!lheuhImcToQZYTQTuI:nixos.org

Nix on macOS

1163 Members
“There are still many issues with the Darwin platform but most of it is quite usable.” — http://yves.gnu-darwin.org188 Servers

Load older messages

SenderMessageTime
16 Nov 2025
@reckenrode:matrix.orgRandy EckenrodeIt doesn’t even work on Linux.06:06:59
@reckenrode:matrix.orgRandy Eckenrodehttps://github.com/c-ares/c-ares/pull/99706:21:33
@reckenrode:matrix.orgRandy Eckenrode I am so glad that curl is not in the Darwin bootstrap. 06:27:58
@reckenrode:matrix.orgRandy EckenrodeFix PR is https://github.com/NixOS/nixpkgs/pull/46215106:35:25
@k900:0upti.meK900 Sure is 10:10:09
@sylvester-roos:matrix.orgsylvester-roos

Hello everyone. For some reason the App Management permission doesn't seem to work on darwin. As far as I can tell I'm doing this correctly, but I'd like to double-check with someone more knowledgeable

When I try to activate my home-manager config I get the following error:

Activating checkAppManagementPermission
error: permission denied when trying to update apps, aborting activation
home-manager requires permission to update your apps, please accept the notification
and grant the permission for your terminal emulator in System Settings.

If you did not get a notification, you can navigate to System Settings > Privacy & Security > App Management.

I did not get any notification, so I tried to add Ghostty (~/.nix-profile/Applications/Ghostty.app) to the list of App Management apps

I can add it to the list, but when I try to switch to the new home-manager config, Ghostty is removed from that list and the error shows up once more

What do I do here?

12:25:17
@horigome:matrix.orgÓli

How might I make something like this test work on darwin too?

{ pkgs }:
let
  postgresConf = pkgs.writeText "postgresql.conf" ''
    unix_socket_directories = '/tmp'
  '';

  pgSetup = ''
    CREATE USER postgres WITH PASSWORD 'postgres' CREATEDB SUPERUSER;
    CREATE DATABASE nix_phoenix_template_dev;
  '';
in
pkgs.writeShellApplication {
  name = "postgres-dev";

  runtimeInputs = with pkgs; [
    postgresql
  ];

  runtimeEnv = {
    PGDATA = ".database";
  };

  text = ''
    if [ ! -d $PGDATA ]; then
      initdb -D $PGDATA

      cat "${postgresConf}" >> $PGDATA/postgresql.conf

      postgres --single -E postgres <<< "${pgSetup}"
    fi

    exec postgres
  '';
}
15:56:55
@horigome:matrix.orgÓli

I get these types of errors when building

install> 2025-11-16 16:45:42.248 UTC [70440] FATAL:  could not open lock file "/tmp/.s.PGSQL.5432.lock": Permission denied
16:46:01
@weethet:catgirl.cloudWeetHetDNS resolution broke with sandbox enabled on unstable19:46:25
@weethet:catgirl.cloudWeetHet 
nix-run> exporting https://tangled.org/@weethet.bsky.social/nix-run (rev 73d7bf6b58848fb8f42e3a69816e0847f041c689) into /nix/store/m4m951648wmipxgwrgsml9gzjwfpfhm7-nix-run-73d7bf6
nix-run> Initialized empty Git repository in /nix/store/m4m951648wmipxgwrgsml9gzjwfpfhm7-nix-run-73d7bf6/.git/
nix-run> fatal: unable to access 'https://tangled.org/@weethet.bsky.social/nix-run/': Could not resolve host: tangled.org (Could not contact DNS servers)
nix-run> fatal: unable to access 'https://tangled.org/@weethet.bsky.social/nix-run/': Could not resolve host: tangled.org (Could not contact DNS servers)
nix-run> fatal: unable to access 'https://tangled.org/@weethet.bsky.social/nix-run/': Could not resolve host: tangled.org (Could not contact DNS servers)
nix-run> Unable to checkout 73d7bf6b58848fb8f42e3a69816e0847f041c689 from https://tangled.org/@weethet.bsky.social/nix-run.
19:46:28
@weethet:catgirl.cloudWeetHet Works with relaxed because it disables sandbox for FODs entirely 19:47:01
@winter:catgirl.cloudWinter probably because of c-ares? cc Randy Eckenrode 19:47:47
@weethet:catgirl.cloudWeetHetI don't have IPv6 though19:48:07
@winter:catgirl.cloudWintertbh i don’t know anyone who uses darwin w/ sandbox=true, sandbox=relaxed is more usable for Reasons19:48:11
@winter:catgirl.cloudWinterjust CCing him because he looked at c-ares stuff yesterday even if it’s probably not the same issue19:48:29
@weethet:catgirl.cloudWeetHet I'm using sandbox = true for the last year 19:48:32
@weethet:catgirl.cloudWeetHet * I'm using sandbox = true for the last ~year 19:48:44
@winter:catgirl.cloudWinteryou’ve never run into a drv with a sandboxProfile?19:48:51
@samasaur:matrix.orgsamasaur iirc there are fairly fundamental darwin deps that fail with the sandbox enabled, so i think sandbox = true only works when you get those from cache.nixos.org 19:49:31
@weethet:catgirl.cloudWeetHetI use true by default and pass relaxed if needed19:49:47
@samasaur:matrix.orgsamasaurah drat I was really hoping using terminal.app would fix this :(19:52:07
@samasaur:matrix.orgsamasaur it's Really Weird that home-manager switch is removing terminal.app from the list of programs with app management permissions... 19:52:31
@samasaur:matrix.orgsamasaur ah and what i meant by "first time using copying instead of linking" is that home-manager recently changed to copying applications into ~/Applications/Home Manager Apps instead of symlinking them there (following a nix-darwin PR), and the app management check only runs if you are copying 19:53:38
@weethet:catgirl.cloudWeetHetRealistically we should probably make bootstrap work with sandbox = true at one point19:57:03
@weethet:catgirl.cloudWeetHetI would really like if hydra was running with sandbox = true19:57:14
@samasaur:matrix.orgsamasauroh yeah i def agree19:57:23
@samasaur:matrix.orgsamasaurunfortunately there are many goals like that and only so much time19:57:36
@weethet:catgirl.cloudWeetHet26.05 maybe?19:57:44
@weethet:catgirl.cloudWeetHetI mean this is kinda fundamental19:57:52
@weethet:catgirl.cloudWeetHetMaybe we can even add a way to wrap packages to run in their own sandboxes so we can deliver pre-sandboxed executables20:01:03

Show newer messages

Back to Room ListRoom Version: 6