this post was submitted on 02 Feb 2024
12 points (100.0% liked)

Nix / NixOS

1765 readers
8 users here now

Main links

Videos

founded 1 year ago
MODERATORS
 

Hi all Nix experts,

I recently started using nix to manage my dev environment on my immutable distro, and I need some help.

I was wondering if I am using a large package like TexLiveFull, how to make sure nix don't delete large packages after I close the shell? I also don't want this package to be available in my global environment, as I don't need to use it outside vscode.

Another question is how to keep my packages up-to-date. I don't do serious development work, thus I typically perfer my package and dev-tools to be on the latest version. I prefer to have a little management of this as possible. Ideally, every time I start up a nix shell, the package manager will grab the latest version of the package if possible without requiring additional interaction from me. Is this possible?

Finally, is there any way to bubblewrap programs installed by nix to only access the file within the starting path of the shell? I don't imagine this is possible, but it would definitely be nice if nix has some security feature like this.

Thanks in advance for your help! I understand parts of this post might be ridiculous. I am still new to nix. Please correct me if I am not using nix in the "correct" way.

top 7 comments
sorted by: hot top controversial new old
[–] qqq@programming.dev 5 points 9 months ago* (last edited 9 months ago)

Another question is how to keep my packages up-to-date. I don’t do serious development work, thus I typically perfer my package and dev-tools to be on the latest version. I prefer to have a little management of this as possible. Ideally, every time I start up a nix shell, the package manager will grab the latest version of the package if possible without requiring additional interaction from me. Is this possible?

Definitely sounds like you should look into using https://direnv.net/. Once you direnv allow the directory, as soon as you enter the directory it will create per-project isolated development environments.

The in the .envrc file you could have something like:

nix flake update
use flake

If your using nix flakes which also imply you're using git.

However, without flakes you could use a tool like:

And run their update command from the .envrc

Or if you don't want to use direnv, then perhaps run a update command from the nix shellHook.

shellHook =
  ''
    echo "Hello shell"
    export SOME_API_TOKEN="$(cat ~/.config/some-app/api-token)"
  '';

Sorry, I'm not sure about your last question.

Edit:

If you're using git and a forge like GitHub, then you could use a GitHub action to automate the update and create a PR. Such as a GH action like https://github.com/DeterminateSystems/update-flake-lock

Personally, for projects I use direnv + flakes and that github action above, but I can understand if you don't want to mess with learning git.

[–] qqq@programming.dev 4 points 9 months ago* (last edited 9 months ago) (1 children)

I was wondering if I am using a large package like TexLiveFull, how to make sure nix don’t delete large packages after I close the shell? I also don’t want this package to be available in my global environment, as I don’t need to use it outside vscode.

There's a bunch of tools that solve this problem.

https://github.com/direnv/direnv/wiki/Nix

In the link above check out the table in the "Some factors to consider" section. However, note that it hasn't be updated since May 30, 2022. Many of those tools don't depend on direnv if you don't need its functionality.

Personally, I use direnv and enable nix-direnv using these options:

https://search.nixos.org/options?channel=23.11&from=0&size=50&sort=relevance&type=packages&query=direnv

Here's an example of how I use direnv with nix-direnv.

Edit: damn over wrote what I wrote to the first question with a response to the second question. Thank goodness for automatic file backups I have setup in Emacs.

[–] baseless_discourse@mander.xyz 2 points 9 months ago* (last edited 9 months ago) (1 children)

Hum, I personally do not enjoy adding an additional parties of trust by adding direnv, nix-direnv, and homemanager to my workflow.

But all of these project seems rather well maintained, and probably homemanager can help me manage my vscodium as well, so that might be good.

[–] Corbin@programming.dev 3 points 9 months ago (1 children)

direnv is small enough that you can manually audit it by reading the source code. nix-direnv is also small enough for this, and conceptually it is a replacement for direnv's builtin Nix support.

You don't need home-manager yet, and you can put it off for a while; it's mostly useful if you want to instantiate a homedir on multiple machines.

[–] baseless_discourse@mander.xyz 2 points 9 months ago* (last edited 9 months ago)

Thank you so much for your insight. I personally feel like home-manager is a worth-while investment, since it supports auto-update and managing my vscode setting; both are pretty appealing to me. In the future, I might use it to manage my global packages like libreoffice and vscodium (assuming it won't kill my process during auto update?).

At this point, I will probably go with never running nix gc, but I will try to properly set everything up after couple weeks.

[–] rutrum@lm.paradisus.day 3 points 9 months ago (1 children)

When you install something, it is added to the store. The store is used as cache and won't be delete until you run nix-garbage-collect. Do you have experience with it redownloading?

[–] baseless_discourse@mander.xyz 2 points 9 months ago

Yeah, but I imagine I will need to garbage collect at some point.