How to upgrade nix on macOS with home-manager

I have Nix 2.10.3 running on macOS with the default multi-user installation and the home-manager standalone installation.

I want to upgrade Nix to the current version. I found the upgrade guide for macOS in the Nix manual and this response to a similar question in this forum Upgrade nix 2.3 to 2.6 in non NixOS - #2 by TLATER

Both are imperative installations, so I’m asking what is the home-manager way of upgrading Nix on macOS?

You’ll want to set nix.package, and then simply add the nix package to home.packages.

This won’t “upgrade” the nix you installed using the nix install script, that nix is inherently imperatively installed, but it will make the newer version of nix the one you access through your user’s profile, which is what you want.

I’m not sure where the nix installed by the script ends up, presumably that’s also in the user env, just installed separately, and you can uninstall it with nix-env? It doesn’t seem to be present for me anymore since I switched to using nix profile.


Sweet, that worked nicely!

Do you know where nix is taken from without nix.package = pkgs.nix?

I’m not sure where the nix installed by the script ends up, presumably that’s also in the user env, just installed separately, and you can uninstall it with nix-env ?

It’s not in my user env. There’s only home-manager. But I found it like this:

$ sudo nix-env -q
warning: $HOME ('/Users/jost') is not owned by you, falling back to the one defined in the 'passwd' file ('/var/root')

Can/should I uninstall nix from there? Would you know how?

It’s only used to decide how certain types should be written in the nix config: home-manager/nix.nix at d1c7730bb707bf8124d997952f7babd2a281ae68 · nix-community/home-manager · GitHub

If you don’t specify a nix config it’s simply unused. If you do specify a nix config nix will complain if the option is unset.

Since you changed away from the default version, it’s prudent to actually set the package so you don’t forget in the future.

For bonus points, you can use the following config to make sure they always match:

{config, pkgs, ...}: {
  nix.package = pkgs.nix; # Or whichever version you prever
  home.packages = [
    # You can refer to things defined in your config using `config.`, and
    # since `nix.package` is a package you can install it directly into your
    # profile like so

You’d do so using sudo nix-env --uninstall nix nss-cacert.

That said, I’ve never used nix on MacOS, so maybe the cacerts have to be present on the root env or the nix daemon is started from the root user or something… The packages are not huge, so probably doesn’t hurt to keep them around.

1 Like

Cool, did that!

And I uninstalled the root nix. Mission accomplished and I learned something. Thanks a bunch!


Wait, uninstalling the root nix broke nix. Now I don’t have access to nix commands any longer. I probably could just re-install nix, but do you know of another way that doesn’t rely on that root installation, @TLATER?

There likely isn’t, the nix-daemon script is gone:

$ ls /nix/var/nix/profiles/default/etc/profile.d/ 
ls: /nix/var/nix/profiles/default/etc/profile.d/ No such file or directory
~  $ ls /nix/var/nix/profiles/default/etc/profile.d/             
ls: /nix/var/nix/profiles/default/etc/profile.d/: No such file or directory

That’s unexpected (to me).

During installation there’s this related output:

~~> Setting up the default profile

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo HOME=/var/root /nix/store/6x7nr1r780fgn254zhkwhih3f3i8cr45-nix-2.13.2/bin/nix-env -i /nix/store/6x7nr1r780fgn254zhkwhih3f3i8cr45-nix-2.13.2

to install a bootstrapping Nix in to the default profile

installing 'nix-2.13.2'
building '/nix/store/m1s7dvhs4qh2jg0b3a28pwaqd88js6r8-user-environment.drv'...

---- sudo execution ------------------------------------------------------------
I am executing:

    $ sudo HOME=/var/root /nix/store/6x7nr1r780fgn254zhkwhih3f3i8cr45-nix-2.13.2/bin/nix-env -i /nix/store/pl497357lkfpvdr8v4pfan16k7jna2l2-nss-cacert-3.83

to install a bootstrapping SSL certificate just for Nix in to the default profile

replacing old 'nss-cacert-3.83'
installing 'nss-cacert-3.83'

Hah, yes, fair enough, I was a bit surprised that it just worked despite the multi-profile installation. When using nix on non-NixOS I typically install it in single user mode, so other users don’t need separate nix installations, but looks like the root user is in fact always in charge of launching the daemon in multi-user mode.

This makes sense, because nix of course needs permissions to write to /nix/store, which it won’t have as a non-root user. See the security chapter in the nix manual for more. It doesn’t elaborate as much on the security as you’d hope given the chapter name, but it does explain the need for a daemon and the two security “modes”.

Reinstalling with the script should be fine.

There’s no single user mode under macOS any longer. You have to install in multi-user mode.

Yes, it worked fine. I was surprised that uninstalling nix deletes the daemon and shell hook.

Anyway, I still consider this solved =)

1 Like

I’m coming back to this after a while. My nix version is still at 2.13.2, where I left off, even though I’ve switched the home manager configuration a couple of times in the meanwhile.

So it’s not actually working, and which nix is pointing to

$ nix --version
nix (Nix) 2.13.2
~  $ which nix

It’s confusing me, what am I missing? My ~/.config/nixpkgs.home.nix contains

  home.username = "jost";
  home.homeDirectory = "/Users/jost";

  nix.package = pkgs.nix;

  nixpkgs.overlays = overlays;

  home.packages = [

Anyone knows how to fix this?

What’s type -a nix say?

$ type -a nix
nix is /Users/jost/.nix-profile/bin/nix
nix is /nix/var/nix/profiles/default/bin/nix

and /nix/var/nix/profiles/default/bin/nix --version?

I don’t use HM, but I’d guess since neither flakes nor channels are mentioned here, that you may be rebuilding your HM config but not updating your channels.

If you aren’t advancing your channels (at least, when you’re using channels), there’ll never be new package versions in your package set. (Unless you’re overriding/overlaying to add new versions, of course.)

1 Like
$ /nix/var/nix/profiles/default/bin/nix --version
nix (Nix) 2.13.2

hah, it’s the old version too.

Yeah, that makes sense to me. I’ve updated the channel and need to resolve a conflict between home-manager 23.11 and nixpkgs 23.05.

Regardless, if which nix gives me the one from .nix-profile, does it matter what /nix/var/nix/profiles/default/bin/nix is?

I’m not certain, but I imagine HM is using .nix-profile. You could probably gut-check that by seeing if that’s where type cachix reports.

I think the one in /nix/var/nix/profiles/default/bin/nix is the one set up by the installer (you could technically update this one, but you probably don’t need to worry about that as long as the one you ~want is first on PATH).

Ah yes, it’s the other way around. HM packages reside in .nix-profile!

$ type cachix
cachix is /Users/jost/.nix-profile/bin/cachix

Great, so once I resolve the home-manager generation switch, I should be set up. Will report back, thank you @abathur!

1 Like

Yup, here we go!

$ nix --version
nix (Nix) 2.17.0
1 Like