Cannot access absolute path '/nix/store/secrets'

safri · March 2, 2026, 3:09am

nix/home/core/sops.nix

{config, ...}: {
  sops = {
    defaultSopsFile = ../../secrets/secrets.yaml;
    defaultSopsFormat = "yaml";
    age = {
      keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
      generateKey = false;
    };
  };
}

Where secrets.yaml is at: nix/secrets/secrets.yaml

Error:

error:
       … while calling the 'derivationStrict' builtin
         at <nix/derivation-internal.nix>:37:12:
           36|
           37|   strict = derivationStrict drvAttrs;
             |            ^
           38|

       … while evaluating derivation 'home-manager-generation'
         whose name attribute is located at /nix/store/kzqqrhnhh9q3dnrj3x10cdihmj09yc8p-source/pkgs/stdenv/generic/make-derivation.nix:536:13

       … while evaluating attribute 'buildCommand' of derivation 'home-manager-generation'
         at /nix/store/kzqqrhnhh9q3dnrj3x10cdihmj09yc8p-source/pkgs/build-support/trivial-builders/default.nix:80:17:
           79|         enableParallelBuilding = true;
           80|         inherit buildCommand name;
             |                 ^
           81|         passAsFile = [ "buildCommand" ] ++ (derivationArgs.passAsFile or [ ]);

       … while evaluating the option `home.file."/home/safri/.config/systemd/user/default.target.wants/sops-nix.service".source':

       … while evaluating definitions from `/nix/store/bn63ba3kmrsicpc9ss8cyafqdcywbi20-source/modules/misc/xdg.nix':

       … while evaluating the option `xdg.configFile."systemd/user/default.target.wants/sops-nix.service".source':

       … while evaluating definitions from `/nix/store/bn63ba3kmrsicpc9ss8cyafqdcywbi20-source/modules/systemd.nix':

       … while evaluating the option `systemd.user.services.sops-nix.Service.ExecStart':

       … while evaluating definitions from `/nix/store/ri0m6qhhhc8n55fjwll9icrsnjgpws60-source/modules/home-manager/sops.nix':

       (stack trace truncated; use '--show-trace' to show the full, detailed trace)

       error: access to absolute path '/nix/store/secrets' is forbidden in pure evaluation mode (use '--impure' to override)

Whereas a temporary fix is to create a sops.nix in the parent directory of the secrets.yaml and then import that both as a home-manager and nixos module.

I’m also having this issue in other areas:

Trying to import my bookmarks.nix (in home-manager) from a nixos module spits out a very similar error. While the sops case isn’t the end of the world, the point of this bookmarks.nix is that I only have to declare it once and then the same file is used both system and home wide. I’m also just curious as to why this is happening because I didn’t have this issue before.

Any help would be appreciated!

tejing · March 2, 2026, 3:12am

I would search for anyplace you’re antiquoting path-types where you shouldn’t be, particularly in imports. This would cause a copy to the nix store of some subdirectory of your flake. If you then import from that copy, parent directories in further path-types would hit the nix store too soon, since the copy was separated out as a store object of its own.

I would check your code myself, but codeberg flags my browser as a scraper, so I can’t see anything but the top level of a repo.

safri · March 2, 2026, 9:12pm

I thought that too but I’m not so sure that’s the issue, the provided home/sops.nix file is definitely what’s stopping home-manager from building as removing its import builds the system just fine.

This also didn’t happen before a nix flake update which broke my home’s sops.nix as well as my system’s bookmarks.nix that is meant to import from the dotfiles home/ directory.

tejing · March 2, 2026, 10:53pm

I did a git clone so I could actually look at it.

In hosts/yuki/home.nix, you have these lines:

let
  home = ../../home;
in {
  imports = [
    "${home}/emacs"
    "${home}/cli"
    "${home}/tui"
    "${home}/gui"
    "${home}/multimedia"
    "${home}/web"
    "${home}/social"
    "${home}/japanese"
    "${home}/nix"
    "${home}/productivity"
    "${home}/core"
    ../../secrets/sops.nix
  ];

This is exactly the kind of thing I was talking about. The antiquotes are copying the ../../home directory into a separate store object, which would cause exactly this problem.

You can rewrite those as (home + "/emacs") and so on, and that shouldn’t cause the same problems.

safri · March 3, 2026, 9:51pm

Oh that’s a dumb mistake, thank you for helping me!