Hi all,
I’ve been experimenting with setting up a clean and reproducible environment on nixos, and overall I really like the declarative approach. That said, I ran into a bit of confusion when it comes to handling software that isn’t packaged in nixpkgs or doesn’t follow the usual open-source distribution model.
In some communities, I’ve seen people mention using tools in contexts like roblox that don’t always have clearly defined installation or dependency paths for Nix-based systems. This got me thinking about how you’d properly integrate something like that into a Nix environment without breaking reproducibility or going against best practices.
If a tool requires manual setup, external downloads, or runs outside the standard package management flow, does that basically defeat the purpose of using nixos? Or are there accepted ways to sandbox or wrap these kinds of tools so they don’t interfere with the system’s declarative nature?
I’m also wondering how this ties into security and trust. Since nixos emphasizes reproducibility and verifiable builds, how do you approach software that doesn’t provide that level of transparency? Is it better to isolate it completely, or are there patterns people follow to still bring it into their workflow safely?
Just trying to understand how others deal with this balance between flexibility and staying true to the Nix philosophy. Would really appreciate any thoughts or experiences.