Nix does not use /etc/nix/nix.conf anymore

jisponitra · June 22, 2023, 11:13pm

I don’t know exactly when this started to happen but I used to be able to use nix-command and flakes experimental features without any additional flags by adding this to my config:

nix.settings.experimental-features = ["nix-command" "flakes"];

Now nix gives me an error every time I try to use any of these two experimental features:

error: experimental Nix feature 'nix-command' is disabled; use '--extra-experimental-features nix-command' to override

My /etc/nix/nix.conf looks like this:

# WARNING: this file is generated from the nix.* options in
# your NixOS configuration, typically
# /etc/nixos/configuration.nix.  Do not edit it!
allowed-users = *
auto-optimise-store = false
builders =
cores = 0
extra-sandbox-paths =
max-jobs = auto
experimental-features = nix-command flakes
require-sigs = true
sandbox = true
sandbox-fallback = false
substituters = https://cache.nixos.org/
system-features = nixos-test benchmark big-parallel kvm
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
trusted-substituters =
trusted-users = root

I’ve also tried with extra-experimental-features instead of experimental-features (the documentation is not very clear on which one you should use) but I got the same result.

NobbZ · June 23, 2023, 7:41am

Can you please check for a user configuration at ~/.config/nix/nix.conf?

Does it contain the experimental-features as well?

jisponitra · June 23, 2023, 6:07pm

That is one of the first things I checked. There is no ~/.config/nix/nix.conf. Is there any way I can troubleshoot this? Can I pass nix a config file to use to make sure my /etc/nix/nix.conf works correctly?

Solene · June 23, 2023, 6:17pm

I configured this an hour ago. I had to use

extra-experimental-features = nix-command flakes

jisponitra · June 24, 2023, 9:08am

So I made some more progress. I copied the global conf to my user conf directory (which was empty before):

sudo cp /etc/nix/nix.conf ~/.config/nix/nix.conf

and now everything works again.

So the title of this thread still stands. For some reason nix does not use my global /etc/nix/nix.conf

Does anyone have any ideas why?

Solene · June 24, 2023, 9:34am

Could you check the permissions of /etc/nix and /etc/nix/nix.conf ? If they have something like a chmod 000 or 500 with wrong ownership, it may explain the issue (but it would be weird to have this state on NixOS)

jisponitra · June 24, 2023, 9:39am

700 for /etc/nix and 777 for /etc/nix/nix.conf. Are these correct?

I also just remembered I recently changed to an “impermanence” setup where my / (and therefore also /etc) is a tmpfs file system. Could this be the issue?

Solene · June 24, 2023, 9:48am

Yes, this could be an issue. What if you use 755 for /etc/nix/ ?

jisponitra · June 24, 2023, 10:05am

Setting permissions of /etc/nix to 755 fixed it! Thank you @Solene !

I’m not entirely sure how to make this change permanent while keeping the directory in a tmpfs file system…

Solene · June 24, 2023, 10:12am

You can use systemd.tmpfiles.rules = [ "d /etc/nix/ 0755 root root" ];

jisponitra · June 24, 2023, 7:06pm

I just figured out what was changing the /etc/nix permissions. In the impermanence README the example config suggests to use:

files = [
    {
        file = "/etc/nix/id_rsa";
        parentDirectory = { mode = "u=rwx,g=,o="; };
    }
];

which causes the parent directory of /etc/nix/id_rsa, i.e. /etc/nix, to have 700 permissions.

I don’t know in what scenarios this is a good idea but it’s probably a very bad default for most users. It looks like an issue was created on this topic so hopefully it gets fixed soon so that users like me that copy paste config without paying too much attention don’t encounter these issues down the road.