Do we really need nixpkgs in inputs instead of the lightweight nix-community/nixpkgs.lib?

hercules-ci / flake-parts

❄️ Simplify Nix Flakes with the module system

https://flake.parts

MIT License

699 stars 38 forks source link

Do we really need nixpkgs in inputs instead of the lightweight nix-community/nixpkgs.lib? #215

Closed name-snrl closed 3 months ago

roberth commented 3 months ago

It now uses the official lib subtree. Nix will support this natively afaic, but I've worked around the current lack of support for this in #226 because we'll want to support current/older Nix.

antifuchs commented 3 months ago

I found that unless specifically allowed, a self-hosted hydra will complain at evaluation time about the nixpkgs tarballs with: error: access to URI 'https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz' is forbidden in restricted mode

The fix for me is to add the following to the hydra evaluators' nixos config:

  nix.settings.allowed-uris = [
    "https://github.com/NixOS/nixpkgs/archive/"
  ];