Correct usage of environment.systemPackages in flakes

Another noob question here. I wanted to create a flake to install packages

*flake.nix *

{
  description = "Pentesting Tools";

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
    utils.url = "github:numtide/flake-utils";
  };

  outputs = { self, nixpkgs, utils, ... }@inputs:
    let
      lib = nixpkgs.lib;
      # to work with older version of flakes
      lastModifiedDate = self.lastModifiedDate or self.lastModified or "19700101";

      # Generate a user-friendly version number.
      version = builtins.substring 0 8 lastModifiedDate;
    in
    {
      nixosModules = {
        inherit lib;
        default = import ./modules;
      };

      packages =
        let
          system = "x86_64-linux";
          pkgs = import nixpkgs { inherit system; };
        in
        utils.lib.eachDefaultSystemMap (system: {
          porch_pirate = pkgs.callPackage ./pkgs/porch_pirate { };
        });
    };
  }

*/mdoules/default.nix *

{ config, lib, pkgs, ... }:

let 
  cfg = config.pentesting;
in 
{
  options.pentesting= {
    enable  = lib.mkEnableOption {
      default = true;
      description = "newtwork analysis";
    };
   ...
  };

  config = lib.mkIf cfg.enable {
    environment.systemPackages = with pkgs; [
      ghidra # A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission
      spoofer-gui # Assess and report on deployment of source address validation
      spoofer # Assess and report on deployment of source address validati
    ];
  };

  imports = [
    ./audit.nix
    ./bruteforce.nix
    ./generators.nix
    ./ids.nix
    ./explotation.nix
    ./mitmproxy.nix
    ./osint.nix
    ./sniffer.nix
    ./vulnerability.nix
  ];
}

However, even after running sudo nixos-rebuild --flake '.#' switch --upgrade the packages I defined in the flake are not installed

  config = lib.mkIf cfg.enable {
    environment.systemPackages = with pkgs; [
      ghidra

I am pretty sure something is missing , so what I have to do, that the packages defined in the flake are installed?

What you’ve defined is a set of modules someone can import from your flake, not a nixosConfiguration. nixos-rebuild should have given you an error of some kind - you need to import that module in a NixOS config for it to have any meaning.

You’d need another flake for your system config that does something like:

{
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
    pentesting.url = "gitlab:papanito/nix-flake-pentesting";
  };

  outputs = { nixpkgs, pentesting, ... }: {
    nixosConfigurations.<hostname> = nixpkgs.lib.nixosSystem {
      system = "<host architecture>";
      modules = [
        ./configuration.nix
        pentesting.nixosModules.default
      ];
    };
  };
}

While I’m here:

That switch only does anything with channels, to upgrade a nix flake you need to use nix flake update (or nix flake lock --update-input) explicitly.

Many thanks @TLATER to have a look at my issue

This is what I have, currently using a local path for testing

{
  inputs = {
    agenix.url = "github:ryantm/agenix";
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
    disko.url = "github:nix-community/disko";
    pentesting = {
      url = "/home/papanito/Workspaces/papanito/nix-pentesting";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs = { self, nixpkgs, disko, ... }@inputs:
    let
      # System types to support.
      supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];

      # Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'.
      forAllSystems = nixpkgs.lib.genAttrs supportedSystems;

      # Nixpkgs instantiated for supported system types.
      nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; overlays = [ self.overlay ]; });

      system = "x86_64-linux";
      pkgs = nixpkgs.legacyPackages.${system};
    in
    {
    pkgs = forAllSystems (system:
      let pkgs = nixpkgs.legacyPackages.${system};
      #in { default = import ./pkgs { inherit pkgs; }; }
      in { inherit pkgs; }
    );

    nixosConfigurations = {
      clawfinger = nixpkgs.lib.nixosSystem {
        specialArgs = { inherit inputs; };
        inherit system;
        modules = [
          ./configuration.nix
          ./hosts/clawfinger # Include the results of the hardware scan.
          ./users.nix
          inputs.agenix.nixosModules.default
          inputs.pentesting.nixosModules.default
...

Yes I also do run nix flake update, but still no packages installed…

1 Like

should adding the flake to

modules = [

enough, or do I need to do something else.

That should be fine. Something else is going wrong if the packages aren’t being installed, your configuration looks correct.

Maybe untangle it a bit by first just copying the module without the flake indirection to your config and adding it to modules there. That’d show whether your configuration, flake, or inputs are wrong.

I have defined options defaulting to true

{ config, lib, pkgs, ... }:

let 
  cfg = config.pentesting;
in 
{
  options.pentesting= {
    enable  = lib.mkEnableOption {
      default = true;
      description = "newtwork analysis";
    };
    audit = lib.mkEnableOption {
      default = true;
      description = "audit and configuration checks";
    };

However, seems this does not work. I have to explicitly in my config

  pentesting = {
    enable = true;
    audit = true;
    bruteforce = true;
    ...
  };
}

Ah, yeah, huh. That’s not how enable options are defined, they only take a name: nixpkgs/lib/options.nix at d53c5937fcc4ace8b4ecedeb247041729638a08a · NixOS/nixpkgs · GitHub

Surprising that that even works with a non-string type.

1 Like