home-manager
home-manager copied to clipboard
nix-community
Can't install NixOs and Home Manager with flake error access to /mnt/nix/store/<hash>-nmd source/flake.nix is forbidden in restricted mode
Issue description
Try to install NisOs with flakes.
Flake.nix configuration
{
description = "NixOS configuration";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-21.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { home-manager, nixpkgs, nixpkgs-unstable, ... }: {
nixosConfigurations = {
nixtst = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./configuration.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.mudrii = import ./users/mudrii/home.nix;
}
];
};
};
};
}
Error during installation
/mnt/nix/store/<hash>-nmd source/flake.nix is forbidden in restricted mode
The issue seems to be related to nmd package requirements.
The workaround is to comment out HM configuration in flake.nix and redeploy post instrall.
I don't have the setup to reproduce the issue, can you point the home-manager input to your fork and update this line:
https://github.com/nix-community/home-manager/blob/db00b39a9abec04245486a01b236b8d9734c9ad0/doc/default.nix#L16
to
nmd = import (/. + nmdSrc) { inherit lib pkgs; };
just to see if it resolves the issue?
I hit the same issue and tried that fix, but that gave the following error:
error: a string that refers to a store path cannot be appended to a path
Maybe we can somehow prevent the doc module from being evaluated when importing home-manager via flakes? Otherwise I'm not sure how to fix this while still supporting both flake and non-flake installs.
The best workaround for this problem is to use --impure flag when installing, this will result with correct installation, at least from my tests.
It seems like it is a fetchFromGitLab issue, as the path should be in allowedPaths and it looks like it is not for some reason.
Ran into this yesterday. Just tried nixos-rebuild dry-build --impure and it didn't change anything. Am I doing it wrong? 21.05 on aarch64. Thanks.
@lordcirth Do you mean nixos-install --impure --flake ... ?
Actually, either way it should work as --impure should disable all restricted mode issues. I was installing my system about two weeks ago and --impure worked fine, but maybe there were some new changes to Nix in the meanwhile.
@Mazurel Thanks for that, I was also running into this issue. It seems the --impure flag MUST come before the --flake ... flag or you will get the same issue.
#nixos-install --flake ... --impure # Doesn't work
nixos-install --impure --flake ...
That solved this for me!
Thank you for your contribution! I marked this issue as stale due to inactivity. If this remains inactive for another 7 days, I will close this issue. Please read the relevant sections below before commenting.
If you are the original author of the issue
- If this is resolved, please consider closing it so that the maintainers know not to focus on this.
- If this might still be an issue, but you are not interested in promoting its resolution, please consider closing it while encouraging others to take over and reopen an issue if they care enough.
- If you know how to solve the issue, please consider submitting a Pull Request that addresses this issue.
If you are not the original author of the issue
- If you are also experiencing this issue, please add details of your situation to help with the debugging process.
- If you know how to solve the issue, please consider submitting a Pull Request that addresses this issue.
Memorandum on closing issues
If you have nothing of substance to add, please refrain from commenting and allow the bot close the issue. Also, don't be afraid to manually close an issue, even if it holds valuable information.
Closed issues stay in the system for people to search, read, cross-reference, or even reopen--nothing is lost! Closing obsolete issues is an important way to help maintainers focus their time and effort.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
@rycee recently made some changes related to nmd. The bug needs to be reinvestigated.
Still finding this issue, on nixpkgs/nixos-21.11
edit: the build does not fail if I try it in a nix-shell with nixUnstable installed
This issue has been mentioned on NixOS Discourse. There might be relevant details there:
https://discourse.nixos.org/t/how-to-install-a-flake-onto-a-raspberry-pi/18200/7
Thank you for your contribution! I marked this issue as stale due to inactivity. Please be considerate of people watching this issue and receiving notifications before commenting 'I have this issue too'. We welcome additional information that will help resolve this issue. Please read the relevant sections below before commenting.
If you are the original author of the issue
- If this is resolved, please consider closing it so that the maintainers know not to focus on this.
- If this might still be an issue, but you are not interested in promoting its resolution, please consider closing it while encouraging others to take over and reopen an issue if they care enough.
- If you know how to solve the issue, please consider submitting a Pull Request that addresses this issue.
If you are not the original author of the issue
- If you are also experiencing this issue, please add details of your situation to help with the debugging process.
- If you know how to solve the issue, please consider submitting a Pull Request that addresses this issue.
Memorandum on closing issues
Don't be afraid to manually close an issue, even if it holds valuable information. Closed issues stay in the system for people to search, read, cross-reference, or even reopen – nothing is lost! Closing obsolete issues is an important way to help maintainers focus their time and effort.
Still relevant. Please supply this nmd thing as a flake so that I can build my configuration on Hydra:
error: access to URI 'https://gitlab.com/api/v4/projects/rycee%2Fnmd/repository/archive.tar.gz?sha=91dee681dd1c478d6040a00835d73c0f4a4c5c29' is forbidden in restricted mode
Thank you for your contribution! I marked this issue as stale due to inactivity. Please be considerate of people watching this issue and receiving notifications before commenting 'I have this issue too'. We welcome additional information that will help resolve this issue. Please read the relevant sections below before commenting.
If you are the original author of the issue
- If this is resolved, please consider closing it so that the maintainers know not to focus on this.
- If this might still be an issue, but you are not interested in promoting its resolution, please consider closing it while encouraging others to take over and reopen an issue if they care enough.
- If you know how to solve the issue, please consider submitting a Pull Request that addresses this issue.
If you are not the original author of the issue
- If you are also experiencing this issue, please add details of your situation to help with the debugging process.
- If you know how to solve the issue, please consider submitting a Pull Request that addresses this issue.
Memorandum on closing issues
Don't be afraid to manually close an issue, even if it holds valuable information. Closed issues stay in the system for people to search, read, cross-reference, or even reopen – nothing is lost! Closing obsolete issues is an important way to help maintainers focus their time and effort.
I'm also experiencing that issue while trying to build with hydra:
error: access to URI 'https://git.sr.ht/~rycee/nmd/archive/abb15317ebd17e5a0a7dd105e2ce52f2700185a8.tar.gz' is forbidden in restricted mode
current flake.lock from home-manager:
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1682977601,
"narHash": "sha256-F1Va/Uiw2tVNn27FLqWyBkiqDyIm/eCamw9wA/GK8Fw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0e4c33d76006c9080d2f228ba1c2308e3e4d7be6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
The pull happend from docs/default.nix:8-12:
nmdSrc = fetchTarball {
url =
"https://git.sr.ht/~rycee/nmd/archive/abb15317ebd17e5a0a7dd105e2ce52f2700185a8.tar.gz";
sha256 = "0zzrbjxf15hada279irif7s3sb8vs95jn4y4f8694as0j739gd1m";
};
Besides not beeing part of the input for the flake it still looks like a full-qualified fetch to me, but i'm not profecient enough with nix, flakes and (im)purity.
Also, when building the system-flake locally i don't have that issue.
Thank you for your contribution! I marked this issue as stale due to inactivity. Please be considerate of people watching this issue and receiving notifications before commenting 'I have this issue too'. We welcome additional information that will help resolve this issue. Please read the relevant sections below before commenting.
If you are the original author of the issue
- If this is resolved, please consider closing it so that the maintainers know not to focus on this.
- If this might still be an issue, but you are not interested in promoting its resolution, please consider closing it while encouraging others to take over and reopen an issue if they care enough.
- If you know how to solve the issue, please consider submitting a Pull Request that addresses this issue.
If you are not the original author of the issue
- If you are also experiencing this issue, please add details of your situation to help with the debugging process.
- If you know how to solve the issue, please consider submitting a Pull Request that addresses this issue.
Memorandum on closing issues
Don't be afraid to manually close an issue, even if it holds valuable information. Closed issues stay in the system for people to search, read, cross-reference, or even reopen – nothing is lost! Closing obsolete issues is an important way to help maintainers focus their time and effort.
Still relevant. Can't run my configs on my Hydra install because of this.
@spacekitteh Same here. Unable to build my NixOS configurations (at least the ones using Home Manager) with Hydra.
I'm pretty certain this is finally fixed with the recent introduction of nmd as a package in Nixpkgs. I'll close the issue, please comment if you think the issue still remains.
