Can't `nixos-rebuild switch` under doas?

matklad · January 27, 2021, 9:00am

Hi! I am experimenting with switching from sudo to doas. I’ve enabled security.doas.enable option, but, for some reason, I can’t use doas to upgrade the system:

λ doas nixos-rebuild switch
doas (matklad@moby) password: 
error: file 'nixpkgs/nixos' was not found in the Nix search path (add it using $NIX_PATH or -I), at (string):1:13
building Nix...
error: file 'nixpkgs/nixos' was not found in the Nix search path (add it using $NIX_PATH or -I)
error: file 'nixpkgs' was not found in the Nix search path (add it using $NIX_PATH or -I)
error: file 'nixpkgs/nixos/modules/installer/tools/nix-fallback-paths.nix' was not found in the Nix search path (add it using $NIX_PATH or -I)
/tmp/nixos-rebuild.vlGIrs/nix
error: file 'nixpkgs' was not found in the Nix search path (add it using $NIX_PATH or -I)
building the system configuration...
error: file 'nixpkgs/nixos' was not found in the Nix search path (add it using $NIX_PATH or -I)

The equivalent sudo invocation works. Has anyone seen this problem already?

lafeychine · January 27, 2021, 9:29am

By default, security.doas.extraRules have keepEnv set to false.
With this protection, any doas command will remove NIX_PATH.

security.doas.extraRules = [{
    users = [ "yourUser" ];
    keepEnv = true;
}];

See configuration.nix(5): security.doas.extraRules.

pniedzwiedzinski · February 9, 2021, 2:42pm

I use different nix channels for my user and for system (root) so I had to set the NIX_PATH explicitly:

extraRules = [{
  groups = [ "wheel" ];
  setEnv = [ "NIX_PATH=nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels" ];
}];

Is there a better solution for this?