Why I couldn't use relative path in home-manager module?

[bangedorrunt]

Hi, just came across your config from Reddit and I really like your code structure. I'm new about Nix and trying to simplify your config however I got the issue when building your setup. nix build complain that access path is forbidden at... in restricted mode I fixed this after doing some research by using --impure argument. You can see it in the following link: https://github.com/babygau/nix/blob/4d2ab96c65f02059d66a4cad4d71d297d045d46e/modules/home-manager/dotfiles.nix Currently, I have dotfiles folder with nix inside which is a fork from your config. Atm, I couldn't use sth like ../../../alacritty. Could you please explain to me?

[kclejeune]

Hi, just came across your config from Reddit and I really like your code structure. I'm new about Nix and trying to simplify your config however I got the issue when building your setup. nix build complain that access path is forbidden at... in restricted mode

I fixed this after doing some research by using --impure argument. You can see it in the following link:

https://github.com/babygau/nix/blob/4d2ab96c65f02059d66a4cad4d71d297d045d46e/modules/home-manager/dotfiles.nix

Currently, I have dotfiles folder with nix inside which is a fork from your config. Atm, I couldn't use sth like ../../../alacritty. Could you please explain to me?

Hey, glad this was able to help you get started!

You're getting this issue because you're pointing to an arbitrary file path by interpolating target = ${config.user.home}/dotfiles/file. In this approach, nix doesn't know that it's pointing to a file inside of your repository, just a random file on the system.

To replicate what I'm doing, you need to use a relative path rather than a string, like target = ../path/to/file. This puts any file that you reference in the nix store and should resolve the impure error.

[bangedorrunt]

Thank you for quick response. I tried to do as your suggestion but nix build complain

/nix/store/hash......-source/alacritty is not file or directory

[kclejeune]

Thank you for quick response. I tried to do as your suggestion but nix build complain

/nix/store/hash......-source/alacritty is not file or directory

Make sure your git repo is tracking that file, otherwise the flake won't recognize that it exists :)

Notice that every relative path I use in dotfiles/default.nix exists in my repo. You need the same thing for your alacritty config.

[bangedorrunt]

Sorry for asking silly question. What do you mean by it?. Because I have dotfiles and nix are all git repo, and nix is a submodule of dotfiles. Was it the reason?

[kclejeune]

Sorry for asking silly question. What do you mean by it?. Because I have dotfiles and nix are all git repo, and nix is a submodule of dotfiles. Was it the reason?

Yep, you should have it the other way around. Your dotfiles should be a sub folder (not submodule) of your nix config so that your nix repo is the single source of truth.

[bangedorrunt]

Oh, I see. That makes sense to me! I'll restructure my config and let you know if the problem is solved. Many thanks @kclejeune

[kclejeune]

Oh, I see. That makes sense to me! I'll restructure my config and let you know if the problem is solved. Many thanks @kclejeune

Happy to help! Just close the issue once you've got it working.

[bangedorrunt]

Oh, I see. That makes sense to me! I'll restructure my config and let you know if the problem is solved. Many thanks @kclejeune

Happy to help! Just close the issue once you've got it working.

@kclejeune, quick update. I successfully built the config thanks to your suggestion. However, I found out later on that nix packages defined in home-manager is not installed. What could go wrong?.

❯ ./result/sw/bin/darwin-rebuild switch --flake ~/.nixpkgs
warning: Git tree '/Users/babygau/nix' is dirty
building the system configuration...
warning: Git tree '/Users/babygau/nix' is dirty
user defaults...
setting up user launchd services...
Homebrew bundle...
Using beeftornado/rmtree
Using homebrew/bundle
Using homebrew/cask
Using homebrew/cask-fonts
Using homebrew/cask-versions
Using homebrew/core
Using homebrew/services
Using beeftornado/rmtree/brew-rmtree
Using mas
Using hammerspoon
Using iina
Using karabiner-elements
Using keepingyouawake
Using maccy
Using syncthing
Using visual-studio-code-insiders
Using bitwarden
Homebrew Bundle complete! 17 Brewfile dependencies now installed.
setting up groups...
setting up users...
setting up ~/Applications...
applying patches...
setting up /etc...
system defaults...
setting up launchd services...
configuring networking...
configuring fonts...
Activating home-manager configuration for babygau
Starting home manager activation
Activating checkFilesChanged
Activating checkLinkTargets
Activating writeBoundary
Activating copyFonts
Activating installPackages
Activating linkGeneration
Cleaning up orphan links from /Users/babygau
No change so reusing latest profile generation 1
Creating home file links in /Users/babygau
Activating onFilesChange

[kclejeune]

Oh, I see. That makes sense to me! I'll restructure my config and let you know if the problem is solved. Many thanks @kclejeune

Happy to help! Just close the issue once you've got it working.

@kclejeune, quick update. I successfully built the config thanks to your suggestion. However, I found out later on that nix packages defined in home-manager is not installed. What could go wrong?.

❯ ./result/sw/bin/darwin-rebuild switch --flake ~/.nixpkgs

warning: Git tree '/Users/babygau/nix' is dirty

building the system configuration...

warning: Git tree '/Users/babygau/nix' is dirty

user defaults...

setting up user launchd services...

Homebrew bundle...

Using beeftornado/rmtree

Using homebrew/bundle

Using homebrew/cask

Using homebrew/cask-fonts

Using homebrew/cask-versions

Using homebrew/core

Using homebrew/services

Using beeftornado/rmtree/brew-rmtree

Using mas

Using hammerspoon

Using iina

Using karabiner-elements

Using keepingyouawake

Using maccy

Using syncthing

Using visual-studio-code-insiders

Using bitwarden

Homebrew Bundle complete! 17 Brewfile dependencies now installed.

setting up groups...

setting up users...

setting up ~/Applications...

applying patches...

setting up /etc...

system defaults...

setting up launchd services...

configuring networking...

configuring fonts...

Activating home-manager configuration for babygau

Starting home manager activation

Activating checkFilesChanged

Activating checkLinkTargets

Activating writeBoundary

Activating copyFonts

Activating installPackages

Activating linkGeneration

Cleaning up orphan links from /Users/babygau

No change so reusing latest profile generation 1

Creating home file links in /Users/babygau

Activating onFilesChange

are you specifying a host? it should be something like

darwin-rebuild switch --flake ~/nixpkgs#host

could you also provide the output of

which nix and nix --version

[bangedorrunt]

@kclejeune I did ./result/sw/bin/darwin-rebuild switch --flake ~/.nixpkgs#imac but it's not working.

FYI, I used https://github.com/numtide/nix-unstable-installer

[kclejeune]

@kclejeune I did ./result/sw/bin/darwin-rebuild switch --flake ~/.nixpkgs#imac but it's not working.

That's the right version of nix?

[bangedorrunt]

@kclejeune FYI, I used nix-unstable-installer

Updated: I reinstalled nix following install-nix.sh script but it's not working

It appears to me when building config, nix used default username. It should be my username babygau right?

nix-channel --update
error: creating symlink from '/Users/babygau/.nix-defexpr/.0_channels' to '/nix/var/nix/profiles/per-user/babygau/channels': Permission denied

which nix-channel
/nix/var/nix/profiles/default/bin/nix-channel 

[kclejeune]

@kclejeune FYI, I used nix-unstable-installer

Updated: I reinstalled nix following install-nix.sh script but it's not working

It appears to me when building config, nix used default username. It should be my username babygau right?

nix-channel --update

error: creating symlink from '/Users/babygau/.nix-defexpr/.0_channels' to '/nix/var/nix/profiles/per-user/babygau/channels': Permission denied

which nix-channel

/nix/var/nix/profiles/default/bin/nix-channel 

Nix channels shouldn't matter since this is a flake config. I'm pretty sure you have the correct nix version. Unless you're missing other packages, this looks about right to me.

[bangedorrunt]

Nix channels shouldn't matter since this is a flake config. I'm pretty sure you have the correct nix version. Unless you're missing other packages, this looks about right to me.

@kclejeune thank you for your answer, I know it's too much to ask for but if you got some free time, could you have a look at my config at babygau/nix. Atm, I'm struggling to find out the bug as you mentioned. Hence the main topic issue is solved, I'll close it

[kclejeune]

Nix channels shouldn't matter since this is a flake config. I'm pretty sure you have the correct nix version. Unless you're missing other packages, this looks about right to me.

@kclejeune thank you for your answer, I know it's too much to ask for but if you got some free time, could you have a look at my config at babygau/nix. Atm, I'm struggling to find out the bug as you mentioned. Hence the main topic issue is solved, I'll close it

I'm still not totally sure what issue you're having. It looks like all of the home manager packages (including nix) are loading fine - if you can clarify I'm happy to look!

[bangedorrunt]

@kclejeune Thank you! I eventually found the issue. It's because the terminal loaded my local ~/.zshrc hence the PATH is not correct. I copy this line from /etc/zshenv

if [ -z "$__NIX_DARWIN_SET_ENVIRONMENT_DONE" ]; then
  . /nix/store/9mnc5b2x2c436p12pszgkiif5jvn7ywx-set-environment
fi

and put in .zshrc and now it worked!

[kclejeune]

@kclejeune Thank you! I eventually found the issue. It's because the terminal loaded my local ~/.zshrc hence the PATH is not correct.

I copy this line from /etc/zshenv

if [ -z "$__NIX_DARWIN_SET_ENVIRONMENT_DONE" ]; then

  . /nix/store/9mnc5b2x2c436p12pszgkiif5jvn7ywx-set-environment

fi

and put in .zshrc and now it worked!

Glad you got it worked out! I would suggest managing this with programs.zsh in home manager if you can help it - this line may not work indefinitely since it relies on a specific nix store path.

[bangedorrunt]

Thank you heaps! I got everything up and running. Today I learned config.lib.file.makeOutOfSymbolLink. So I can decouple dotfiles from Nix repo. Cheers!

[kclejeune]

Thank you heaps! I got everything up and running. Today I learned config.lib.file.makeOutOfSymbolLink. So I can decouple dotfiles from Nix repo. Cheers!

If you can help it, I'd still avoid decoupling if you can. Ideally you want to keep your dotfiles in this repo and use home.file or programs.stuff to manage your configuration. If you want any guidance for this let me know.

[bangedorrunt]

If you can help it, I'd still avoid decoupling if you can. Ideally you want to keep your dotfiles in this repo and use home.file or programs.stuff to manage your configuration. If you want any guidance for this let me know.

@kclejeune I don't know if it's an issue at my side. I used home.file and xdg.configFile to keep my dotfiles in sync. However whenever I made changes to those symlinks, my Nvim complain it's read-only mode. The workaround is to edit from original then darwin-rebuild. That's why I had to go for the above solution

https://github.com/babygau/nix/blob/12bd6564d230b397614435597b78ce179a98fecb/modules/home-manager/dotfiles.nix

Ah, I just found out your config is based on multi-user build. Any reason for that?. If I install Nix single user mode, the build fails to complete. Disable nix-daemon doesn't help

I also noted that, before I was able to use darwin-rebuild swith --flake .#imac. Atm, I have to put extra \ like darwin-rebuild swith --flake .\#imac or else there's an error. Did I do sth wrong with the config?

Again, I'd really appreciate your time and efforts to help me!

[kclejeune]

If you can help it, I'd still avoid decoupling if you can. Ideally you want to keep your dotfiles in this repo and use home.file or programs.stuff to manage your configuration. If you want any guidance for this let me know.

@kclejeune I don't know if it's an issue at my side. I used home.file and xdg.configFile to keep my dotfiles in sync. However whenever I made changes to those symlinks, my Nvim complain it's read-only mode. The workaround is to edit from original then darwin-rebuild. That's why I had to go for the above solution

https://github.com/babygau/nix/blob/12bd6564d230b397614435597b78ce179a98fecb/modules/home-manager/dotfiles.nix

This is because your dotfile symlinks point to nix-store paths that are copies of the dotfiles in your repo. You cannot and should not forcibly edit them directly.

In this model, you change a dotfile by updating it in your repo and then running a rebuild, which will add a new copy of the file to the nix store, and switch to a new configuration that has a symlink to the modified file.

This allows you to rollback to your previous dotfiles (via your previous configuration) if something goes bad, and you specifically lose out on this if you continue with your current approach.

Ah, I just found out your config is based on multi-user build. Any reason for that?. If I install Nix single user mode, the build fails to complete. Disable nix-daemon doesn't help

Multi-user install is better since it restricts your user from having write access to the nix store. Instead, it generates build users and uses the nix-daemon to assign jobs to them where they can run builds in parallel and write the results in the nix store.

This preserves immutability, which again, is the core principle that you want to preserve by keeping everything inside this repo in the first place.

I'm not positive since I don't use the single-user install, but this probably fails because I have options enabled that rely on multiple build users (the nix.buildCores or nix.maxJobs options are the first things that come to mind as potential issues here).

I also noted that, before I was able to use darwin-rebuild swith --flake .#imac. Atm, I have to put extra \ like darwin-rebuild swith --flake .\#imac or else there's an error. Did I do sth wrong with the config?

Which shell are you using? If it's not bash or zsh, maybe try switching to one of them. Alternatively, you might have an option enabled that makes # get used as a comment for inline commands.

The . in .#hostname is actually a short URI path that points to your flake (you could point it to /etc/nixos#host on a nixos system), so it shouldn't require the trailing backslash. It looks like it's making you escape the #.

Again, I'd really appreciate your time and efforts to help me!

I'm happy to help! Let me know if this works for you, or if anything here doesn't make sense!

[bangedorrunt]

In this model, you change a dotfile by updating it in your repo and then running a rebuild, which will add a new copy of the file to the nix store, and switch to a new configuration that has a symlink to the modified file.

This allows you to rollback to your previous dotfiles (via your previous configuration) if something goes bad, and you specifically lose out on this if you continue with your current approach.

The point is dotfiles is also a git repo. I could revert back if anything go wrong. But you're right, it's not a Nix way if I do so.

Which shell are you using? If it's not bash or zsh, maybe try switching to one of them. Alternatively, you might have an option enabled that makes # get used as a comment for inline commands.

I'm using zsh, you're right, found out I have interactive comment set by default