Flake still using old packages

I converted my config to a flake and am getting errors that should be fixed in 23.11 i.e. electron 25.9.0 being EOL.

error: Package ‘electron-25.9.0’ in /nix/store/dg2g5qwvs36dhfqj9khx4sfv0klwl9f0-source/pkgs/development/tools/electron/binary/generic.nix:35 is marked as insecure, refusing to evaluate.

Is there somewhere else that the pkgs are being referenced from?

  description = "Michael's NixOS Flake";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
    home-manager = {
      url = "github:nix-community/home-manager/release-23.11";
      inputs.nixpkgs.follows = "nixpkgs";

  outputs = inputs @ {
  }: {
    nixosConfigurations = {
      nixos-desktop = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        modules = [

            home-manager.useGlobalPkgs = true;
            home-manager.useUserPackages = true;

            home-manager.extraSpecialArgs = { inherit inputs; };
            home-manager.users.mike = import ./home.nix;

I’ve even tried using unstable in home-manager like this:

{ config, pkgs, lib, inputs, ... }:
  unstable = import inputs.nixpkgs-unstable {
    system = pkgs.system;
    config.allowUnfree = true;
  home.packages = with pkgs; [


  home.stateVersion = "23.11";

  # Let home Manager install and manage itself.
  programs.home-manager.enable = true;

1 Like

did you try running, nix flake update? nix flakes have a flake.lock which needs to be updated for the system to get a new version. If you did that something in nixpkgs is pinned to electron-25.9.0 and has to be fixed upstream.

I did update my lock file. Shouldn’t another package pinning not effect obsidian on nix? Apologies but I’m still working hard to understand everything. How would I investigate this other than just peruse the GitHub and read the pkg files for my packages?

I missed the obsidian part :see_no_evil:
But trying to build it on unstable:

NIXPKGS_ALLOW_UNFREE=1 nix build github:nixos/nixpkgs/nixos-unstable#obsidian --impure

it throws the same error meaning the default electron version on unstable is currently marked as insecure.

Apologies but I’m still working hard to understand

Don’t worry, it takes some time.

How would I investigate this other than just peruse the GitHub and read the pkg files for my packages?

this differs from case to case I don’t think I can give a good answer for that.

Thank you, that’s very helpful to know I am not messing something up. When I take a look at the pkg in nixpkgs it only seems to ask for electron. When I use the nix package search it seems it would resolve to a newer version on every channel and 28.0.0 on unstable. It does seem that some packages reference a electron_25 but not obsidian. Do you know where this pinning could be happening?

Same issue here after updating my flake.lock. Here’s the full error:

building the system configuration...
       … while calling the 'head' builtin

         at /nix/store/4fgs7yzsy2dqnjw8j42qlp9i1vgarzy0-source/lib/attrsets.nix:936:11:

          935|         || pred here (elemAt values 1) (head values) then
          936|           head values
             |           ^
          937|         else

       … while evaluating the attribute 'value'

         at /nix/store/4fgs7yzsy2dqnjw8j42qlp9i1vgarzy0-source/lib/modules.nix:809:9:

          808|     in warnDeprecation opt //
          809|       { value = builtins.addErrorContext "while evaluating the option `${showOption loc}':" value;
             |         ^
          810|         inherit (res.defsFinal') highestPrio;

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: Package ‘electron-25.9.0’ in /nix/store/4fgs7yzsy2dqnjw8j42qlp9i1vgarzy0-source/pkgs/development/tools/electron/binary/generic.nix:35 is marked as insecure, refusing to evaluate.

packages are added to any package-set by using the callPackage function. which allows you to override default functions. In the case of obsidian there is a entry in the all-packages.nix saying:

  obsidian = callPackage ../applications/misc/obsidian {
    electron = electron_25;

you could open a issue, or (which would be really cool) try doing a pr updating that version requirement or removing it if possible. Feel free to ping me for review/merges (@Janik-Haag on github)


In the meantime you might be able to resolve your problem by doing something like

obsidian.override { elctron = pkgs.newerElectronVersion };

you can take a look at https://github.com/search?q=lang%3Anix+.override+{&type=code for examples


Ok, I found the reference in all-packages.nix and learned something new. It seems according to this forum Electron 25 is now EOL, please upgrade to a newer version - #4 by WhiteNoise - Feature requests - Obsidian Forum, the pinned version is required for the application to function properly and won’t be revved until the next major release. Another user has had no luck overriding the version with the application failing to function. It seems the only real solution is to follow the suggestions of nix to set nixpkgs.config.permittedInsecurePackages to electron-25.9 or just quit using the package until a new obsidian release that uses a more current version of electron. Thanks so much Janik.