While that makes it work, I am confused why. If I write a very minimal config that included pkgs.jq that works without my workaround, so the pkgs passed to the expression doesn’t seem to be completely wrong…?
Problem: this uses important from derivation, which is slow as it requires at least one additional evaluation.
Problem: you import HM as a module, which might change pkgs, which would cause a re import of nixpkgs, which might cause a rebuild which causes a reimport which causes change which causes import which causes infinite recursion.
Possible solutions:
Use a home manager channel
Use a wrapper that prefetches an locks HM
Use flakes
Use the ugly additional import (which even might be a different nixpkgs than the one you use everywhere else)
Problem: you import HM as a module, which might change pkgs , which would cause a re import of nixpkgs, which might cause a rebuild which causes a reimport which causes change which causes import which causes infinite recursion.
I see. I guess the original solution from the NixOS wiki doesn’t suffer from this as pkgs is not involved in importing the home-manager module.
I settled for solution one for now, although when I would install that to a new computer, I would first have to apply a config without home-manager, then add the home-manager channel, and then continue with the final config including home-manager.
You can use builtins.fetchTarball with a specific URL and sha256 to achieve the same effect as fetchFromGitHub (another alternative would be builtins.fetchGit with a rev):
I’d recommend this approach as the builtin fetchers are basically made for fetching eval time dependencies and avoid the double evaluation of nixpkgs you have in your third example.
Will the nixpkgs downloaded by builtins.fetchTarball be persistent? I somehow believed that the builtin fetchers cache stuff for 2 hours our so, and afterwards have to download things again. That was my main motivation for trying the pkgs.fetchFromGitHub approach.
To solve that problem you have to do even more preparations than just using pkgs.fetch*, even though this creates a derivation and will create an entry in the store, it will be ephemeral unless you consider countermeasures.
You need to create a “fixed” reference in your configuration that holds on a GC-lock for the downloaded store path.
That should be considered by a content sha’d built-in as well.
Yes, preventing things from being garbage-collected is a problem that I haven’t solved at all, especially for nix-shells. So far I just don’t garbage-collect too often I’d love some garbage-collection based on age mechanism. Just searched for it, there is actually a Github issue: Enhancement: garbage collect based on age · Issue #1680 · NixOS/nix · GitHub
It won’t expire after TARBALL_TTL, but it may be collected by nix-store --gc unless you gcroot it which is also the case for eval time only pkgs.fetchFromGitHub though.
One possibility would be to hack in a thing in your system which creates a symlink to the path of the fetchTarball result.