Clickbaity title
So I needed to use a Deno package on my NixOS server, but it would only build with sandbox turned off. But… I really wanted to keep my machine “pure” (avoid --impure
flag when building/deploying).
I stumbled upon this cool trick [1] where you can import .nar archives directly as if they’re regular derivations:
importnar = name: url: hash: import <nix/fetchurl.nix> {
inherit name url hash;
unpack = true;
};
So I decide to try and make a CI workflow that builds the package with sandbox off, exports the .nar file, and then use <nix/fetchurl.nix>
with unpack
set to true.
It’s totally a weird and niche workaround, but I thought it was pretty neat!