Proper way to handle programs attempting to write in /nix/store

Quite often, we end-up packaging (often proprietary) softwares that try to write where they are installed, typically in something like /opt/myprogram/conf. Because this is in /nix/store in NixOs, it is impossible to write there. So what is the best, encouraged solution to follow?

I can imagine the following solutions:

  • either using symlinks to /etc/, but then the problem is that we need to avoid conflicts between users having different permissions to write in this file.
  • either first create a symlink to /nix --> /etc, and at run-time create another level of indirection /etc --> /home/$USER. This may work… unless multiple users are using the same program at the same time.
  • use user mount to fake /etc at runtime, but then it won’t work on debian or similar OS that don’t enable user mounts (the same issue should apply with buildFhsEnv maybe? And buildFhsEnv is quite heavy for that thing…)
  • create a new user, run the program using this user, and write in /etc using a symlink… (maybe using systemd?) but then it may give strange results for programs (like Davinci Resolve) that can write in both /opt/myprogram/conf and /home/user

Am I missing some solutions? What is recommended for contributions in nixpkgs?

1 Like

buildFHSUserEnvBubblewrap can probably be used to do that somewhat nicely, but yes you run into cross-distro issues.

I’d love to know a good startegy for this as well, I’ve resorted to simply copying out the full package into /tmp at runtime before (where symlinks didn’t work because the binary resolved those before deciding where to write).