Jump to content

Git

From Official NixOS Wiki

Git is the version control system (VCS) developed by Junio C Hamano and designed by Linus Torvalds (creator of linux kernel). Git is used to maintain NixOS packages, as well as many other projects, including sources for the Linux kernel.

Installing and configuring Git

On NixOS, Git can be installed and configured at either the system level or the user level with Home Manager.

System-wide installation

Git can be installed system-wide either by adding it to the list of system environment packages:

❄︎ /etc/nixos/configuration.nix
  environment.systemPackages = with pkgs; [ 
    git 
  ];

Or by enabling the NixOS Git module:

❄︎ /etc/nixos/configuration.nix
  programs.git.enable = true;

Additional Git module configuration options can be found at programs.git.

Note: Configuration options provided by this module are applied at the system level and therefore apply to all users on the system.

User-level configuration with Home Manager

Git can be configured using Home Manager: 

  programs.git = {
    enable = true;
    settings.user = {
        name  = "John Doe";
        email = "johndoe@example.com";
    };
  };

Aliases can be added with: 

  programs.git = {
    enable = true;
    settings.alias = {
      ci = "commit";
      co = "checkout";
      s = "status";
    };
  };

Git LFS can be enabled with: 

  programs.git = {
    enable = true;
    lfs.enable = true;
  };

Configure git-credential-helper with libsecret: 

{ pkgs, ... }:

{
  programs.git = {
    enable = true;
    package = pkgs.git.override { withLibsecret = true; };
    settings = {
      credential.helper = "libsecret";
    };
  };
}

To add additional configuration you can specify options in an attribute set, so to add something like this: 

[push]
        autoSetupRemote = true

To your ~/.config/git/config, you can add the below to settings 

{ pkgs, ... }:

{
  programs.git = {
    enable = true;
    settings = {
      push = { autoSetupRemote = true; };
    };
  };
}

Using your public SSH key as a signing key

To configure git to automatically sign your commits using your public SSH key like so: 

{
  programs.git = {
    enable = true;
    signing = {
      key = "ssh-ed25519 AAAAAAAAAAAA...AA username@hostname";
      signByDefault = true;
    };
    settings = {
      gpg = {
        format = "ssh";
      };
    };
  };
}

However, note that this will also require Home Manager to manage your SSH configuration: 

{    
  programs.ssh = {
    enable = true;
    addKeysToAgent = "yes";
  };
}

Enabling Git UI

Install tk to use the git gui: 

$ git citool

Or you may wish to install the gitFull package, which includes git gui, gitk, etc. This can be installed either through system environment packages or by setting the package module option: 

  programs.git = {
    enable = true;
    package = pkgs.gitFull;
  };

Management of the nixpkgs git repository

nixpkgs has become a git repository of quite substantial size with > 889 000 commits (as of late 2025). This brings many unoptimized tools to their limits, leading to long waiting times on certain operations. Here we’ll collect useful info on how to manage that.

Garbage collecting

Normal git gc should work as usual, but you should force a full garbage collect every half a year or so. git gc --aggressive is the command for that. For the author it did not work on the first try, since their laptop’s memory was too small and it went out of memory. According to StackOverflow answer it suffices to set some local repository config variables. 

$ git config pack.windowMemory 2g
$ git config pack.packSizeLimit 1g

worked well on a machine with about 6–8 GB of free RAM and two processor threads, and reduced the size of the nixpkgs checkout from ~1.3 GB to ~0.95 GB.

Serve Git repos via SSH

This section implements Git on the Server - Setting Up the Server on NixOS.

See also: gitolite.

Configuration

{ config, pkgs, ... }: {
  users.users.git = {
    isSystemUser = true;
    group = "git";
    home = "/var/lib/git-server";
    createHome = true;
    shell = "${pkgs.git}/bin/git-shell";
    openssh.authorizedKeys.keys = [
      # FIXME: Add pubkeys of authorized users
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF38sHxXn/r7KzWL1BVCqcKqmZA/V76N/y5p52UQghw7 example"
    ];
  };

  users.groups.git = {};

  services.openssh = {
    enable = true;
    extraConfig = ''
      Match user git
        AllowTcpForwarding no
        AllowAgentForwarding no
        PasswordAuthentication no
        PermitTTY no
        X11Forwarding no
    '';
  };
}

Usage

1. Run this on the server to create repo myproject accessible by user git 

sudo -u git bash -c "git init --bare ~/myproject.git"

(~ here is the home of the user git, which is /var/lib/git-server)

2. Push to the server repo from another system 

mkdir myproject
cd myproject
echo hello > a
git init
git add .
git commit -m init
git remote add origin git@myserver:myproject.git
git push origin master

3. Clone and edit the server repo from another system 

git clone git@myserver:myproject.git
cd myproject
cat a
echo world >> a
git commit -am hello
git push origin master

Bisecting Nix regressions

Main article: bisecting
Retrieved from "https://wiki.nixos.org/w/index.php?title=Git&oldid=29172"