6f59247826dde32ad2e6b5a9471a9a1c911/src/libexpr/primops/fetchTree.cc#L201 require] a sha256 argument to be considered pure.
* fetchurl and fetchtar [https://github.com/NixOS/nix/blob/36c4d6f59247826dde32ad2e6b5a9471a9a1c911/src/libexpr/primops/fetchTree.cc#L201 require] a sha256 argument to be considered pure.
<!--T:156-->
* builtins.currentSystem is non-hermetic and impure. This can usually be avoided by passing the system (i.e., x86_64-linux) explicitly to derivations requiring it.
* builtins.currentSystem is non-hermetic and impure. This can usually be avoided by passing the system (i.e., x86_64-linux) explicitly to derivations requiring it.
<!--T:157-->
* Imports from channels like <code><nixpkgs></code> can be made pure by instead importing from the <code>output</code> function in <code>flake.nix</code>, where the arguments provide the store path to the flake's inputs:
* Imports from channels like <code><nixpkgs></code> can be made pure by instead importing from the <code>output</code> function in <code>flake.nix</code>, where the arguments provide the store path to the flake's inputs:


<syntaxHighlight lang=nix>
</translate>
<syntaxhighlight lang="nix">
  outputs = { self, nixpkgs, ... }:
  outputs = { self, nixpkgs, ... }:
   {
   {
     nixosConfigurations.machine = nixpkgs.lib.nixosSystem {
     nixosConfigurations.machine = nixpkgs.lib.nixosSystem {
      # Note that you cannot put arbitrary configuration here: the configuration must be placed in the files loaded via modules
      system = "x86_64-linux";
       modules = [
       modules = [
         (nixpkgs + "/nixos/modules/<some-module>.nix")
         "${nixpkgs}/nixos/modules/<some-module>.nix"
         ./machine.nix
         ./machine.nix
       ];
       ];
     };
     };
   };
   };
</syntaxHighlight>
</syntaxhighlight>
<translate>


== The nix flakes command ==
== The nix flakes command == <!--T:64-->


<!--T:65-->
The {{ic|nix flake}} subcommand is described in [https://nixos.org/manual/nix/unstable/command-ref/new-cli/nix3-flake.html command reference page of the unstable manual].
The {{ic|nix flake}} subcommand is described in [https://nixos.org/manual/nix/unstable/command-ref/new-cli/nix3-flake.html command reference page of the unstable manual].


== Install packages with `nix profile` ==
== Install packages with `nix profile` == <!--T:66-->
 
You can install Nix packages into your local profile from any flakes with `nix profile install. For example from `nixpkgs`` flake :
<syntaxHighlight lang=bash>
nix profile install nixpkgs#hello
</syntaxHighlight>


On NixOS you can syncronize your system and your profile references to `nixpkgs` with:
<!--T:67-->
<syntaxHighlight lang=bash>
[https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-profile-install.html <code>nix profile install</code> in the manual]
nix registry pin nixpkgs github:NixOS/nixpkgs/$(nixos-version --revision)
</syntaxHighlight>


== Using nix flakes with NixOS ==
== Using nix flakes with NixOS == <!--T:68-->


nixos-rebuild switch will read its configuration from <code>/etc/nixos/flake.nix</code> if it is present.
<!--T:69-->
{{Ic|nixos-rebuild switch}} will read its configuration from <code>/etc/nixos/flake.nix</code> if it is present.


<!--T:70-->
A basic nixos flake.nix could look like this:
A basic nixos flake.nix could look like this:


<syntaxHighlight lang=nix>
</translate>
<syntaxhighlight lang="nix">
{
{
  inputs.nixpkgs.url = github:NixOS/nixpkgs/nixos-unstable;
   outputs = { self, nixpkgs }: {
   outputs = { self, nixpkgs }: {
     # replace 'joes-desktop' with your hostname here.
     # replace 'joes-desktop' with your hostname here.
     nixosConfigurations.joes-desktop = nixpkgs.lib.nixosSystem {
     nixosConfigurations.joes-desktop = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
       modules = [ ./configuration.nix ];
       modules = [ ./configuration.nix ];
     };
     };
   };
   };
}
}
</syntaxHighlight>
</syntaxhighlight>
<translate>
 
<!--T:158-->
If you want to pass on the flake inputs to external configuration files, you can use the <code>specialArgs</code> attribute:
If you want to pass on the flake inputs to external configuration files, you can use the <code>specialArgs</code> attribute:
<syntaxHighlight lang=nix>
 
</translate>
<syntaxhighlight lang="nix">
{
{
   inputs.nixpkgs.url = github:NixOS/nixpkgs;
   inputs.nixpkgs.url = github:NixOS/nixpkgs/nixos-unstable;
   inputs.home-manager.url = github:nix-community/home-manager;
   inputs.home-manager.url = github:nix-community/home-manager;


   outputs = { self, nixpkgs, ... }@attrs: {
   outputs = { self, nixpkgs, ... }@inputs: {
     nixosConfigurations.fnord = nixpkgs.lib.nixosSystem {
     nixosConfigurations.fnord = nixpkgs.lib.nixosSystem {
       system = "x86_64-linux";
       specialArgs = { inherit inputs; };
      specialArgs = attrs;
       modules = [ ./configuration.nix ];
       modules = [ ./configuration.nix ];
     };
     };
   };
   };
}
}
</syntaxHighlight>
</syntaxhighlight>
<translate>
 
<!--T:159-->
Then, you can access the flake inputs from the file <code>configuration.nix</code> like this:
Then, you can access the flake inputs from the file <code>configuration.nix</code> like this:
<syntaxHighlight lang=nix>
 
{ config, lib, nixpkgs, home-manager, ... }: {
</translate>
<syntaxhighlight lang="nix">
{ config, lib, inputs, ... }: {
   # do something with home-manager here, for instance:
   # do something with home-manager here, for instance:
   imports = [ home-manager.nixosModules.default ];
   imports = [ inputs.home-manager.nixosModules.default ];
   ...
   ...
}
}
</syntaxHighlight>
</syntaxhighlight>
<translate>
 


nixos-rebuild also allows to specify different flake using the <code>--flake</code> flag (# is optional):
<!--T:73-->
{{Ic|nixos-rebuild}} also allows to specify different flake using the <code>--flake</code> flag (# is optional):


<syntaxHighlight lang=console>
</translate>
$ sudo nixos-rebuild switch --flake '.#'
<syntaxhighlight lang="console">
</syntaxHighlight>
$ sudo nixos-rebuild switch --flake .
</syntaxhighlight>
<translate>


<!--T:75-->
By default nixos-rebuild will use the currents system hostname to lookup the right nixos configuration in <code>nixosConfigurations</code>. You can also override this by using appending it to the flake parameter:
By default nixos-rebuild will use the currents system hostname to lookup the right nixos configuration in <code>nixosConfigurations</code>. You can also override this by using appending it to the flake parameter:


<syntaxHighlight lang=console>
</translate>
$ sudo nixos-rebuild switch --flake '/etc/nixos#joes-desktop'
<syntaxhighlight lang="console">
</syntaxHighlight>
$ sudo nixos-rebuild switch --flake /etc/nixos#joes-desktop
</syntaxhighlight>
<translate>
 
<!--T:77-->
To switch a remote host you can use:


To switch a remote configuration, use:
</translate>
<syntaxHighlight lang=console>
<syntaxhighlight lang="bash">
$ nixos-rebuild --flake .#mymachine \
$ nixos-rebuild --flake .#mymachine \
   --target-host mymachine-hostname --build-host localhost \
   --target-host mymachine-hostname \
  --build-host mymachine-hostname --fast \
   switch
   switch
</syntaxhighlight>
<translate>
<!--T:78-->
{{warning|Remote building seems to have an issue that's [https://github.com/NixOS/nixpkgs/issues/134952#issuecomment-1367056358 resolved by setting the <code>--fast</code> flag].}}
== Pinning the registry on NixOS == <!--T:79-->
</translate>
<syntaxhighlight lang="nix">
{ inputs, ... }:
{
nix.registry = {
    nixpkgs.flake = inputs.nixpkgs;
  };
}
</syntaxhighlight>
<translate>
<!--T:81-->
To make sure the registry entry is "locked", use the following:
</translate>
<syntaxHighlight lang=nix>
  nix.registry = {
    nixpkgs.to = {
      type = "path";
      path = pkgs.path;
      narHash = builtins.readFile
          (pkgs.runCommandLocal "get-nixpkgs-hash"
            { nativeBuildInputs = [ pkgs.nix ]; }
            "nix-hash --type sha256 --sri ${pkgs.path} > $out");
    };
  };
</syntaxHighlight>
</syntaxHighlight>
<translate>


{{warning|Remote building seems to be broken at the moment, which is why the build host is set to “localhost”.}}
<!--T:83-->
This has the unfortunate side-effect of requiring import-from-derivation and slowing down build times, however it may greatly speed up almost every eval. Full-time flakes users may be able to just use <code>narHash = pkgs.narHash</code>.


== Super fast nix-shell ==
== Super fast nix-shell == <!--T:84-->


<!--T:85-->
A feature of the nix Flake edition is that Nix evaluations are cached.
A feature of the nix Flake edition is that Nix evaluations are cached.


<!--T:86-->
Let’s say that your project has a <code>shell.nix</code> file that looks like this:
Let’s say that your project has a <code>shell.nix</code> file that looks like this:


<syntaxHighlight lang=nix>
</translate>
{ pkgs ? import <nixpkgs> { } }:
<syntaxhighlight lang="nix">
with pkgs;
{
mkShell {
  pkgs ? import <nixpkgs> { },
   buildInputs = [
}:
    nixpkgs-fmt
pkgs.mkShell {
  ];
   packages = [ pkgs.nixfmt ];


   shellHook = ''
   shellHook = ''
Line 347: Line 493:
   '';
   '';
}
}
</syntaxHighlight>
</syntaxhighlight>
<translate>


<!--T:89-->
Running nix-shell can be a bit slow and take 1-3 seconds.
Running nix-shell can be a bit slow and take 1-3 seconds.


<!--T:90-->
Now create a <code>flake.nix</code> file in the same repository:
Now create a <code>flake.nix</code> file in the same repository:


<syntaxHighlight lang=nix>
</translate>
<syntaxhighlight lang="nix">
{
{
   description = "my project description";
   inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";


   inputs.flake-utils.url = "github:numtide/flake-utils";
   outputs =
 
    { nixpkgs, ... }:
  outputs = { self, nixpkgs, flake-utils }:
     {
     flake-utils.lib.eachDefaultSystem
      /*
       (system:
        This example assumes your system is x86_64-linux
         let pkgs = nixpkgs.legacyPackages.${system}; in
        change as neccesary
      */
       devShells.x86_64-linux =
         let
          pkgs = nixpkgs.legacyPackages.x86_64-linux;
        in
         {
         {
           devShells.default = import ./shell.nix { inherit pkgs; };
           default = pkgs.mkShell {
         }
            packages = [ pkgs.hello ];
      );
          };
         };
    };
}
}
</syntaxHighlight>
}
</syntaxhighlight>
<translate>


Run git add flake.nix so that Nix recognizes it.
<!--T:93-->
( If you're in a git repository run `git add flake.nix` so that Nix recognizes it. )


<!--T:94-->
And finally, run <code>nix develop</code>. This is what replaces the old nix-shell invocation.
And finally, run <code>nix develop</code>. This is what replaces the old nix-shell invocation.


<!--T:95-->
Exit and run again, this command should now be super fast.
Exit and run again, this command should now be super fast.


<!--T:96-->
{{warning|TODO: there is an alternative version where the defaultPackage is a pkgs.buildEnv that contains all the dependencies. And then nix shell is used to open the environment.}}
{{warning|TODO: there is an alternative version where the defaultPackage is a pkgs.buildEnv that contains all the dependencies. And then nix shell is used to open the environment.}}


=== Direnv integration ===
=== Automatically switch nix shells with nix-direnv === <!--T:97-->
 
Assuming that the flake defines a <code>devShell</code> output attribute and that you are using direnv. Here is how to replace the old use nix stdlib function with the faster flake version:
 
<syntaxHighlight lang=sh>
use_flake() {
  watch_file flake.nix
  watch_file flake.lock
  eval "$(nix print-dev-env --profile "$(direnv_layout_dir)/flake-profile")"
}
</syntaxHighlight>
 
Copy this in <code>~/.config/direnv/lib/use_flake.sh</code> or in <code>~/.config/direnv/direnvrc</code>
or directly in your project specific <code>.envrc</code>.
 
Note: You may not need to create <code>use_flake()</code> yourself; as of [https://github.com/direnv/direnv/releases/tag/v2.29.0#:~:text=add%20use_flake%20function direnv 2.29,] <code>use flake</code> is part of direnv's standard library.
 
With this in place, you can now replace the use nix invocation in the <code>.envrc</code> file with <code>use flake</code>:
 
<syntaxHighlight lang=text>
# .envrc
use flake
</syntaxHighlight>
 
The nice thing about this approach is that evaluation is cached.
 
==== Optimize the reloads ====
 
Nix Flakes has a Nix evaluation caching mechanism. Is it possible to expose that somehow to automatically trigger direnv reloads?
 
With the previous solution, direnv would only reload if the flake.nix or flake.lock files have changed. This is not completely precise as the flake.nix file might import other files in the repository.
 
==== Setting the bash prompt like nix-shell ====


A [https://github.com/NixOS/nix/pull/4189 new experimental feature of flakes] allow to setup a bash-prompt per flake:
<!--T:98-->
<syntaxHighlight lang=nix>
You can easily switch nix shells when you cd into different projects with [https://github.com/nix-community/nix-direnv nix-direnv].
{
  description = "...";
  nixConfig.bash-prompt = "\[nix-develop\]$ ";
  ...
}
</syntaxHighlight>


Otherwise it's also possible to set the <code>nix develop</code> bash prompt system wide using the [https://nixos.org/manual/nix/unstable/command-ref/conf-file.html nix.conf option bash-prompt]. (On nixos I think it is set in <code>nix.extraOptions</code>)
== Pushing Flakes to Cachix == <!--T:99-->
 
== Pushing Flakes to Cachix ==


</translate>
https://docs.cachix.org/pushing#flakes
https://docs.cachix.org/pushing#flakes
<translate>


To push ''all'' flake outputs automatically, use [https://github.com/srid/devour-flake#usage devour-flake].
<!--T:101-->
To push ''all'' flake outputs automatically, checkout [https://github.com/srid/devour-flake#usage devour-flake].


== Build specific attributes in a flake repository ==
== Build specific attributes in a flake repository == <!--T:102-->


<!--T:103-->
When in the repository top-level, run <code>nix build .#<attr></code>. It will look in the <code>legacyPackages</code> and <code>packages</code> output attributes for the corresponding derivation.
When in the repository top-level, run <code>nix build .#<attr></code>. It will look in the <code>legacyPackages</code> and <code>packages</code> output attributes for the corresponding derivation.


<!--T:104-->
Eg, in nixpkgs:
Eg, in nixpkgs:


</translate>
<syntaxHighlight lang=console>
<syntaxHighlight lang=console>
$ nix build .#hello
$ nix build .#hello
</syntaxHighlight>
</syntaxHighlight>
<translate>


=== Building flakes from a Git repo url with submodules ===
=== Building flakes from a Git repo url with submodules === <!--T:106-->


As per nix 2.9.1, git submodules in package <code>src</code>s won't get copied to the nix store, this may cause the build to fail.  To workaround this, use:
<!--T:107-->
As per nix 2.9.1, git submodules in package <code>src</code>'s won't get copied to the nix store, this may cause the build to fail.  To workaround this, use:


<syntaxHighlight lang=console>
</translate>
$ nix build .?submodules=1#hello
<syntaxhighlight lang="console">
</syntaxHighlight>
nix build '.?submodules=1#hello'
</syntaxhighlight>
<translate>


<!--T:109-->
See: https://github.com/NixOS/nix/pull/5434
See: https://github.com/NixOS/nix/pull/5434


== Importing packages from multiple channels ==
== Importing packages from multiple nixpkgs branches == <!--T:110-->


A NixOS config flake skeleton could be as follows:
<!--T:111-->
<syntaxHighlight lang=nix>
A NixOS config flake could be as follows:
 
</translate>
<syntaxhighlight lang="nix">
{
{
   description = "NixOS configuration with two or more channels";
   description = "NixOS configuration with two or more channels";


  inputs = {
inputs = {
     nixpkgs.url = "nixpkgs/nixos-21.11";
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
     nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
   };
   };


   outputs = { self, nixpkgs, nixpkgs-unstable }:
   outputs =
    let
    { nixpkgs, nixpkgs-unstable, ... }:
      system = "x86_64-linux";
     {
      overlay-unstable = final: prev: {
        unstable = nixpkgs-unstable.legacyPackages.${prev.system};
        # use this variant if unfree packages are needed:
        # unstable = import nixpkgs-unstable {
        #  inherit system;
        #  config.allowUnfree = true;
        # };
 
      };
     in {
       nixosConfigurations."<hostname>" = nixpkgs.lib.nixosSystem {
       nixosConfigurations."<hostname>" = nixpkgs.lib.nixosSystem {
        inherit system;
         modules = [
         modules = [
           # Overlays-module makes "pkgs.unstable" available in configuration.nix
           {
          ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
            nixpkgs.overlays = [
              (final: prev: {
                unstable = nixpkgs-unstable.legacyPackages.${prev.system};
                # use this variant if unfree packages are needed:
                # unstable = import nixpkgs-unstable {
                #  inherit system;
                #  config.allowUnfree = true;
                # };
              })
            ];
          }
           ./configuration.nix
           ./configuration.nix
         ];
         ];
Line 484: Line 620:
     };
     };
}
}
</syntaxHighlight>
</syntaxhighlight>
<translate>


<syntaxHighlight lang=nix>
</translate>
<syntaxhighlight lang="nix">
# NixOS configuration.nix, can now use "pkgs.package" or "pkgs.unstable.package"
# NixOS configuration.nix, can now use "pkgs.package" or "pkgs.unstable.package"
{ config, pkgs, ... }: {
{ pkgs, ... }:
   environment.systemPackages = [pkgs.firefox pkgs.unstable.chromium];
{
   environment.systemPackages = [
    pkgs.firefox
    pkgs.unstable.chromium
  ];
   # ...
   # ...
}
}
</syntaxHighlight>
</syntaxhighlight>
Same can be done with the NURs, as it already has an ''overlay'' attribute in the flake.nix of the project, you can just add <syntaxHighlight lang=nix>nixpkgs.overlays = [ nur.overlay ];</syntaxHighlight>
<translate>


<!--T:160-->
If the variable <code>nixpkgs</code> points to the flake, you can also define <code>pkgs</code> with overlays with:
If the variable <code>nixpkgs</code> points to the flake, you can also define <code>pkgs</code> with overlays with:


<syntaxHighlight lang=nix>
</translate>
pkgs = import nixpkgs { overlays = [ /*the overlay in question*/ ]; };
<syntaxhighlight lang="nix">
</syntaxHighlight>
pkgs = import nixpkgs { system = "x86_64-linux"; overlays = [ /*the overlay in question*/ ]; };
</syntaxhighlight>
<translate>


== Getting ''Instant'' System Flakes Repl ==
== Getting ''Instant'' System Flakes Repl == <!--T:116-->


<!--T:117-->
How to get a nix repl out of your system flake:
How to get a nix repl out of your system flake:


<syntaxHighlight lang=text>
</translate>
# nix repl
<syntaxhighlight lang="text">
>> :lf /etc/nixos
$ nix repl
>> nixosConfigurations.myhost.config
 
{ ... }
nix-repl> :lf /path/to/flake
</syntaxHighlight>
Added 18 variables.


Or out of your current flake:
nix-repl> nixosConfigurations.myHost.config.networking.hostName
<syntaxHighlight lang=text>
"myHost"
# nix repl
>> :lf .#
</syntaxHighlight>


You can then access to the inputs, outputs… For instance if you would like to check the default version of the kernel present in nixpgs:
</syntaxhighlight>
<syntaxHighlight lang=text>
<translate>
nix-repl> inputs.nixpkgs.legacyPackages.x86_64-linux.linuxPackages.kernel.version
"5.15.74"
</syntaxHighlight>


<!--T:122-->
However, this won't be instant upon evaluation if any file changes have been done since your last configuration rebuild. Instead, if one puts:
However, this won't be instant upon evaluation if any file changes have been done since your last configuration rebuild. Instead, if one puts:


</translate>
<syntaxHighlight lang=nix>
<syntaxHighlight lang=nix>
nix.nixPath = let path = toString ./.; in [ "repl=${path}/repl.nix" "nixpkgs=${inputs.nixpkgs}" ];
nix.nixPath = let path = toString ./.; in [ "repl=${path}/repl.nix" "nixpkgs=${inputs.nixpkgs}" ];
</syntaxHighlight>
</syntaxHighlight>
<translate>


<!--T:123-->
In their system <code>flake.nix</code> configuration file, and includes the following file in their root directory flake as <code>repl.nix</code>:
In their system <code>flake.nix</code> configuration file, and includes the following file in their root directory flake as <code>repl.nix</code>:


</translate>
<syntaxHighlight lang=nix>
<syntaxHighlight lang=nix>
let
let
Line 544: Line 689:
// flake.nixosConfigurations
// flake.nixosConfigurations
</syntaxHighlight>
</syntaxHighlight>
<translate>


<!--T:125-->
(Don't forget to <code>git add repl.nix && nixos-rebuild  switch --flake "/etc/nixos"</code>)
(Don't forget to <code>git add repl.nix && nixos-rebuild  switch --flake "/etc/nixos"</code>)
Then one can run (or bind a shell alias):
Then one can run (or bind a shell alias):


</translate>
<syntaxHighlight lang=bash>
<syntaxHighlight lang=bash>
source /etc/set-environment && nix repl $(echo $NIX_PATH | perl -pe 's|.*(/nix/store/.*-source/repl.nix).*|\1|')</syntaxHighlight>
source /etc/set-environment && nix repl $(echo $NIX_PATH | perl -pe 's|.*(/nix/store/.*-source/repl.nix).*|\1|')</syntaxHighlight>
<translate>


<!--T:127-->
This will launch a repl with access to <code>nixpkgs</code>, <code>lib</code>, and the <code>flake</code> options in a split of a second.
This will launch a repl with access to <code>nixpkgs</code>, <code>lib</code>, and the <code>flake</code> options in a split of a second.


<!--T:128-->
An alternative approach to the above shell alias is omitting <code>repl</code> from <code>nix.nixPath</code> and creating a shell script:
An alternative approach to the above shell alias is omitting <code>repl</code> from <code>nix.nixPath</code> and creating a shell script:
</translate>
<syntaxHighlight lang=nix>
<syntaxHighlight lang=nix>
nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
Line 566: Line 719:
];
];
</syntaxHighlight>
</syntaxHighlight>
<translate>
== Enable unfree software == <!--T:129-->
<!--T:130-->
Refer to [[Unfree software|Unfree Software]].
== Development tricks == <!--T:131-->
=== Build a package added in a PR === <!--T:161-->
</translate>
<syntaxHighlight>
nix build github:nixos/nixpkgs?ref=pull/<PR_NUMBER>/head#<PACKAGE>
</syntaxHighlight>
<translate>
<!--T:162-->
this allows building a package that has not yet been added to nixpkgs.


== Enable unfree software ==
<!--T:132-->
note that this will download a full source tarball of nixpkgs.  if you already have a local clone, using that may be faster due to delta compression:


Refer to [[Unfree Software]].
</translate>
<syntaxHighlight>
git fetch upstream pull/<PR_NUMBER>/head && git checkout FETCH_HEAD && nix build .#PACKAGE
</syntaxHighlight>
<translate>


== Development tricks ==
<!--T:163-->
=== How to add a file locally in git but not include it in commits ===
this allows building a package that has not yet been added to nixpkgs.


=== How to add a file locally in git but not include it in commits === <!--T:164-->
<!--T:133-->
When a git folder exists, flake will only copy files added in git to maximize reproducibility (this way if you forgot to add a local file in your repo, you will directly get an error when you try to compile it). However, for development purpose you may want to create an alternative flake file, for instance containing configuration for your preferred editors as described [https://discourse.nixos.org/t/local-personal-development-tools-with-flakes/22714/8 here]… of course without committing this file since it contains only your own preferred tools. You can do so by doing something like that (say for a file called <code>extra/flake.nix</code>):
When a git folder exists, flake will only copy files added in git to maximize reproducibility (this way if you forgot to add a local file in your repo, you will directly get an error when you try to compile it). However, for development purpose you may want to create an alternative flake file, for instance containing configuration for your preferred editors as described [https://discourse.nixos.org/t/local-personal-development-tools-with-flakes/22714/8 here]… of course without committing this file since it contains only your own preferred tools. You can do so by doing something like that (say for a file called <code>extra/flake.nix</code>):


</translate>
<syntaxHighlight>
<syntaxHighlight>
git add --intent-to-add extra/flake.nix
git add --intent-to-add extra/flake.nix
git update-index --skip-worktree extra/flake.nix
git update-index --skip-worktree --assume-unchanged extra/flake.nix
</syntaxHighlight>
</syntaxHighlight>
<translate>


=== Rapid iteration of a direct dependency ===
=== Rapid iteration of a direct dependency === <!--T:135-->
 
<!--T:165-->
One common pain point with using Nix as a development environment is the need to completely rebuild dependencies and re-enter the dev shell every time they are updated. The <code>nix develop --redirect <flake> <directory></code> command allows you to provide a mutable dependency to your shell as if it were built by Nix.
One common pain point with using Nix as a development environment is the need to completely rebuild dependencies and re-enter the dev shell every time they are updated. The <code>nix develop --redirect <flake> <directory></code> command allows you to provide a mutable dependency to your shell as if it were built by Nix.


<!--T:136-->
Consider a situation where your executable, <code>consumexe</code>, depends on a library, <code>libdep</code>. You're trying to work on both at the same time, where changes to <code>libdep</code> are reflected in real time for <code>consumexe</code>. This workflow can be achieved like so:
Consider a situation where your executable, <code>consumexe</code>, depends on a library, <code>libdep</code>. You're trying to work on both at the same time, where changes to <code>libdep</code> are reflected in real time for <code>consumexe</code>. This workflow can be achieved like so:


</translate>
<syntaxHighlight lang=bash>
<syntaxHighlight lang=bash>
cd ~/libdep-src-checkout/
cd ~/libdep-src-checkout/
Line 593: Line 779:
installPhase # install it like nix does
installPhase # install it like nix does
</syntaxHighlight>
</syntaxHighlight>
<translate>
<!--T:166-->
Now that you've built the dependency, <code>consumexe</code> can take it as an input. '''In another terminal''':
Now that you've built the dependency, <code>consumexe</code> can take it as an input. '''In another terminal''':
</translate>
<syntaxHighlight lang=bash>
<syntaxHighlight lang=bash>
cd ~/consumexe-src-checkout/
cd ~/consumexe-src-checkout/
Line 600: Line 791:
# Output should show ~/libdep-src-checkout/ so you know it worked
# Output should show ~/libdep-src-checkout/ so you know it worked
</syntaxHighlight>
</syntaxHighlight>
<translate>
<!--T:167-->
If Nix warns you that your redirected flake isn't actually used as an input to the evaluated flake, try using the <code>--inputs-from .</code> flag. If all worked well you should be able to <code>buildPhase && installPhase</code> when the dependency changes and rebuild your consumer with the new version ''without'' exiting the development shell.
If Nix warns you that your redirected flake isn't actually used as an input to the evaluated flake, try using the <code>--inputs-from .</code> flag. If all worked well you should be able to <code>buildPhase && installPhase</code> when the dependency changes and rebuild your consumer with the new version ''without'' exiting the development shell.


== See also ==
== See also == <!--T:138-->
 
<!--T:139-->
* [https://nix.dev/concepts/flakes Flakes] - nix.dev
 
<!--T:168-->
* [https://github.com/NixOS/rfcs/pull/49 RFC 49] (2019) - Original flakes specification
 
<!--T:169-->
* [https://jade.fyi/blog/flakes-arent-real/ Flakes aren't real and can't hurt you] (Jade Lovelace, 2024)
 
<!--T:170-->
* [https://github.com/ryan4yin/nixos-and-flakes-book NixOS & Flakes Book](Ryan4yin, 2023) - 🛠️ ❤️ An unofficial NixOS & Flakes book for beginners.


<!--T:171-->
* [https://xeiaso.net/blog/nix-flakes-1-2022-02-21 Nix Flakes: an Introduction] (Xe Iaso, 2022)
<!--T:172-->
* [https://serokell.io/blog/practical-nix-flakes Practical Nix Flakes] (Alexander Bantyev, 2021) - Intro article on working with Nix and Flakes
<!--T:173-->
* [https://www.tweag.io/blog/2020-05-25-flakes/ Nix Flakes, Part 1: An introduction and tutorial] (Eelco Dolstra, 2020)
* [https://www.tweag.io/blog/2020-05-25-flakes/ Nix Flakes, Part 1: An introduction and tutorial] (Eelco Dolstra, 2020)
<!--T:174-->
* [https://www.tweag.io/blog/2020-06-25-eval-cache/ Nix Flakes, Part 2: Evaluation caching] (Eelco Dolstra, 2020)
* [https://www.tweag.io/blog/2020-06-25-eval-cache/ Nix Flakes, Part 2: Evaluation caching] (Eelco Dolstra, 2020)
<!--T:175-->
* [https://www.tweag.io/blog/2020-07-31-nixos-flakes/ Nix Flakes, Part 3: Managing NixOS systems] (Eelco Dolstra, 2020)
* [https://www.tweag.io/blog/2020-07-31-nixos-flakes/ Nix Flakes, Part 3: Managing NixOS systems] (Eelco Dolstra, 2020)
* [https://github.com/ryan4yin/nixos-and-flakes-book NixOS & Flakes Book](Ryan4yin, 2023) - 🛠️ ❤️ An unofficial NixOS & Flakes book for beginners.
 
<!--T:176-->
* [https://nixos.org/manual/nix/unstable/command-ref/new-cli/nix3-flake.html Nix flake command reference manual] - Many additional details about flakes, and their parts.
* [https://nixos.org/manual/nix/unstable/command-ref/new-cli/nix3-flake.html Nix flake command reference manual] - Many additional details about flakes, and their parts.
* [https://xeiaso.net/blog/nix-flakes-1-2022-02-21 Nix Flakes: an Introduction] (Xe Iaso, 2022)
 
* [https://serokell.io/blog/practical-nix-flakes Practical Nix Flakes] (Alexander Bantyev, 2021) - Intro article on working with Nix and Flakes
<!--T:177-->
* [https://www.youtube.com/watch?v=QXUlhnhuRX4&list=PLgknCdxP89RcGPTjngfNR9WmBgvD_xW0l Nix flakes 101: Introduction to nix flakes] (Jörg Thalheim, 2020)
* [https://www.youtube.com/watch?v=QXUlhnhuRX4&list=PLgknCdxP89RcGPTjngfNR9WmBgvD_xW0l Nix flakes 101: Introduction to nix flakes] (Jörg Thalheim, 2020)
* [https://github.com/NixOS/rfcs/pull/49 RFC 49] (2019) - Original flakes specification
 
<!--T:178-->
* [https://github.com/NixOS/nix/blob/master/src/nix/flake.md spec describing flake inputs in more detail]
* [https://github.com/NixOS/nix/blob/master/src/nix/flake.md spec describing flake inputs in more detail]
<!--T:179-->
* [https://github.com/numtide/flake-utils flake-utils: Library to avoid some boiler-code when writing flakes]
* [https://github.com/numtide/flake-utils flake-utils: Library to avoid some boiler-code when writing flakes]
<!--T:180-->
* [https://zimbatm.com/NixFlakes/#direnv-integration zimbat's direnv article]
* [https://zimbatm.com/NixFlakes/#direnv-integration zimbat's direnv article]
<!--T:181-->
* [https://github.com/nix-community/todomvc-nix building Rust and Haskell flakes]
* [https://github.com/nix-community/todomvc-nix building Rust and Haskell flakes]


 
</translate>
[[Category:Software]]
[[Category:Software]]
[[Category:Nix]]
[[Category:Nix]]
[[Category:Flakes]]
[[Category:Flakes]]

Latest revision as of 22:53, 20 October 2024

Nix flakes is an experimental feature that was introduced with Nix 2.4 (see release notes).

Introduction

Nix flakes enforce a uniform structure for Nix projects, pin versions of their dependencies in a lock file, and make it more convenient to write reproducible Nix expressions.

  • A flake refers to a file-system tree whose root directory contains the Nix file specification called flake.nix.
  • The contents of flake.nix file follow a uniform naming schema for declaring packages and their dependencies in the Nix language.
  • Flakes also allow for locking references and versions that can then be queried and updated programmatically.

Enable flakes temporarily

When using any nix command, add the following command-line options:

 --experimental-features 'nix-command flakes'

Enable flakes permanently in NixOS

Add the following to the NixOS configuration:

  nix.settings.experimental-features = [ "nix-command" "flakes" ];

Other Distros, with Home-Manager

Add the following to your home-manager config:

  nix.settings.experimental-features = [ "nix-command" "flakes" ];

Other Distros, without Home-Manager

Note: The Determinate Nix Installer enables flakes by default.

Add the following to ~/.config/nix/nix.conf or /etc/nix/nix.conf:

experimental-features = nix-command flakes

Basic Usage of Flake

Before running any nix commands at this point, please note the two warnings below: one for encryption and the other for git.

Encryption WARNING

Warning: Since contents of flake files are copied to the world-readable Nix store folder, do not put any unencrypted secrets in flake files. You should instead use a secret managing scheme.

Git WARNING

For flakes in git repos, only files in the working tree will be copied to the store.

Therefore, if you use git for your flake, ensure to git add any project files after you first create them.

See also https://www.tweag.io/blog/2020-05-25-flakes/

Generate flake.nix file

To start the basic usage of flake, run the flake command in the project directory:

nix flake init

Flake schema

The flake.nix file is a Nix file but that has special restrictions (more on that later).

It has 4 top-level attributes:

  • description is a string describing the flake.
  • inputs is an attribute set of all the dependencies of the flake. The schema is described below.
  • outputs is a function of one argument that takes an attribute set of all the realized inputs, and outputs another attribute set whose schema is described below.
  • nixConfig is an attribute set of values which reflect the values given to nix.conf. This can extend the normal behavior of a user's nix experience by adding flake-specific configuration, such as a binary cache.

Input schema

The nix flake inputs manual.

The nix flake references manual.

The inputs attribute defines the dependencies of the flake. For example, nixpkgs has to be defined as a dependency for a system flake in order for the system to build properly.

Nixpkgs can be defined using the following code:

inputs.nixpkgs.url = "github:NixOS/nixpkgs/<branch name>";

For any repository with its own flake.nix file, the website must also be defined. Nix knows where the nixpkgs repository is, so stating that it's on GitHub is unnecessary.

For example, adding Hyprland as an input would look something like this:

inputs.hyprland.url = "github:hyprwm/Hyprland";

If you want to make Hyprland follow the nixpkgs input to avoid having multiple versions of nixpkgs, this can be done using the following code:

inputs.hyprland.inputs.nixpkgs.follows = "nixpkgs";

Using curly brackets({}), we can shorten all of this and put it in a table. The code will look something like this:

inputs = {
  nixpkgs.url = "github:NixOS/nixpkgs/<branch name>";
  hyprland = {
    url = "github:hyprwm/Hyprland";
    inputs.nixpkgs.follows = "nixpkgs";
  };
};

Output schema

This is described in the nix package manager src/nix/flake-check.md.

Once the inputs are resolved, they're passed to the function `outputs` along with with `self`, which is the directory of this flake in the store. `outputs` returns the outputs of the flake, according to the following schema.

Where:

  • <system> is something like "x86_64-linux", "aarch64-linux", "i686-linux", "x86_64-darwin"
  • <name> is an attribute name like "hello".
  • <flake> is a flake name like "nixpkgs".
  • <store-path> is a /nix/store.. path
{ self, ... }@inputs:
{
  # Executed by `nix flake check`
  checks."<system>"."<name>" = derivation;
  # Executed by `nix build .#<name>`
  packages."<system>"."<name>" = derivation;
  # Executed by `nix build .`
  packages."<system>".default = derivation;
  # Executed by `nix run .#<name>`
  apps."<system>"."<name>" = {
    type = "app";
    program = "<store-path>";
  };
  # Executed by `nix run . -- <args?>`
  apps."<system>".default = { type = "app"; program = "..."; };

  # Formatter (alejandra, nixfmt or nixpkgs-fmt)
  formatter."<system>" = derivation;
  # Used for nixpkgs packages, also accessible via `nix build .#<name>`
  legacyPackages."<system>"."<name>" = derivation;
  # Overlay, consumed by other flakes
  overlays."<name>" = final: prev: { };
  # Default overlay
  overlays.default = final: prev: { };
  # Nixos module, consumed by other flakes
  nixosModules."<name>" = { config, ... }: { options = {}; config = {}; };
  # Default module
  nixosModules.default = { config, ... }: { options = {}; config = {}; };
  # Used with `nixos-rebuild switch --flake .#<hostname>`
  # nixosConfigurations."<hostname>".config.system.build.toplevel must be a derivation
  nixosConfigurations."<hostname>" = {};
  # Used by `nix develop .#<name>`
  devShells."<system>"."<name>" = derivation;
  # Used by `nix develop`
  devShells."<system>".default = derivation;
  # Hydra build jobs
  hydraJobs."<attr>"."<system>" = derivation;
  # Used by `nix flake init -t <flake>#<name>`
  templates."<name>" = {
    path = "<store-path>";
    description = "template description goes here?";
  };
  # Used by `nix flake init -t <flake>`
  templates.default = { path = "<store-path>"; description = ""; };
}

You can also define additional arbitrary attributes, but these are the outputs that Nix knows about.

nix run

When output apps.<system>.myapp is not defined, nix run myapp runs <packages or legacyPackages.<system>.myapp>/bin/<myapp.meta.mainProgram or myapp.pname or myapp.name (the non-version part)>

Using flakes with stable Nix

There exists the flake-compat library that you can use to shim default.nix and shell.nix files. It will download the inputs of the flake, pass them to the flake’s outputs function and return an attribute set containing defaultNix and shellNix attributes. The attributes will contain the output attribute set with an extra default attribute pointing to current platform’s defaultPackage (resp. devShell for shellNix).

Place the following into default.nix (for shell.nix, replace defaultNix with shellNix) to use the shim:

(import (
  fetchTarball {
    url = "https://github.com/edolstra/flake-compat/archive/12c64ca55c1014cdc1b16ed5a804aa8576601ff2.tar.gz";
    sha256 = "0jm6nzb83wa6ai17ly9fzpqc40wg1viib8klq8lby54agpl213w5"; }
) {
  src =  ./.;
}).defaultNix

You can also use the lockfile to make updating the hashes easier using nix flake lock --update-input flake-compat. Add the following to your flake.nix:

  inputs.flake-compat = {
    url = "github:edolstra/flake-compat";
    flake = false;
  };

and add flake-compat to the arguments of outputs attribute. Then you will be able to use default.nix like the following:

(import (
  let
    lock = builtins.fromJSON (builtins.readFile ./flake.lock);
    nodeName = lock.nodes.root.inputs.flake-compat;
  in
  fetchTarball {
    url =
      lock.nodes.${nodeName}.locked.url
        or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.${nodeName}.locked.rev}.tar.gz";
    sha256 = lock.nodes.${nodeName}.locked.narHash;
  }
) { src = ./.; }).defaultNix

Accessing flakes from Nix expressions

If you want to access a flake from within a regular Nix expression on a system that has flakes enabled, you can use something like (builtins.getFlake "/path/to/directory").packages.x86_64-linux.default, where 'directory' is the directory that contains your flake.nix.

Making your evaluations pure

Nix flakes run in pure evaluation mode, which is underdocumented. Some tips for now:

  • fetchurl and fetchtar require a sha256 argument to be considered pure.
  • builtins.currentSystem is non-hermetic and impure. This can usually be avoided by passing the system (i.e., x86_64-linux) explicitly to derivations requiring it.
  • Imports from channels like <nixpkgs> can be made pure by instead importing from the output function in flake.nix, where the arguments provide the store path to the flake's inputs:
 outputs = { self, nixpkgs, ... }:
  {
    nixosConfigurations.machine = nixpkgs.lib.nixosSystem {
      modules = [
        "${nixpkgs}/nixos/modules/<some-module>.nix"
        ./machine.nix
      ];
    };
  };

The nix flakes command

The nix flake subcommand is described in command reference page of the unstable manual.

Install packages with `nix profile`

nix profile install in the manual

Using nix flakes with NixOS

nixos-rebuild switch will read its configuration from /etc/nixos/flake.nix if it is present.

A basic nixos flake.nix could look like this:

{
  inputs.nixpkgs.url = github:NixOS/nixpkgs/nixos-unstable;
  outputs = { self, nixpkgs }: {
    # replace 'joes-desktop' with your hostname here.
    nixosConfigurations.joes-desktop = nixpkgs.lib.nixosSystem {
      modules = [ ./configuration.nix ];
    };
  };
}

If you want to pass on the flake inputs to external configuration files, you can use the specialArgs attribute:

{
  inputs.nixpkgs.url = github:NixOS/nixpkgs/nixos-unstable;
  inputs.home-manager.url = github:nix-community/home-manager;

  outputs = { self, nixpkgs, ... }@inputs: {
    nixosConfigurations.fnord = nixpkgs.lib.nixosSystem {
      specialArgs = { inherit inputs; };
      modules = [ ./configuration.nix ];
    };
  };
}

Then, you can access the flake inputs from the file configuration.nix like this:

{ config, lib, inputs, ... }: {
  # do something with home-manager here, for instance:
  imports = [ inputs.home-manager.nixosModules.default ];
  ...
}


nixos-rebuild also allows to specify different flake using the --flake flag (# is optional):

$ sudo nixos-rebuild switch --flake .

By default nixos-rebuild will use the currents system hostname to lookup the right nixos configuration in nixosConfigurations. You can also override this by using appending it to the flake parameter:

$ sudo nixos-rebuild switch --flake /etc/nixos#joes-desktop

To switch a remote host you can use:

$ nixos-rebuild --flake .#mymachine \
  --target-host mymachine-hostname \
  --build-host mymachine-hostname --fast \
  switch
Warning: Remote building seems to have an issue that's resolved by setting the --fast flag.

Pinning the registry on NixOS

{ inputs, ... }:
{
 nix.registry = {
    nixpkgs.flake = inputs.nixpkgs;
  };
}

To make sure the registry entry is "locked", use the following:

  nix.registry = {
    nixpkgs.to = {
      type = "path";
      path = pkgs.path;
      narHash = builtins.readFile
          (pkgs.runCommandLocal "get-nixpkgs-hash"
            { nativeBuildInputs = [ pkgs.nix ]; }
            "nix-hash --type sha256 --sri ${pkgs.path} > $out");
    };
  };

This has the unfortunate side-effect of requiring import-from-derivation and slowing down build times, however it may greatly speed up almost every eval. Full-time flakes users may be able to just use narHash = pkgs.narHash.

Super fast nix-shell

A feature of the nix Flake edition is that Nix evaluations are cached.

Let’s say that your project has a shell.nix file that looks like this:

{
  pkgs ? import <nixpkgs> { },
}:
pkgs.mkShell {
  packages = [ pkgs.nixfmt ];

  shellHook = ''
    # ...
  '';
}

Running nix-shell can be a bit slow and take 1-3 seconds.

Now create a flake.nix file in the same repository:

{
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";

  outputs =
    { nixpkgs, ... }:
    {
      /*
        This example assumes your system is x86_64-linux
        change as neccesary
      */
      devShells.x86_64-linux =
        let
          pkgs = nixpkgs.legacyPackages.x86_64-linux;
        in
        {
          default = pkgs.mkShell {
            packages = [ pkgs.hello ];
          };
        };
    };
}
}

( If you're in a git repository run `git add flake.nix` so that Nix recognizes it. )

And finally, run nix develop. This is what replaces the old nix-shell invocation.

Exit and run again, this command should now be super fast.

Warning: TODO: there is an alternative version where the defaultPackage is a pkgs.buildEnv that contains all the dependencies. And then nix shell is used to open the environment.

Automatically switch nix shells with nix-direnv

You can easily switch nix shells when you cd into different projects with nix-direnv.

Pushing Flakes to Cachix

https://docs.cachix.org/pushing#flakes

To push all flake outputs automatically, checkout devour-flake.

Build specific attributes in a flake repository

When in the repository top-level, run nix build .#<attr>. It will look in the legacyPackages and packages output attributes for the corresponding derivation.

Eg, in nixpkgs:

$ nix build .#hello

Building flakes from a Git repo url with submodules

As per nix 2.9.1, git submodules in package src's won't get copied to the nix store, this may cause the build to fail. To workaround this, use:

nix build '.?submodules=1#hello'

See: https://github.com/NixOS/nix/pull/5434

Importing packages from multiple nixpkgs branches

A NixOS config flake could be as follows:

{
  description = "NixOS configuration with two or more channels";

 inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
  };

  outputs =
    { nixpkgs, nixpkgs-unstable, ... }:
    {
      nixosConfigurations."<hostname>" = nixpkgs.lib.nixosSystem {
        modules = [
          {
            nixpkgs.overlays = [
              (final: prev: {
                unstable = nixpkgs-unstable.legacyPackages.${prev.system};
                # use this variant if unfree packages are needed:
                # unstable = import nixpkgs-unstable {
                #   inherit system;
                #   config.allowUnfree = true;
                # };
              })
            ];
          }
          ./configuration.nix
        ];
      };
    };
}
# NixOS configuration.nix, can now use "pkgs.package" or "pkgs.unstable.package"
{ pkgs, ... }:
{
  environment.systemPackages = [
    pkgs.firefox
    pkgs.unstable.chromium
  ];
  # ...
}

If the variable nixpkgs points to the flake, you can also define pkgs with overlays with:

pkgs = import nixpkgs { system = "x86_64-linux"; overlays = [ /*the overlay in question*/ ]; };

Getting Instant System Flakes Repl

How to get a nix repl out of your system flake:

$ nix repl

nix-repl> :lf /path/to/flake
Added 18 variables.

nix-repl> nixosConfigurations.myHost.config.networking.hostName
"myHost"

However, this won't be instant upon evaluation if any file changes have been done since your last configuration rebuild. Instead, if one puts:

nix.nixPath = let path = toString ./.; in [ "repl=${path}/repl.nix" "nixpkgs=${inputs.nixpkgs}" ];

In their system flake.nix configuration file, and includes the following file in their root directory flake as repl.nix:

let
  flake = builtins.getFlake (toString ./.);
  nixpkgs = import <nixpkgs> { };
in
{ inherit flake; }
// flake
// builtins
// nixpkgs
// nixpkgs.lib
// flake.nixosConfigurations

(Don't forget to git add repl.nix && nixos-rebuild switch --flake "/etc/nixos") Then one can run (or bind a shell alias):

source /etc/set-environment && nix repl $(echo $NIX_PATH | perl -pe 's|.*(/nix/store/.*-source/repl.nix).*|\1|')

This will launch a repl with access to nixpkgs, lib, and the flake options in a split of a second.

An alternative approach to the above shell alias is omitting repl from nix.nixPath and creating a shell script:

nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
environment.systemPackages = let
  repl_path = toString ./.;
  my-nix-fast-repl = pkgs.writeShellScriptBin "my-nix-fast-repl" ''
    source /etc/set-environment
    nix repl "${repl_path}/repl.nix" "$@"
  '';
in [
  my-nix-fast-repl
];

Enable unfree software

Refer to Unfree Software.

Development tricks

Build a package added in a PR

nix build github:nixos/nixpkgs?ref=pull/<PR_NUMBER>/head#<PACKAGE>

this allows building a package that has not yet been added to nixpkgs.

note that this will download a full source tarball of nixpkgs. if you already have a local clone, using that may be faster due to delta compression:

git fetch upstream pull/<PR_NUMBER>/head && git checkout FETCH_HEAD && nix build .#PACKAGE

this allows building a package that has not yet been added to nixpkgs.

How to add a file locally in git but not include it in commits

When a git folder exists, flake will only copy files added in git to maximize reproducibility (this way if you forgot to add a local file in your repo, you will directly get an error when you try to compile it). However, for development purpose you may want to create an alternative flake file, for instance containing configuration for your preferred editors as described here… of course without committing this file since it contains only your own preferred tools. You can do so by doing something like that (say for a file called extra/flake.nix):

git add --intent-to-add extra/flake.nix
git update-index --skip-worktree --assume-unchanged extra/flake.nix

Rapid iteration of a direct dependency

One common pain point with using Nix as a development environment is the need to completely rebuild dependencies and re-enter the dev shell every time they are updated. The nix develop --redirect <flake> <directory> command allows you to provide a mutable dependency to your shell as if it were built by Nix.

Consider a situation where your executable, consumexe, depends on a library, libdep. You're trying to work on both at the same time, where changes to libdep are reflected in real time for consumexe. This workflow can be achieved like so:

cd ~/libdep-src-checkout/
nix develop # Or `nix-shell` if applicable.
export prefix="./install" # configure nix to install it here
buildPhase   # build it like nix does
installPhase # install it like nix does

Now that you've built the dependency, consumexe can take it as an input. In another terminal:

cd ~/consumexe-src-checkout/
nix develop --redirect libdep ~/libdep-src-checkout/install
echo $buildInputs | tr " " "\n" | grep libdep
# Output should show ~/libdep-src-checkout/ so you know it worked

If Nix warns you that your redirected flake isn't actually used as an input to the evaluated flake, try using the --inputs-from . flag. If all worked well you should be able to buildPhase && installPhase when the dependency changes and rebuild your consumer with the new version without exiting the development shell.

See also

  • RFC 49 (2019) - Original flakes specification
  • NixOS & Flakes Book(Ryan4yin, 2023) - 🛠️ ❤️ An unofficial NixOS & Flakes book for beginners.