I’ve avoided the complexity of flakes, but recently gave them a shot for a NixOS machine.
{
description = "Flake experiment";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
};
outputs = { self, nixpkgs}: {
nixosConfigurations.laptop = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./configuration.nix
];
};
};
}
A few weeks later, I go to nix flake update
, but I’m not allowed because one package is marked as insecure. Somewhat pedantic given I’m trying to update and I’m on stable, but continuing along.
b) for `nixos-rebuild` you can add ‘vault-1.14.10’ to
`nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
like so:
{
nixpkgs.config.permittedInsecurePackages = [
"vault-1.14.10"
];
}
Adding that to configuration.nix
doesn’t change the error. Reading online, it seems like with flakes there are special considerations like making sure you git checkin your changes and maybe trying to modify nixpkgs at the top level for some reason?
{
description = "Flake experiment";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
};
outputs = { self, nixpkgs}: {
nixosConfigurations.laptop = let
system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
config = {
permittedInsecurePackages = [
"vault-1.14.10"
];
};
};
in
pkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
{
nixpkgs.config = {
allowUnfree = true;
permittedInsecurePackages = [
"vault-1.14.10"
];
};
}
./configuration.nix
];
};
};
}
This flake.nix tries to define permittedInsecurePackages in multiple places without any luck. And it’s already pretty unreadable. What am I missing? Why is this so unintuitive?
error: attribute 'nixosSystem' missing
at /nix/store/zqr15lyn9a8hh1dzgzhf50axgh67agcd-source/nix/machines/laptop/flake.nix:19:5:
Or on re-run, this unhelpful message
error: cached failure of attribute 'nixosConfigurations.laptop'