Home Explore Blog Models CI



nixpkgs
3rd chunk of `doc/using/configuration.chapter.md`
d08b182205eb5c1b4cbc3f557a6e3ef429472bead4b6c2dc00000001000010f7
-   To temporarily allow all insecure packages, you can use an environment variable for a single invocation of the nix tools:

    ```ShellSession
    $ export NIXPKGS_ALLOW_INSECURE=1
    ```

-   It is possible to permanently allow individual insecure packages, while still blocking other insecure packages by default using the `permittedInsecurePackages` configuration option in the user configuration file.

    The following example configuration permits the installation of the hypothetically insecure package `hello`, version `1.2.3`:

    ```nix
    { permittedInsecurePackages = [ "hello-1.2.3" ]; }
    ```

-   It is also possible to create a custom policy around which insecure packages to allow and deny, by overriding the `allowInsecurePredicate` configuration option.

    The `allowInsecurePredicate` option is a function which accepts a package and returns a boolean, much like `allowUnfreePredicate`.

    The following configuration example allows any version of the `ovftool` package:

    ```nix
    { allowInsecurePredicate = pkg: builtins.elem (lib.getName pkg) [ "ovftool" ]; }
    ```

    Note that `permittedInsecurePackages` is only checked if `allowInsecurePredicate` is not specified.

## Modify packages via `packageOverrides` {#sec-modify-via-packageOverrides}

You can define a function called `packageOverrides` in your local `~/.config/nixpkgs/config.nix` to override Nix packages. It must be a function that takes pkgs as an argument and returns a modified set of packages.

```nix
{
  packageOverrides = pkgs: rec {
    foo = pkgs.foo.override {
      # ...
    };
  };
}
```

## `config` Options Reference {#sec-config-options-reference}

The following attributes can be passed in [`config`](#chap-packageconfig).

```{=include=} options
id-prefix: opt-
list-id: configuration-variable-list
source: ../config-options.json
```


## Declarative Package Management {#sec-declarative-package-management}

### Build an environment {#sec-building-environment}

Using `packageOverrides`, it is possible to manage packages declaratively. This means that we can list all of our desired packages within a declarative Nix expression. For example, to have `aspell`, `bc`, `ffmpeg`, `coreutils`, `gdb`, `nix`, `emscripten`, `jq`, `nox`, and `silver-searcher`, we could use the following in `~/.config/nixpkgs/config.nix`:

```nix
{
  packageOverrides =
    pkgs: with pkgs; {
      myPackages = pkgs.buildEnv {
        name = "my-packages";
        paths = [
          aspell
          bc
          coreutils
          gdb
          ffmpeg
          nix
          emscripten
          jq
          nox
          silver-searcher
        ];
      };
    };
}
```

To install it into our environment, you can just run `nix-env -iA nixpkgs.myPackages`. If you want to load the packages to be built from a working copy of `nixpkgs` you just run `nix-env -f. -iA myPackages`. To explore what's been installed, just look through `~/.nix-profile/`. You can see that a lot of stuff has been installed. Some of this stuff is useful some of it isn't. Let's tell Nixpkgs to only link the stuff that we want:

```nix
{
  packageOverrides =
    pkgs: with pkgs; {
      myPackages = pkgs.buildEnv {
        name = "my-packages";
        paths = [
          aspell
          bc
          coreutils
          gdb
          ffmpeg
          nix
          emscripten
          jq
          nox
          silver-searcher
        ];
        pathsToLink = [
          "/share"
          "/bin"
        ];
      };
    };
}
```

`pathsToLink` tells Nixpkgs to only link the paths listed which gets rid of the extra stuff in the profile. `/bin` and `/share` are good defaults for a user environment, getting rid of the clutter. If you are running on Nix on macOS, you may want to add another path as well, `/Applications`, that makes GUI apps available.

### Getting documentation {#sec-getting-documentation}

After building that new environment, look through `~/.nix-profile` to make sure everything is there that we wanted. Discerning readers will note that some files are missing. Look inside `~/.nix-profile/share/man/man1/` to verify this. There are no man pages for any of the Nix tools! This is because some packages like Nix have multiple outputs for things like documentation (see section 4). Let's make Nix install those as well.
Title: Nix Package Management: Insecure Packages, Overrides, and Declarative Environments
Summary
This document covers advanced Nix configurations, starting with managing insecure packages. Users can temporarily allow them via `export NIXPKGS_ALLOW_INSECURE=1`, permanently for specific versions using `permittedInsecurePackages`, or through a custom `allowInsecurePredicate` (which takes precedence). It then introduces `packageOverrides`, a function in `~/.config/nixpkgs/config.nix` for modifying or overriding existing packages. A `config` options reference is also noted. Finally, it details declarative package management, where `packageOverrides` facilitates building custom environments by defining a `myPackages` set using `pkgs.buildEnv`. To reduce profile clutter, `pathsToLink` specifies desired symlinked directories (e.g., `/bin`, `/share`, `/Applications` for macOS). The text concludes by mentioning that documentation may be absent in these environments due to multiple package outputs.