Flake registry from a private GitHub repo?

magthe · April 29, 2025, 9:48am

I’m trying to use a flake registry to see if that would help us syncing our projects’ dependencies and make our cache a bit more useful and cut down on times individual developers are stuck waiting for a massive rebuild of Haskell packages.

Ideally I’d like to keep the registry file, flake-registry.json, in private repo on GitHub, but I can’t work out if there’s a way to set the nixConfig.flake-registry so it works. All I find online suggests that if I want to fetch an individual file using curl then I’ll need to add headers to the request… something that I don’t think is possible to set up using nixConfig in a flake. Or is it?

I’ve also tried using URIs with the protocol 'git+httpsbut that seems to not be supported for theflake-regsitry` (even though it works fine for inputs).

Is there a way to do this at all?

magthe · April 29, 2025, 1:10pm

It’s actually possible to download a raw file from a private repo using a URL like

  nixConfig.flake-registry = "https://${GITHUB_TOKEN}@raw.githubusercontent.com/<user|org>/<repo>/<branch>/flake-registry.json";

but I’m not sure it’s possible to read the GitHub token from the environment.

ericgundrum · April 29, 2025, 4:56pm

I configure my system to set system registry entries with nix.registry such as

    nix.registry = {
      nixpkgs = {
        from.type = "indirect";
        from.id = "nixpkgs";
        to.type = "git";
        to.url = "file:///nix/nixpkgs";
      };
      nixos-hardware = {
        from.type = "indirect";
        from.id = "nixos-hardware";
        to.type = "git";
        to.url = "file:///nix/flake-cache/nixos-hardware.git";
      };
    };

or

  nix.registry = {
    nixpkgs = {
      from = {
        type = "indirect";
        id = "nixpkgs";
      };
      to = {
        type = "git";
        url = "https://github.com/nixos/nixpkgs.git";
      };
    };
    nixos-hardware = {
      from = {
        type = "indirect";
        id = "nixos-hardware";
      };
      to = {
        type = "git";
        url = "https://github.com/nixos/nixos-hardware.git";
      };
    };
  };

nix registry list then shows those entries.

However, as far as I can tell, nixos-rebuild still pulls global flake:nixpkgs unless the root flake has a value for inputs.nixpkgs.url. I haven’t yet tried to figure out why.

NobbZ · April 30, 2025, 8:16am

There is currently a bug in nix that ignores any but the global registry under some commands.

It is fixed on master IIRC.

github.com/NixOS/nix

User registry ignored on `nix eval` and `nix build`

opened 07:46AM - 19 Apr 25 UTC

closed 11:33AM - 24 Apr 25 UTC

SharzyL

bug regression

## Describe the bug Since #12979 not only the behavior of locking is changed, b…ut also the behavior of `nix build` and `nix eval`. ## Steps To Reproduce ```console $ nix --version nix (Nix) 2.28.1 $ nix registry add p nixpkgs $ nix eval p#path /nix/store/0d3h8gi2q46fb4l563h6pginjw2a90r4-source ``` ```console $ nix --version nix (Nix) 2.29.0pre20250418_f683a55 $ nix registry add p nixpkgs $ nix eval p#path error: cannot find flake 'flake:p' in the flake registries ``` ## Expected behavior `nix build` and `nix eval` should also respect the user registry. ## Metadata ## Additional context ## Checklist - [x] checked [latest Nix manual] \([source]) - [x] checked [open bug issues and pull requests] for possible duplicates [latest Nix manual]: https://nixos.org/manual/nix/unstable/ [source]: https://github.com/NixOS/nix/tree/master/doc/manual/source [open bug issues and pull requests]: https://github.com/NixOS/nix/labels/bug --- Add :+1: to [issues you find important](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc).

github.com/NixOS/nix

`nix run`/`nix shell` now ignores user and system registries

opened 04:03PM - 28 Apr 25 UTC

closed 10:21PM - 28 Apr 25 UTC

MichailiK

bug

## Describe the bug `nix run` or `nix shell` seem to now ignore user and system… registry flakes, which was previously not the case. This is problematic for users who opt out of the global registry & use the user/system registries instead: ``` $ nix registry list system flake:nixpkgs path:/nix/store/...-source?lastModified=1745526057&narHash=sha256-...&rev=f771eb... system flake:nixpkgs-unstable path:/nix/store/...-source?lastModified=1745377448&narHash=sha256-...&rev=507b63... $ nix run nixpkgs#hello error: cannot find flake 'flake:nixpkgs' in the flake registries ``` ## Steps To Reproduce 1. Add a system registry to `/etc/nix/registry.json` or user registry in `~/.config/nix/registry.json` 2. (Optional) disable the global registry by setting `flake-registry = ""` 3. Try to `nix run` or `nix shell` a package thats inside a user/system registry ## Expected behavior User/system flakes should not be ignored when using `nix run`/`nix shell` ## Metadata nix-env (Nix) 2.28.2 ## Additional context This is likely related to: - #13090 ## Checklist - [x] checked [latest Nix manual] \([source]) - [x] checked [open bug issues and pull requests] for possible duplicates [latest Nix manual]: https://nixos.org/manual/nix/unstable/ [source]: https://github.com/NixOS/nix/tree/master/doc/manual/source [open bug issues and pull requests]: https://github.com/NixOS/nix/labels/bug --- Add :+1: to [issues you find important](https://github.com/NixOS/nix/issues?q=is%3Aissue+is%3Aopen+sort%3Areactions-%2B1-desc).

Mic92 · April 30, 2025, 8:17am

It’s also fixed in nixpkgs-unstable and nix 2.28.3