Nix doesn't work in Github Codespaces

[kzvi]

Describe the bug

1. Using the default Codespaces environment/image without any configuration, it is possible to install Nix in single-user mode using the sh <(curl -L https://nixos.org/nix/install) --no-daemon command. Then the Nix commands are accessible and appear to work, but building anything fails. For example, running

```
nix-build -E 'with import <nixpkgs> {}; writeText "a" "b"'
```

produces the enigmatic error

```
error: suspicious ownership or permission on '/nix/store/ywzcczbp6n4c944jrk99vi7wjws0kx2n-a.drv.chroot/nix/store/5jz2jpipwd0y7iixvi3kax0ydr9zp6cq-a' for output 'out'; rejecting this build output
```

2. Attempting to install Nix in multi-user mode fails with the error message

```
error: getting attributes of path '/nix/store/lvqrpsasgr3jan8l6yfhvcv628jayk2x-busybox-static-x86_64-unknown-linux-musl-1.32.1/bin/busybox': Permission denied
```

Expected behavior

Running Nix in Github Codespaces is probably something that a lot of people will want to do. Even if it is the case that Nix can't support it, it would probably be helpful to have some documentation that states that it is unsupported and/or describes potential workarounds.

Edit: A solution found by @offlinehacker is to first run sudo apt install -y acl && sudo setfacl -k /tmp. Then Nix can be installed normally and building things will succeed. See https://github.com/NixOS/nix/issues/6680#issuecomment-1230902525.

[aryairani]

It works okay for me with this in my devcontainer.json. Granted it's not the Universal image, but the universal image doesn't have much free space and you probably don't get anything useful out of it if you are going to use Nix for your dependencies anyway.

you say that when vscode on remote codespace popups, its plugins catch up whatever tooling and environment variables you have put for people into nix shell?

the need is nix, and nix to install exact versions of all compilers, lsps, renders, optimizers, etc for users on start fast

Never mind, it isn't working for me after all, sorry.

[71]

So I've been experimenting with this starting with @aryairani's config above.

My setup now is:

1. Workspace root has a flake.nix file with devShells.${system}.default = pkgs.mkShell { ... };.
2. Workspace root has a .envrc.recommended file with use flake.
3. Devcontainer configuration is:

   {
     "image": "mcr.microsoft.com/devcontainers/base:alpine",
     "features": {
       "ghcr.io/devcontainers/features/nix:1": {
         "multiUser": true,
         "version": "latest",
         // Needed for flakes & nix-direnv:
         "extraNixConfig": "experimental-features = nix-command flakes,keep-outputs = true,keep-derivations = true"
       }
     },
     "onCreateCommand": {
       // Set up global gitignore for direnv.
       "init-git": "mkdir -p ~/.config/git && printf '.direnv/\\n.envrc\\n' > ~/.config/git/ignore && git config --global core.excludesfile ~/.config/git/ignore",
       // Install, set up and allow direnv in workspace.
       "install-direnv": "nix profile install nixpkgs#direnv nixpkgs#nix-direnv && mkdir -p ~/.config/direnv && echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' >> ~/.config/direnv/direnvrc && cp .envrc.recommended .envrc && direnv allow",
       // Run `print-dev-env` to build `devShells.${system}.default`.
       "build-dev-env": "nix print-dev-env > /dev/null"
     },
     "customizations": {
       "vscode": {
         "extensions": [
           // Inject direnv variables into VS Code terminals and tasks:
           "mkhl.direnv",
           // Support for `.nix` files:
           "jnoortheen.nix-ide"
         ]
       }
     }
   }

   You should also add && echo 'eval \"$(direnv hook bash)\"' >> ~/.bashrc to the end of the install-direnv command, or whatever command will set up the shell you're going to be using.

[nixos-discourse]

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/nixos-in-github-codespaces/36065/2

[arianvp]

So I've been experimenting with this starting with @aryairani's config above.

My setup now is:

1. Workspace root has a flake.nix file with devShells.${system}.default = pkgs.mkShell { ... };.
2. Workspace root has a .envrc.recommended file with use flake.

3. Devcontainer configuration is:

   {
    "image": "mcr.microsoft.com/devcontainers/base:alpine",
    "features": {
      "ghcr.io/devcontainers/features/nix:1": {
        "multiUser": true,
        "version": "latest",
        // Needed for flakes & nix-direnv:
        "extraNixConfig": "experimental-features = nix-command flakes,keep-outputs = true,keep-derivations = true"
      }
    },
    "onCreateCommand": {
      // Set up global gitignore for direnv.
      "init-git": "mkdir -p ~/.config/git && printf '.direnv/\\n.envrc\\n' > ~/.config/git/ignore && git config --global core.excludesfile ~/.config/git/ignore",
      // Install, set up and allow direnv in workspace.
      "install-direnv": "nix profile install nixpkgs#direnv nixpkgs#nix-direnv && mkdir -p ~/.config/direnv && echo 'source $HOME/.nix-profile/share/nix-direnv/direnvrc' >> ~/.config/direnv/direnvrc && cp .envrc.recommended .envrc && direnv allow",
      // Run `print-dev-env` to build `devShells.${system}.default`.
      "build-dev-env": "nix print-dev-env > /dev/null"
    },
    "customizations": {
      "vscode": {
        "extensions": [
          // Inject direnv variables into VS Code terminals and tasks:
          "mkhl.direnv",
          // Support for `.nix` files:
          "jnoortheen.nix-ide"
        ]
      }
    }
   }

   You should also add && echo 'eval \"$(direnv hook bash)\"' >> ~/.bashrc to the end of the install-direnv command, or whatever command will set up the shell you're going to be using.

I’m afraid that even with this i get the error :(

[arianvp]

So everything works except that I still get this error for packages that use buildFHSEnv. They all fail with a spurious permission error. Anybody got any clue why??