Nixtamal: Fulfilling input pinning for Nix

toastal · February 15, 2026, 4:55pm

Nixtamal 1.1.0 released

Make changes to be compatible with Cmdliner 2.x (in NixOS staging)
Fix manifest file errors should provide better context
Fix bug where missing lockfile would error out instead of writing a new one
Fix TUI output with UTF-8

toastal · February 16, 2026, 11:58am

Nixtamal 1.1.1 released

Fixed bug where manifest files were generated with the old schema version (nixtamal upgrade will fix it, but not the intended UX obviously).

In 1.0.0, a schema.ml module was created to help the fact that it was easy to forget to bump the version changes… to which I missed the Manifest’s version . No worries as all places now point to current properly.

toastal · February 19, 2026, 9:47am

I did an interview on the Full Time Nix cast by @mightyiam, if the reader here is interested a bit more on the design/history. It was the first technical cast I have ever done, but I think I told most of the story I wanted with a couple fumbles. It features @nmattia , maker/maintainer of Niv who asks some insightful questions having ‘solved’ the same problem from a different angle. The biggest thing error I noticed that we hadn’t focused so much on the “the tooling for fresh-cmd isn’t stable”, as it never was—even running nix flake update depends fully on the stateful version of nix on the system it was ran (where the lack of versioning of flake.nix makes this less safe). We sorta touched on that by the 2nd time it was brought up, but I think we all missed that this is largely a non-issue as the lockfile + lock loader are is stable for building.

Additionally, 1.1.2 is released but in a ‘weird’ state. It changes 0 functionality but properly (only partially addressed in 1.1.0) migrated up to Cmdliner 2.x, the new default package version in Nixpkgs. As such, until this percolates up to unstable, I wont be adding anything to Nixtamal since we are in a state of flux—where Nixtamal doesn’t yet build on unstable or the default branch.

toastal · February 25, 2026, 5:53am

Reminder: Nixtamal is expected to be broken in unstable & staging-next due to the changes the default Cmdliner version bump. Everything will be good when 1.1.2 propagates thru staging-next & then unstable (which has been slower than I had hoped).

Track Nixtamal 1.1.2 satus

If you want the working version now, well you are in luck as Nixtamal supports declarative patching!:

patches {
	nixtamal-1.1.2 "https://patch-diff.githubusercontent.com/raw/NixOS/nixpkgs/pull/491867.patch"
}
inputs {
	nixpkgs {
		# add patches to your setup
		patches nixtamal-1.1.2
	}
}

Once the change propagates, the patch will fail to apply… but this fine—it just means it’s time to remove this patch.

Edit: I got it cherry-picked onto master since staging had been taking days. Status: Making sure you're not a bot!. Merge already into nixos-unstable & nixpkgs-unstable.

ibizaman · February 26, 2026, 10:35pm

Hello, this tool looks great and I actually discovered through the Full Time Nix podcast. The issues you talked about really resonated with me.

The biggest problem I’m facing currently at work is how to deal with private repositories and fetching them using credentials from an ssh agent. Would this be something Nixtamal supports?

toastal · February 27, 2026, 6:44am

I would love to help you, but I don’t want to be a big support thread with back-&-forth chatter. If we find a solution, we can post it here, but would you mind sending a message via:

Community channel
Direct message me
Or send a DM on Discourse

so I can understand the private repo/SSH issue?

toastal · March 10, 2026, 7:31am

Nixtamal 1.1.4 released (& 1.1.3)

1.1.3: a number of documentation fixups
1.1.4: user reported bug with old Nix APIs (<2.26) & builtins.fetchGit not supporting lfs, which is now version detected.