flake: add nix-community cachix as substituters #1796
Conversation
stylix-automation
bot
added
the
topic: flake
awwpotato
added
the
backport: release-25.05
awwpotato
force-pushed
the
cachix-nixConfig
branch
from
188b3ea to
8647153
Compare
awwpotato
changed the title
This comment was marked as outdated.
This comment was marked as outdated.
There was a problem hiding this comment.
On the first interaction with out flake the user will be prompted with the below messages, which is slightly annoying but worth it imo because people directly interacting with the flake probably care about better caching of the testbeds.
do you want to allow configuration setting 'extra-substituters' to be set to 'https://nix-community.cachix.org' (y/N)? do you want to permanently mark this value as trusted (y/N)? do you want to allow configuration setting 'extra-trusted-public-keys' to be set to ' nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=' (y/N)? do you want to permanently mark this value as trusted (y/N)?
How to trust https://nix-community.cachix.org without setting nix.settings.trusted-users:
do you want to allow configuration setting 'extra-substituters' to be set to 'https://nix-community.cachix.org' (y/N)? y
do you want to permanently mark this value as trusted (y/N)? n
do you want to allow configuration setting 'extra-trusted-public-keys' to be set to 'nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=' (y/N)? y
do you want to permanently mark this value as trusted (y/N)? n
warning: ignoring the client-specified setting 'trusted-public-keys', because it is a restricted setting and you are not a trusted user
warning: ignoring the client-specified setting 'trusted-public-keys', because it is a restricted setting and you are not a trusted user
The following NixOS declaration does not resolve the issue:
nix.settings = {
substituters = [ "https://nix-community.cachix.org" ];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};|
|
||
| nixConfig = { | ||
| extra-substituters = [ "https://nix-community.cachix.org" ]; | ||
| extra-trusted-public-keys = [ |
There was a problem hiding this comment.
Subjective nitpick:
| extra-trusted-public-keys = [ | |
| extra-trusted-public-keys = [ |
I used to define See https://nix.dev/manual/nix/2.24/command-ref/conf-file.html#conf-trusted-substituters I recently refactored to just explicitly add all the substituters I need to my nixos config, but if you want to trust a substituter without always using it, the settings is |
I am still getting the same error: $ sudo nixos-rebuild switch
$ reboot
$ cd "$STYLIX"
$ direnv block
$ cd -
$ cd -
$ rm ~/.local/share/nix/trusted-settings.json
$ nix develop
do you want to allow configuration setting 'extra-substituters' to be set to 'https://nix-community.cachix.org' (y/N)? y
do you want to permanently mark this value as trusted (y/N)? y
do you want to allow configuration setting 'extra-trusted-public-keys' to be set to 'nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=' (y/N)? y
do you want to permanently mark this value as trusted (y/N)? y
warning: ignoring the client-specified setting 'trusted-public-keys', because it is a restricted setting and you are not a trusted user
warning: ignoring the client-specified setting 'trusted-public-keys', because it is a restricted setting and you are not a trusted userHere is more context:
Sorry for not figuring this out. I hope not having updated my NixOS config in half a year has nothing to do with it... |
|
Firstly, you have nix-comnunity in both Your actual error is:
And your nix.conf shows:
So the issue here is that you are not marking your user as a "trusted" user that is allowed to modify restricted settings. You can either hard-code adding the extra trusted public key in your NixOS config, or add your user to |
This allows people interacting with our flake to benefit more from caching (mostly testbeds). On the first interaction with out flake the user will be prompted with the below messages, which is slightly annoying but worth it imo because people directly interacting with the flake probably care about better caching of the testbeds.
cc @MattSturgeon @trueNAHO @danth
Submission Checklist
Notify Maintainers