The Problem
Home Manager fails to pull files from a private GitHub repo. Although the nature of the failure is different across pkgs.fetchgit and builtins.fetchGit, they all fail.
Context
I want to copy files from a private GitHub repo of mine into my user’s home directory via Home Manager. The repo must be private and the files not kept in the same repo as my NixOS & Home Manger configuration because I don’t want the files publicly available.
Note(s):
- If I was able to encrypt them, then I would be okay with storing them in the same repo.
- They may be stored in a private GitHub repo because the contents aren’t that sensitive.
Implementation(s)
./<local>/<path>/<to>/<files>
This works, however, isn’t a viable solution for the reasons described in the Context section above.
pkgs.fetchgit
This fails during build. sha256 wasn’t included because it doesn’t get far enough for it to matter.
I believe the reason for this failure is explained by this comment in the Unable to use fetchgit on private git repo thread.
As a result, I moved on to the next implementation.
Code
{ config, pkgs, ... }: {
home.file."${config.xdg.userDirs.templates}".source = pkgs.fetchget {
url = "git@github.com:ReedClanton/home-files.git";
rev = "5c4f5c981b065d340fffac5123f416ff7f7fe217";
};
}
The Error
error: builder for '/nix/store/5jcr118xr7q5kqbwxi779zrdl1yv41fw-home-files-5c4f5c9.drv' failed with exit code 1;
last 9 log lines:
> exporting git@github.com:ReedClanton/home-files.git (rev 5c4f5c981b065d340fffac5123f416ff7f7fe217) into /nix/store/w3kz6j9vsy3xlbiz5pcasjmxhxq57hl7-home-files-5c4f5c9
> Initialized empty Git repository in /nix/store/w3kz6j9vsy3xlbiz5pcasjmxhxq57hl7-home-files-5c4f5c9/.git/
> error: cannot run ssh: No such file or directory
> fatal: unable to fork
> error: cannot run ssh: No such file or directory
> fatal: unable to fork
> error: cannot run ssh: No such file or directory
> fatal: unable to fork
> Unable to checkout 5c4f5c981b065d340fffac5123f416ff7f7fe217 from git@github.com:ReedClanton/home-files.git.
For full logs, run 'nix log /nix/store/5jcr118xr7q5kqbwxi779zrdl1yv41fw-home-files-5c4f5c9.drv'.
error: 1 dependencies of derivation '/nix/store/pmlagdic2gaaf52izm4nj5a0zshv0hsj-home-manager-files.drv' failed to build
error: 1 dependencies of derivation '/nix/store/25501szrg0vrna4kxd32qfhg6ncakmba-home-manager-generation.drv' failed to build
error: 1 dependencies of derivation '/nix/store/qhz3dmm755ik18585ilnr7q57hdvavrf-unit-home-manager-reedclanton.service.drv' failed to build
error: 1 dependencies of derivation '/nix/store/9vyqwwm1wgbiy4bsqkim3gxj10zpy3cm-system-units.drv' failed to build
error: 1 dependencies of derivation '/nix/store/yb2azd092582185rjgkbqn9fxzzq74hc-etc.drv' failed to build
error: 1 dependencies of derivation '/nix/store/cwsj4b5nnms93kqm62ldkhq1hfv8l2wb-nixos-system-nixos-desktop-gnome-23.11.20240428.12430e4.drv' failed to build
builtins.fetchGit
This is the method that seemed to work for @witkamp in the thread I linked to above.
Code
{ config, ... }: {
home.file."${config.xdg.userDirs.templates}".source = builtins.fetchGet {
name = "Templates";
# Method 1 (no key provided).
# Method 2 (only one method tried at a time).
publicKey = "<somePublicKey>";
# Method 3.
publicKeys.key = "<somePublicKey>";
url = "git@github.com:ReedClanton/home-files.git";
rev = "5c4f5c981b065d340fffac5123f416ff7f7fe217";
};
}
The Error
Method 1
The error bellow indicates to me that authentication is required. This makes sense because the repo is private.
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
warning: could not read HEAD ref from repo at 'ssh://git@github.com/ReedClanton/home-templates.git', using 'master'
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
error:
… while calling the 'head' builtin
at /nix/store/4x11z78x84bvvx740jx16d312bvz82pv-source/lib/attrsets.nix:922:11:
921| || pred here (elemAt values 1) (head values) then
922| head values
| ^
923| else
… while evaluating the attribute 'value'
at /nix/store/4x11z78x84bvvx740jx16d312bvz82pv-source/lib/modules.nix:807:9:
806| in warnDeprecation opt //
807| { value = builtins.addErrorContext "while evaluating the option `${showOption loc}':" value;
| ^
808| inherit (res.defsFinal') highestPrio;
(stack trace truncated; use '--show-trace' to show the full trace)
error: program 'git' failed with exit code 128
Method 2
publicKey is stated to exist in the docs here Based on the error (seen bellow) it seems to imply that it either doesn’t exist, or does exist in builtins.fetchGit, but isn’t being passed to git correctly.
error:
… while calling the 'head' builtin
at /nix/store/4x11z78x84bvvx740jx16d312bvz82pv-source/lib/attrsets.nix:922:11:
921| || pred here (elemAt values 1) (head values) then
922| head values
| ^
923| else
… while evaluating the attribute 'value'
at /nix/store/4x11z78x84bvvx740jx16d312bvz82pv-source/lib/modules.nix:807:9:
806| in warnDeprecation opt //
807| { value = builtins.addErrorContext "while evaluating the option `${showOption loc}':" value;
| ^
808| inherit (res.defsFinal') highestPrio;
(stack trace truncated; use '--show-trace' to show the full trace)
error: unsupported Git input attribute 'publicKey'
Method 3
publicKeys.key is found in the same section in the docs here, however, this time the error (seen bellow) seems to imply that it publicKeys exists, but publicKeys.key doesn’t. Although the docs disagree, I tried replacing publicKeys.key with publicKeys but got the same error as occurred for publicKey (method 2).
error:
… while calling the 'head' builtin
at /nix/store/4x11z78x84bvvx740jx16d312bvz82pv-source/lib/attrsets.nix:922:11:
921| || pred here (elemAt values 1) (head values) then
922| head values
| ^
923| else
… while evaluating the attribute 'value'
at /nix/store/4x11z78x84bvvx740jx16d312bvz82pv-source/lib/modules.nix:807:9:
806| in warnDeprecation opt //
807| { value = builtins.addErrorContext "while evaluating the option `${showOption loc}':" value;
| ^
808| inherit (res.defsFinal') highestPrio;
(stack trace truncated; use '--show-trace' to show the full trace)
error: fetchTree argument 'publicKeys' is a set while a string, Boolean or integer is expected
Oddities Seen
While trouble shooting this, I encountered some odd behavior.
My Home Manager configuration pulls files from one other repo. It’s a public repo and is placed in my home directory via pkgs.fetchFromGitHub to home.file."${config.xdg.configHome}/tmux/plugins/tpm".source. It works fine.
However, at one point the contents of that repo was inserted at home.file."${config.xdg.userDirs.templates}".source. I was baffled by this, so I tried deleting them via my GUI file manager. They disappeared.
Once I re-ran my configuration, they showed up again in my GUI file manager. This time I wasn’t able to remove them. So I tried ls and they didn’t show up.
A restart fixed the issue.
Conclusion
This seems like a bug to me. Should I create an issue for it? If so, where? I presume in NixOS/nix issue tracker (but confirmation would be appreciated).