Issues building python application

Help
1

Hi,

I have a background in puppet, and for deploying python applications am used to just creating a venv, pulling a package from pypi, and wrapping it in a systemd unit. Now that I’m slowly experimenting a bit with nixos for personal use, I’m running into a first big hurdle that I can’t seem to figure out no matter how much documentation I read. From what I understand, the nix-way to solve this issue of deploying my application, is to create a ‘derivation’.

My current set-up looks like this (simplified a lot)

Directory structure:

modules/dungeondice/default.nix
modules/dungeondice/pythonapplication.nix
flake.nix

Where In my flake.nix I take care of creating hosts and importing modules/dungeondice

My default.nix:

{ pkgs, ... }:

let
  dungeondice = pkgs.callPackage ./pythonapplication.nix {};
in {
  environment.systemPackages = [ dungeondice ];
}

pythonapplication.nix:

{
  lib,
  python3Packages,
}:

python3Packages.buildPythonApplication rec {
  pname = "dungeondice";
  version = "1.3.3";
  pyproject = true;

  src = with python3Packages; fetchPypi {
    inherit pname version;
    hash = "sha256-0dylwdbkickyn9nhxlsrcj7k3brlg1lh5k073w0shjxhwkjh5g4c";
  };

  nativeBuildInputs = with python3Packages; [
    hatchling
  ];

  propagatedBuildInputs = with python3Packages; [
    discordpy
    python-dotenv
  ];

  meta = {
    description = "Dice rolling bot for D&D games on discord.";
    homepage = "https://github.com/jwizzle/dungeondice";
    license = lib.licenses.agpl3Only;
  };
}

So from what I understand should be happening here, is that callPackage passes along python3Packagesto pythonappplication.nix. That builds my application. And this in turn returns a reference to the built thing. Which in turn I can add to my systemPackages to make it available on my system. (please already correct me if my mental model is incorrect here of what should be happening).

Now when I use `sudo nixos-rebuild switch --flake ~/.config/home-manager#jwizz-desktop --verbose` I get some output that I can’t work with at all:

Traceback (most recent call last):
  File "/nix/store/qbrx5yh7w11zaqrr0kxdgszz0svr3421-nixos-rebuild-ng-25.11/lib/python3.13/site-packages/nixos_rebuild/__init__.py", line 352, in main
    execute(sys.argv)
    ~~~~~~~^^^^^^^^^^
  File "/nix/store/qbrx5yh7w11zaqrr0kxdgszz0svr3421-nixos-rebuild-ng-25.11/lib/python3.13/site-packages/nixos_rebuild/__init__.py", line 315, in execute
    services.build_and_activate_system(
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
        action=action,
        ^^^^^^^^^^^^^^
    ...<6 lines>...
        grouped_nix_args=grouped_nix_args,
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    )
    ^
  File "/nix/store/qbrx5yh7w11zaqrr0kxdgszz0svr3421-nixos-rebuild-ng-25.11/lib/python3.13/site-packages/nixos_rebuild/services.py", line 301, in build_and_activate_system
    path_to_config = _build_system(
        attr=attr,
    ...<5 lines>...
        grouped_nix_args=grouped_nix_args,
    )
  File "/nix/store/qbrx5yh7w11zaqrr0kxdgszz0svr3421-nixos-rebuild-ng-25.11/lib/python3.13/site-packages/nixos_rebuild/services.py", line 173, in _build_system
    path_to_config = nix.build_flake(
        attr,
    ...<2 lines>...
        | grouped_nix_args.flake_build_flags,
    )
  File "/nix/store/qbrx5yh7w11zaqrr0kxdgszz0svr3421-nixos-rebuild-ng-25.11/lib/python3.13/site-packages/nixos_rebuild/nix.py", line 87, in build_flake
    r = run_wrapper(run_args, stdout=PIPE)
  File "/nix/store/qbrx5yh7w11zaqrr0kxdgszz0svr3421-nixos-rebuild-ng-25.11/lib/python3.13/site-packages/nixos_rebuild/process.py", line 137, in run_wrapper
    r = subprocess.run(
        run_args,
    ...<7 lines>...
        **kwargs,
    )
  File "/nix/store/cdaifv92znxy5ai4sawricjl0p5b9sgf-python3-3.13.11/lib/python3.13/subprocess.py", line 577, in run
    raise CalledProcessError(retcode, process.args,
                             output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['nix', '--extra-experimental-features', 'nix-command flakes', 'build', '--print-out-paths', '/home/jwiersma/.config/home-manager#nixosConfigurations."jwizz-desktop".config.system.build.toplevel', '--no-link', '-v']' returned non-zero exit status 1.

Could someone help me on my way to find out what is going on here?

2

Instead of --verbose, can you run the command again with -L? I think the actual error is being swallowed by the verbose context.

--verbose is for debugging nixos-rebuild, not your configuration, don’t use it unless you develop on NixOS itself.

3

Hey thanks for the info.

Still no dice doing that:

Command 'nix --extra-experimental-features 'nix-command flakes' build --print-out-paths '.#nixosConfigurations."jwizz-hn".config.system.build.toplevel' --no-link --print-build-logs' returned non-zero exit status 1.

Now what I’m trying is to isolate the issue by moving the default.nix and pythonapplication.nix to a separate folder on my system. And changing the default.nix to:

{ pkgs ? import <nixpkgs> {} }:

pkgs.callPackage ./pythonapplication.nix {}

Then using nix-build default.nix. Which seems to exit with code 1. But once again I have no idea where it fails. -L doesn’t seem to exist for the command, and -vvvv doesn’t give me much useful information.

4

This seems not to be a correct sha256 hash

nix hash to-base16 sha256-0dylwdbkickyn9nhxlsrcj7k3brlg1lh5k073w0shjxhwkjh5g4c
error: invalid SRI hash ‘0dylwdbkickyn9nhxlsrcj7k3brlg1lh5k073w0shjxhwkjh5g4c’

1 Like
5

What I gathered from documentation is that if the hash is incorrect it should just output the correct one tho.

For test’s sake I now did this so it’s at least a correct hash, with the same results:

{
  lib,
  python3Packages,
}:

let
  fakehash = lib.fakeSha256;
in python3Packages.buildPythonApplication rec {
  pname = "dungeondice";
  version = "1.3.3";
  pyproject = true;

  src = with python3Packages; fetchPypi {
    inherit pname version;
    hash = "sha256-${fakehash}";
  };

  nativeBuildInputs = with python3Packages; [
    hatchling
  ];

  propagatedBuildInputs = with python3Packages; [
    discordpy
    python-dotenv
  ];

  meta = {
    description = "Dice rolling bot for D&D games on discord.";
    homepage = "https://github.com/jwizzle/dungeondice";
    license = lib.licenses.agpl3Only;
  };
}
6

No, they’re right, if the hash is malformed nix will crash without an error message. I forget if this is a lix or a nix bug, and I was under the impression that it had already been fixed, but apparently not.

lib.fakeSha256 doesn’t produce a valid suffix for an sri hash, so you still have an invalid hash. Use hash = lib.fakeHash;, or just use this:

{ lib, python3Packages }:
let
  pname = "dungeondice";
  version = "1.3.3";
in
python3Packages.buildPythonApplication {
  inherit pname version;
  pyproject = true;

  src = python3Packages.fetchPypi {
    inherit pname version;
    hash = "sha256-FDUD877UqivGcwYAX/EuqDcN9EYYsgqwy/x5zNegwgA=";
  };

  nativeBuildInputs = with python3Packages; [ hatchling ];

  propagatedBuildInputs = with python3Packages; [
    discordpy
    python-dotenv
  ];

  meta = {
    description = "Dice rolling bot for D&D games on discord.";
    homepage = "https://github.com/jwizzle/dungeondice";
    license = lib.licenses.agpl3Only;
  };
}

You’ll find that you’ll have to package newer versions of discordpy and python-dotenv as well, or more likely, patch the pyproject.toml to accept the nixpkgs versions (and/or use unstable or build an older version of dungeondice).

7

Aaaaah, I indeed get actual errors now because of the dependency issues.

Thanks a lot both, that’s something I can work with!