Stream: nix

Topic: Impure Derivations


view this post on Zulip Nithin (Jan 03 2025 at 14:57):

What makes a derivation impure ? Say for example i source the contents of a file from my filesystem and use it inside of my .nix files, is that an impure derivation?

I'm confused about this, because I'm trying to read my secrets that are decrypted by agenix into /etc/secrets. The agenix github already says this is an anti pattern and must not be used here , but certain services only have a option that is
password = ""; (a string)
and not an equivalent
passwordFile = "<path>";

Is the correct way just make a module that implements the option to read the path? ( also need help understanding how nixos packages are built.)

or is there a easier way to go about this?

view this post on Zulip Nithin (Jan 03 2025 at 14:59):

So far, @Srid has clarified that anything that is not in my "inputs" are impure, and must not be used in derivations. (ideally, at least)

view this post on Zulip Srid (Jan 03 2025 at 15:10):

What is the type of passwordFile? Is it type.path or types.string.

The later is most suitable here, because the former will have your derivation depend on an absolute path. The use of absolute paths will make it impure because they cannot be part of a derivation's inputs.

Just like how a pure function can only depend on its inputs and not global variables.


Last updated: Jan 18 2025 at 04:45 UTC