!lheuhImcToQZYTQTuI:nixos.org

Nix on macOS

1162 Members
“There are still many issues with the Darwin platform but most of it is quite usable.” — http://yves.gnu-darwin.org188 Servers

Load older messages

SenderMessageTime
16 Nov 2025
@reckenrode:matrix.orgRandy Eckenrode

c-ares doesn’t seem to support IPv6 link-local DNS servers even though it should. 😬

$ nix shell nixpkgs-unstable#c-ares --command adig @fe80::2e0:67ff:fe15:ced3%en0 google.com

; <<>> c-ares DiG 1.34.5 <<>> google.com
;; No DNS servers were configured
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 0
;; flags:; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;; MSG SIZE  rcvd: 0

Failed to create query for google.com: No DNS servers were configured
$ dig @fe80::2e0:67ff:fe15:ced3%en0 google.com
; <<>> DiG 9.10.6 <<>> @fe80::2e0:67ff:fe15:ced3%en0 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37808
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             226     IN      A       142.250.191.206

;; Query time: 7 msec
;; SERVER: fe80::2e0:67ff:fe15:ced3%14#53(fe80::2e0:67ff:fe15:ced3%14)
;; WHEN: Sat Nov 15 23:02:09 EST 2025
;; MSG SIZE  rcvd: 55
04:03:07
@reckenrode:matrix.orgRandy Eckenrode *

c-ares doesn’t seem to support IPv6 link-local DNS servers even though it should. 😬

$ nix shell nixpkgs-unstable#c-ares --command adig @fe80::2e0:67ff:fe15:ced3%en0 google.com
; <<>> c-ares DiG 1.34.5 <<>> google.com
;; No DNS servers were configured
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 0
;; flags:; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;; MSG SIZE  rcvd: 0

Failed to create query for google.com: No DNS servers were configured
$ dig @fe80::2e0:67ff:fe15:ced3%en0 google.com
; <<>> DiG 9.10.6 <<>> @fe80::2e0:67ff:fe15:ced3%en0 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37808
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             226     IN      A       142.250.191.206

;; Query time: 7 msec
;; SERVER: fe80::2e0:67ff:fe15:ced3%14#53(fe80::2e0:67ff:fe15:ced3%14)
;; WHEN: Sat Nov 15 23:02:09 EST 2025
;; MSG SIZE  rcvd: 55
04:03:21
@reckenrode:matrix.orgRandy Eckenrode *

c-ares doesn’t seem to support IPv6 link-local DNS servers even though it should. 😬

$ nix shell nixpkgs-unstable#c-ares --command adig @fe80::2e0:67ff:fe15:ced3%en0 google.com
; <<>> c-ares DiG 1.34.5 <<>> google.com
;; No DNS servers were configured
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 0
;; flags:; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;; MSG SIZE  rcvd: 0

Failed to create query for google.com: No DNS servers were configured
$ dig @fe80::2e0:67ff:fe15:ced3%en0 google.com
; <<>> DiG 9.10.6 <<>> @fe80::2e0:67ff:fe15:ced3%en0 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37808
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             226     IN      A       142.250.191.206

;; Query time: 7 msec
;; SERVER: fe80::2e0:67ff:fe15:ced3%14#53(fe80::2e0:67ff:fe15:ced3%14)
;; WHEN: Sat Nov 15 23:02:09 EST 2025
;; MSG SIZE  rcvd: 55
04:06:11
@reckenrode:matrix.orgRandy Eckenrode *

c-ares doesn’t seem to support IPv6 link-local DNS servers even though it should. 😬

$ nix shell nixpkgs-unstable#c-ares --command adig @fe80::2e0:67ff:fe15:ced3%en0 google.com

; <<>> c-ares DiG 1.34.5 <<>> google.com
;; No DNS servers were configured
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 0
;; flags:; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;; MSG SIZE  rcvd: 0

Failed to create query for google.com: No DNS servers were configured
$ dig @fe80::2e0:67ff:fe15:ced3%en0 google.com
; <<>> DiG 9.10.6 <<>> @fe80::2e0:67ff:fe15:ced3%en0 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37808
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             226     IN      A       142.250.191.206

;; Query time: 7 msec
;; SERVER: fe80::2e0:67ff:fe15:ced3%14#53(fe80::2e0:67ff:fe15:ced3%14)
;; WHEN: Sat Nov 15 23:02:09 EST 2025
;; MSG SIZE  rcvd: 55
04:06:20
@reckenrode:matrix.orgRandy Eckenrode *

c-ares doesn’t seem to support IPv6 link-local DNS servers even though it should. 😬

$ nix shell nixpkgs-unstable#c-ares --command adig @fe80::2e0:67ff:fe15:ced3%en0 google.com

; <<>> c-ares DiG 1.34.5 <<>> google.com
;; No DNS servers were configured
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 0
;; flags:; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;; MSG SIZE  rcvd: 0

Failed to create query for google.com: No DNS servers were configured
$ dig @fe80::2e0:67ff:fe15:ced3%en0 google.com

; <<>> DiG 9.10.6 <<>> @fe80::2e0:67ff:fe15:ced3%en0 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37808
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             226     IN      A       142.250.191.206

;; Query time: 7 msec
;; SERVER: fe80::2e0:67ff:fe15:ced3%14#53(fe80::2e0:67ff:fe15:ced3%14)
;; WHEN: Sat Nov 15 23:02:09 EST 2025
;; MSG SIZE  rcvd: 55
04:06:43
@reckenrode:matrix.orgRandy Eckenrode Doing some printf debugging of c-ares, it doesn’t appear to be picking up the network interface when it gets the resolver. ☹️ 05:02:26
@reckenrode:matrix.orgRandy Eckenrode channel->sock_funcs isn’t being set up correctly. I wonder if this ever worked on Darwin. 06:01:18
@reckenrode:matrix.orgRandy EckenrodeIt doesn’t even work on Linux.06:06:59
@reckenrode:matrix.orgRandy Eckenrodehttps://github.com/c-ares/c-ares/pull/99706:21:33
@reckenrode:matrix.orgRandy Eckenrode I am so glad that curl is not in the Darwin bootstrap. 06:27:58
@reckenrode:matrix.orgRandy EckenrodeFix PR is https://github.com/NixOS/nixpkgs/pull/46215106:35:25
@k900:0upti.meK900 Sure is 10:10:09
@sylvester-roos:matrix.orgsylvester-roos

Hello everyone. For some reason the App Management permission doesn't seem to work on darwin. As far as I can tell I'm doing this correctly, but I'd like to double-check with someone more knowledgeable

When I try to activate my home-manager config I get the following error:

Activating checkAppManagementPermission
error: permission denied when trying to update apps, aborting activation
home-manager requires permission to update your apps, please accept the notification
and grant the permission for your terminal emulator in System Settings.

If you did not get a notification, you can navigate to System Settings > Privacy & Security > App Management.

I did not get any notification, so I tried to add Ghostty (~/.nix-profile/Applications/Ghostty.app) to the list of App Management apps

I can add it to the list, but when I try to switch to the new home-manager config, Ghostty is removed from that list and the error shows up once more

What do I do here?

12:25:17
@horigome:matrix.orgÓli

How might I make something like this test work on darwin too?

{ pkgs }:
let
  postgresConf = pkgs.writeText "postgresql.conf" ''
    unix_socket_directories = '/tmp'
  '';

  pgSetup = ''
    CREATE USER postgres WITH PASSWORD 'postgres' CREATEDB SUPERUSER;
    CREATE DATABASE nix_phoenix_template_dev;
  '';
in
pkgs.writeShellApplication {
  name = "postgres-dev";

  runtimeInputs = with pkgs; [
    postgresql
  ];

  runtimeEnv = {
    PGDATA = ".database";
  };

  text = ''
    if [ ! -d $PGDATA ]; then
      initdb -D $PGDATA

      cat "${postgresConf}" >> $PGDATA/postgresql.conf

      postgres --single -E postgres <<< "${pgSetup}"
    fi

    exec postgres
  '';
}
15:56:55
@horigome:matrix.orgÓli

I get these types of errors when building

install> 2025-11-16 16:45:42.248 UTC [70440] FATAL:  could not open lock file "/tmp/.s.PGSQL.5432.lock": Permission denied
16:46:01
@weethet:catgirl.cloudWeetHetDNS resolution broke with sandbox enabled on unstable19:46:25
@weethet:catgirl.cloudWeetHet 
nix-run> exporting https://tangled.org/@weethet.bsky.social/nix-run (rev 73d7bf6b58848fb8f42e3a69816e0847f041c689) into /nix/store/m4m951648wmipxgwrgsml9gzjwfpfhm7-nix-run-73d7bf6
nix-run> Initialized empty Git repository in /nix/store/m4m951648wmipxgwrgsml9gzjwfpfhm7-nix-run-73d7bf6/.git/
nix-run> fatal: unable to access 'https://tangled.org/@weethet.bsky.social/nix-run/': Could not resolve host: tangled.org (Could not contact DNS servers)
nix-run> fatal: unable to access 'https://tangled.org/@weethet.bsky.social/nix-run/': Could not resolve host: tangled.org (Could not contact DNS servers)
nix-run> fatal: unable to access 'https://tangled.org/@weethet.bsky.social/nix-run/': Could not resolve host: tangled.org (Could not contact DNS servers)
nix-run> Unable to checkout 73d7bf6b58848fb8f42e3a69816e0847f041c689 from https://tangled.org/@weethet.bsky.social/nix-run.
19:46:28
@weethet:catgirl.cloudWeetHet Works with relaxed because it disables sandbox for FODs entirely 19:47:01
@winter:catgirl.cloudWinter probably because of c-ares? cc Randy Eckenrode 19:47:47
@weethet:catgirl.cloudWeetHetI don't have IPv6 though19:48:07
@winter:catgirl.cloudWintertbh i don’t know anyone who uses darwin w/ sandbox=true, sandbox=relaxed is more usable for Reasons19:48:11
@winter:catgirl.cloudWinterjust CCing him because he looked at c-ares stuff yesterday even if it’s probably not the same issue19:48:29
@weethet:catgirl.cloudWeetHet I'm using sandbox = true for the last year 19:48:32
@weethet:catgirl.cloudWeetHet * I'm using sandbox = true for the last ~year 19:48:44
@winter:catgirl.cloudWinteryou’ve never run into a drv with a sandboxProfile?19:48:51
@samasaur:matrix.orgsamasaur iirc there are fairly fundamental darwin deps that fail with the sandbox enabled, so i think sandbox = true only works when you get those from cache.nixos.org 19:49:31
@weethet:catgirl.cloudWeetHetI use true by default and pass relaxed if needed19:49:47
@samasaur:matrix.orgsamasaurah drat I was really hoping using terminal.app would fix this :(19:52:07
@samasaur:matrix.orgsamasaur it's Really Weird that home-manager switch is removing terminal.app from the list of programs with app management permissions... 19:52:31
@samasaur:matrix.orgsamasaur ah and what i meant by "first time using copying instead of linking" is that home-manager recently changed to copying applications into ~/Applications/Home Manager Apps instead of symlinking them there (following a nix-darwin PR), and the app management check only runs if you are copying 19:53:38

Show newer messages

Back to Room ListRoom Version: 6