`nixos-generators` from single user `nix` install has ownership issues

The problem

On a laptop, I am using a single user install nix on a non-NixOS Linux distro.

I am trying to use nixos-generators to declaratively setup Qemu virtual machines.

# flake.nix
  inputs.nixpkgs.url = "nixpkgs/nixos-unstable";
  inputs.nixos-generators = {
    url = "github:nix-community/nixos-generators";
    inputs.nixpkgs.follows = "nixpkgs";

  outputs = { self, nixpkgs, nixos-generators, ... }:
      packages.x86_64-linux = {
        testMachine = nixos-generators.nixosGenerate {
          pkgs = nixpkgs.legacyPackages.x86_64-linux;
          modules = [ ./configuration.nix ];
          format = "vm";
# configuration.nix
  user = rec {
    name = "rpaulson";
    value = {
      password = "rp";
      extraGroups = [ "networkmanager" "wheel" ];
      home = "/home/${user.name}";
      isNormalUser = true;
  users = {
    extraUsers = builtins.listToAttrs [ user ];

I can build and run my VM with the following commands:

$ nix build .#testMachine
$ ./result/bin/run-nixos-vm

However, in this VM, I can’t use sudo

$ sudo ls
sudo: error in /etc/sudo.conf, line 0 while loading plugin "sudoers_policy"
sudo: /nix/store/6zv1v6i11s295rc5z6p84f62cpvhlmn3-sudo-1.9.10/libexec/sudo/sudoers.so must be owned by uid 0
sudo: fatal error, unable to load plugins

Indeed, everything under /nix/store/ is owned by 1000:1000.
AFAICT, this is because the Qemu starting command uses -virtfs to mount the host’s /nix/store (which is owned by 1000:1000 - my user and group) to the guest’s.

Searching for a solution

I couldn’t find any option to change the mountpoint permissions from the Qemu CLI in the documentation.

Without success, I search for a place where the /nix/store is explicitely mounted, but I believe it’s not anywhere because the -virtfs seems to automagically do it.

Does anyone have any tips, ideas, or tricks on how to solve this issue?
(Sadly, changing the host OS or nix install is not an option).

Similar issues

1 Like