I learned how to do a really cursed thing today: edit /nix/store paths

sudo unshare --mount bash -c 'mount -your /nix to /nix && touch /nix/store/something-cursed'

My goal wasn't to edit storepaths but to hardlink to the store, which requires being on the same mount point (which /nix/store isn't because it's RO bind-mounted over itself)

I learned how to do a really cursed thing today: edit /nix/store paths

sudo unshare --mount bash -c 'mount -your /nix to /nix && touch /nix/store/something-cursed'

My goal wasn't to edit storepaths but to hardlink to the store, which requires being on the same mount point (which /nix/store isn't because it's RO bind-mounted over itself)

unshare --mount creates your own mount namespace (ish) where you get a clone of what is already, but you can mount over things without disrupting any other processes.

In reply to @lillecarl:matrix.org
https://github.com/water-sucks/optnix Haha sry i forgot to link the most essential thing! 😄

I was going to try this and saw that the maintainer (water-sucks) has integrated this tool along with other neat stuff in a unified nixos-cli. Its beta though and I got a strange error about mailserver.fqdn not being set, but apart from that it went fine and optnix is indeed very nice to use. Thanks for the tips 🤗

https://github.com/nix-community/nixos-cli

If you're tracking a branch of some kind of repo and don't really care about purity, trust the supply chain and just want to get the latest stuff you can use "fetchTree" in impure evaluation to fetch the the hottest shit out there. By default it uses a 1 hour cache to not fetch every time.

      testFetchTree = builtins.fetchTree {
        type = "github";
        repo = "nixpkgs";
        owner = "NixOS";
        ref = "master";
      };

My understanding from reading github comments and whatnot is that it's using the same paths as flakes use for it's inputs.

https://asciinema.org/a/QW02t4oWnM8zBI8JSov4VysmF

I AI'd if --impure can be enabled by default and just now stumbled on a feature I hadn't heard about before! The option allow-unsafe-native-code-during-evaluation gives you a new builtin function called builtins.exec which can be used like this:

nix-repl> :p builtins.fromJSON (builtins.exec [ ./test.fish ])
{
  active = true;
  age = 25;
  name = "test-user";
  tags = [
    "developer"
    "nix"
    "json"
  ];
}

# test.fish
#! /usr/bin/env fish

echo "''"
echo '
{
  "name": "test-user",
  "age": 25,
  "active": true,
  "tags": ["developer", "nix", "json"]
}'
echo "''"

(It parses output as a Nix expression so i had to wrap the json in '' '' so it's treated as a string by Nix)

I'm definitely gonna dive deeper into usecases for this, as everything Nix it'll stall evaluation so don't do extremely slow things :)

In reply to @lillecarl:matrix.org
For home/personal use --impure should be the default IMO. You can use builtins.getEnv to read environment variables and you can read files anywhere on the filesystem, not just the sacred repo.
(Non-flake users don't have this problem since everything is --impure by default :))

In reply to @claesatwork:matrix.org
thanks, I will try to show you next time!

In reply to @lillecarl:matrix.org
Nice! Remembered https://search.nixos.org/options?channel=unstable&query=zramSwap ? :)

In reply to @claesatwork:matrix.org
I will definitely enable it on at least one of my NixOS hosts. Seems too good to be true :-)

Virtual memory is dark magic only special kernel wizards with superpowers can comprehend. All I know is those wizards want you to have a good amount of swap space so they can perform their spells without constraints.

(Honestly actually really: Swap is essential even if you have boatloads of RAM since it uses LRU to keep hot shit in fast memory and yesteryears Zara collection on the bench, everyone who says you don't need swap haven't spoken to the superpowered wizards)