Diffing module system configurations

In my looking into nixos-facter (well, actually nixos-facter-modules) I have replaced my hardware related config values with usage of facter and then wanted to observe the differences between the original system and the new one. That is my current motivation for being able to diff module system configs, but this is likely a common desire for many different reasons methinks.

If I know my Nix well enough, there are three primary lenses to observe changes between two configurations:

  1. the evaluated config value
  2. some or other derivation that is included in that value
  3. realized store paths of above mentioned derivation

For number two, nix-diff has been serving me well. Thank you @Gabriel439.
For number three, well, it’s arbitrary files, whatever they are, so diff works. But, of course, store paths have dependencies and nix-tree has been doing great work there for me. Thank you @utdemir.
But I’ve found myself wanting to know what config values are different between two configs. And I’m not sure how to achieve that. I tried the following in a repl:

:p nixosConfigurations.someConfig.config

But that does not end well. Or at all. I killed it before it consumed all my memory. Apparently, at least in a NixOS configuration (probably not just that specific one) that value includes a number of derivation values which make this approach impractical.

But in theory, I suppose this value could be filtered and then serialized to JSON and then diffed. I’m sure that some of us are expert enough to see into the future of such an implementation and shed light on it here, if they be so kind.

Mentioning Feature Request: Diffing NixOS systems · Issue #190033 · NixOS/nixpkgs · GitHub.

6 Likes

As it’s relevant, I’ll mention NVD here, as well as the Discourse post surrounding it.

1 Like
1 Like

Here’s an old attempt of mine to try and diff the actual config options rather than the system closure output: feat: capture the config values being set by facter modules by brianmcgee · Pull Request #9 · nix-community/nixos-facter-modules · GitHub

It only ever worked in the trivial case, quickly throwing recursive eval errors on more complex systems.

I spoke with @Infinisil about it during the last NixCon and have had conversations with @roberth about it, too. It’s inherently challenging to diff the nix config, and as mentioned in that PR I linked, it might require changes to the module system to make possible feat: capture the config values being set by facter modules by brianmcgee · Pull Request #9 · nix-community/nixos-facter-modules · GitHub

1 Like