i just made a writable-nix-store.js script
to get temporary write-access to existing files in my /nix/store
it’s useful for quick debugging and prototyping of script files
(python, bash, cmake, node, perl, …)
faster than patching the source files and building new derivations
this works by
bind-mounting the original store to /a/nix/store
mounting an overlayfs on /nix/store with the upper dir /b/nix/store
You should just use nix --store ./myStore which will give you the ability to make a nix store anywhere. Actually modifying the contents of the nix store will result in near certain corruption and death though, so be careful.
user: matthew ~
❯ cd tmp
user: matthew ~/tmp
❯ nix build nixpkgs#hello --store ./myStore
user: matthew ~/tmp
❯ ls -lah ./myStore
total 37K
drwxr-xr-x 3 matthew users 3 May 3 19:23 .
drwxr-xr-x 164 matthew users 310 May 3 19:23 ..
drwxr-xr-x 4 matthew users 4 May 3 19:23 nix
user: matthew ~/tmp
❯ ls -lah ./myStore/nix/
total 67K
drwxr-xr-x 4 matthew users 4 May 3 19:23 .
drwxr-xr-x 3 matthew users 3 May 3 19:23 ..
drwxr-xr-x 8 matthew users 293 May 3 19:23 store
drwxr-xr-x 3 matthew users 3 May 3 19:23 var
user: matthew ~/tmp
❯ touch ./myStore/nix/store/foo
scary ^^
the actual nix store stays read-only, and only the overlay’s upper dir is writable
worst case: i modify or delete some critical file, and my system hangs
then i just need to reboot, to restore my original nix store
looks good on paper, but im afraid that will “install the world” into the new store
i want a quick solution, so i simply mutate the existing files
now many programs are broken, because the symlink-targets have moved from /nix/store to /b/nix/store
in the worst case, you can’t run sudo and you need a hard reboot.
then boot a previous generation of your nixos config. nix-build will throw error: getting status of '/nix/store/*': No such file or directory
fix: run nix-store --verify --repair
to sync the database /nix/var/nix/db/db.sqlite with the files in /nix/store
i have fixed my tool, to disable nixos-rebuild while the overlay is active
so “breaking your nixos” should not be possible
todo: rewrite in bash
todo: also mount an overlay for /nix/var/nix/db/db.sqlite
Why not make use of user namespaces to create a container which has the overlay filesystem, while the rest of the system still sees the correct, immutable nix-store? If you never ever ever run nix in any way inside the container, this should actually be safe, and it’s that much easier to get out of it if you screw up.