Comment by jorvi
9 hours ago
One of the biggest annoyances I have with doing this with Nix vs another tool is that Nix doesn't natively communicate back state changes so that you can make them reproducible.
If I make a git repo, place '~/.config/newsapp.conf' in there and then symlink it back to '~/.config/', if NewsApp introduces a new variable in its settings I am immediately aware because Git will complain about being dirty. However, Nix will happily just nuke that .conf and rebuild whatever is in your configuration, without letting you know about state. Which is ultimately bad for reproducibility. It's a huge blind spot in Nix.
This really hinges on whether you let state accumulate, and where you let it do so. NixOS generally creates a dedicated user and data directory for its services, for example. I make some of my XDG config directories symlinks to the nix store because I want those configurations to be read-only. home-manager should ask before making modifications outside of the nix store (or make a backup).
This is not only a Nix problem, fwiw. I first encountered this with, say, running ZNC in Docker. It will happily write logs and configs to a temporary directory in the container and get blown away on restart unless you mount persistent volumes in just the right spots. Syncthing can be configured to manage its own config or it can be configured fully by Nix, etc.
I tried getting Nix working a couple of months ago and ditched it because changing some Tower settings updates the global gitconfig (as it should in this circumstance) and Nix would wipe them out.
All of it seemed way too annoying compared to just having a dotfiles repo, and if it couldn’t handle the Tower/gitconfig issue I know for sure everything else I was going to run into wasn’t worth it.
For what it's worth, you can put a git repo inside a nix configuration / flake folder and it will tell you the repo is dirty. 'nh' also has commands to tell you about state. But it shouldn't require outside tools.
The way I do it is have config files in my Nix config folder, then use Nix to symlink them and I use git to make me aware of state changes, that I might want to make reproducible. But that's just me being used to my old git ways, using 'nh' gives much more clarity.
The "true" Nix way is putting the entire contents of whatever config file in a .nix file, then erasing the original config and have Nix recreate the config (preferably read-only) in place. You become truly reproducible but for obvious reasons applications get mad when you make their config file read only.
It sounds like you're talking about home-manager, which is a third-party Nix module, not Nix itself. I've been using Nix happily for several years now for work and personal without needing to use home-manager at all (since I don't like it either).
It was just an example. Other packages could also set new variables / parameters in their configuration. It might not be a problem in the beginning if the variable is just repopulated, but it might blow up in your face in the future.
If you use Nix you're completely blind to that unless you A) religiously check your state or B) use another tool like 'git' or 'nh'. Like I said, it's a blind spot, both figuratively and literally.
This problem may be specific to Darwin because on NixOS I've never had a file overwritten by nix (even with home manager). When a file is managed by nix it's a symlink to a read-only filesystem (/nix/store), so no program can overwrite it. If the symlink is replaced by a regular file, nix refuses to reapply.
2 replies →