openai
Add NixOS package
There appears to be no NixOS Package available. Currently willing to write one if there are others interested in using it.
Cool, I created a currently functional .nix config that can be imported into a user's configuration.nix via imports
# /etc/nixos/codex.nix
{ pkgs, ... }:
let
# 1) Node.js LTS + npm
nodejs = pkgs.nodejs; # Node.js LTS alias
npm = pkgs.nodePackages.npm; # npm CLI
# 2) Fetch the Codex repo
codexRepo = pkgs.fetchFromGitHub {
owner = "openai";
repo = "codex";
rev = "refs/heads/main";
sha256 = "AnxbfkYEuIljqvGL+bPgADuAKb0SIrrb1lJPZIsQcyg=";
};
# 3) Build the CLI from codex-cli/
codex-cli = pkgs.buildNpmPackage rec {
pname = "codex-cli";
version = "unstable";
# point at the subfolder containing package.json
src = "${codexRepo}/codex-cli";
buildInputs = [ nodejs npm ];
# this exact hash fixed the npm‑deps mismatch error you saw
npmDepsHash = "sha256-Upq467farJjMcbpswqz2U40RXbA8APq145Z0pgaSzgs=";
};
in
{
environment.systemPackages = with pkgs; [
nodejs # the runtime
npm # the CLI
codex-cli # makes `codex` available globally
];
}
This allows codex to run on NixOS, but it is not a true Nix package. I will see what processes are required for nix package repo approval
@tibo-openai Do you guys do grants for OS package development? I'd be happy to build and maintain it, starting on Nix unstable and moving into the next versioned nix branch from there.
@tibo-openai Here is a functional codebase for a starting point, it is by no means a full nix package, but it does work as a starter
https://github.com/JackPala/OpenAI-Codex-NixOS
Looks like a nix integration for dev is also implemented in https://github.com/openai/codex/pull/225, thoughts on the implementation there? Feel free to comment.
@tibo-openai That appears to be a nix flake implementation which is useful for users who use flakes.
My implementation does not require flakes and is designed for environments without flake support
@JackPala I'm having trouble getting codex building with buildingNpmPackage. I'm getting an error about a missing package.json:
last 16 log lines:
> Running phase: unpackPhase
> unpacking source archive /nix/store/5jp361mn57i7yf3l11hz0yidjz7bpvnm-source/codex-cli
> source root is codex-cli
> Running phase: patchPhase
> Running phase: updateAutotoolsGnuConfigScriptsPhase
> Running phase: configurePhase
> no configure script, doing nothing
> Running phase: buildPhase
>
> ERROR: The package-lock.json file does not exist!
>
> package-lock.json is required to make sure that npmDepsHash doesn't change
> when packages are updated on npm.
>
> Hint: You can copy a vendored package-lock.json file via postPatch.
>
I tried generating a lock file with npm install --package-lock-only @openai/codex then referencing that in the postPatch step but I'm getting further errors:
postPatch = ''
cp ${./package-lock.json} ./package-lock.json
'';
last 21 log lines:
> Running phase: unpackPhase
> unpacking source archive /nix/store/5jp361mn57i7yf3l11hz0yidjz7bpvnm-source/codex-cli
> source root is codex-cli
> Running phase: patchPhase
> Executing npmConfigHook
> Configuring npm
> Validating consistency between /build/codex-cli/package-lock.json and /nix/store/c5lccmsn6hnfdqikf674ysbkh3ppa371-codex-cli-unstable-npm-deps/package-lock.json
> Setting npm_config_cache to /nix/store/c5lccmsn6hnfdqikf674ysbkh3ppa371-codex-cli-unstable-npm-deps
> Installing dependencies
> npm error code ENOTCACHED
> npm error request to https://registry.npmjs.org/@eslint%2fjs failed: cache mode is 'only-if-cached' but no cached response is available.
> npm error Log files were not written due to an error writing to the directory: /nix/store/c5lccmsn6hnfdqikf674ysbkh3ppa371-codex-cli-unstable-npm-deps/_logs
> npm error You can rerun the command with --loglevel=verbose to see the logs in your terminal
>
> ERROR: npm failed to install dependencies
>
> Here are a few things you can try, depending on the error:
> 1. Set makeCacheWritable = true
> Note that this won't help if npm is complaining about not being able to write to the logs directory -- look above that for the actual error.
> 2. Set npmFlags = [ "--legacy-peer-deps" ]
>
I don't have much experience with javascript + nix. Do you know whats going wrong?
@JackPala I'm having trouble getting codex building with
buildingNpmPackage. I'm getting an error about a missing package.json:last 16 log lines: > Running phase: unpackPhase > unpacking source archive /nix/store/5jp361mn57i7yf3l11hz0yidjz7bpvnm-source/codex-cli > source root is codex-cli > Running phase: patchPhase > Running phase: updateAutotoolsGnuConfigScriptsPhase > Running phase: configurePhase > no configure script, doing nothing > Running phase: buildPhase > > ERROR: The package-lock.json file does not exist! > > package-lock.json is required to make sure that npmDepsHash doesn't change > when packages are updated on npm. > > Hint: You can copy a vendored package-lock.json file via postPatch. >I tried generating a lock file with
npm install --package-lock-only @openai/codexthen referencing that in thepostPatchstep but I'm getting further errors:postPatch = '' cp ${./package-lock.json} ./package-lock.json '';last 21 log lines: > Running phase: unpackPhase > unpacking source archive /nix/store/5jp361mn57i7yf3l11hz0yidjz7bpvnm-source/codex-cli > source root is codex-cli > Running phase: patchPhase > Executing npmConfigHook > Configuring npm > Validating consistency between /build/codex-cli/package-lock.json and /nix/store/c5lccmsn6hnfdqikf674ysbkh3ppa371-codex-cli-unstable-npm-deps/package-lock.json > Setting npm_config_cache to /nix/store/c5lccmsn6hnfdqikf674ysbkh3ppa371-codex-cli-unstable-npm-deps > Installing dependencies > npm error code ENOTCACHED > npm error request to https://registry.npmjs.org/@eslint%2fjs failed: cache mode is 'only-if-cached' but no cached response is available. > npm error Log files were not written due to an error writing to the directory: /nix/store/c5lccmsn6hnfdqikf674ysbkh3ppa371-codex-cli-unstable-npm-deps/_logs > npm error You can rerun the command with --loglevel=verbose to see the logs in your terminal > > ERROR: npm failed to install dependencies > > Here are a few things you can try, depending on the error: > 1. Set makeCacheWritable = true > Note that this won't help if npm is complaining about not being able to write to the logs directory -- look above that for the actual error. > 2. Set npmFlags = [ "--legacy-peer-deps" ] >I don't have much experience with javascript + nix. Do you know whats going wrong?
Well, you are unlucky, they updated the project using pnpm about two days ago, but the above nix codes used buildNpmPackage which needs package-lock.json.
You can check the document here.
{
pkgs,
stdenv,
...
}: let
codexRepo = pkgs.fetchFromGitHub {
owner = "openai";
repo = "codex";
rev = "8f1ea7fa855cc2a130824a272a35dcd031ff519b";
sha256 = "sha256-VDF7hg81awpV4EUXT/DW9wE/AhQc006TCQnMYTr9JK0=";
};
codex-cli = stdenv.mkDerivation (finalAttrs: {
pname = "codex-cli";
version = "0.1.0";
src = codexRepo;
nativeBuildInputs = with pkgs; [
nodejs
pnpm
pnpm.configHook
];
pnpmDeps = pkgs.pnpm.fetchDeps {
inherit (finalAttrs) pname version src;
hash = "sha256-fnWprp1OD+LpA/aMKk3KWM6ObTdFtPCaMBNx95eVUwQ=";
sourceRoot = "${finalAttrs.src.name}/codex-cli";
};
buildPhase = ''
pnpm install --frozen-lockfile
pnpm run build
'';
installPhase = ''
runHook preInstall
mkdir -p $out/bin
mkdir -p $out/lib
cp -r codex-cli/dist/* $out/lib/
ln -s $out/lib/cli.js $out/bin/codex
chmod +x $out/bin/codex
runHook postInstall
'';
});
in
codex-cli
Notice:
Currently, Codex is still under active development, and using Nix to install it means you'll need to frequently update the relevant hash values in the code above.
@MSDimos @solomon-b You'll need to get the latest hash and swap it out, the way I built it is really quick and janky. That hash changes with every commit, so if the post a commit it will change the hash of the repo and make it not work.
I have not found a way around this yet, as NixOS really likes the use of hashes to validate the repo when yanking it.
If anyone has any ideas on how to safely get around the hash, I can take a look and try to help.
Thank you @MSDimos. I had to change the sourceRoot as the lock file is in the root of the repo and wrap the cli tool to run it with node. Here is a currently working version:
{ pkgs, ...}:
let
codexRepo = pkgs.fetchFromGitHub {
owner = "openai";
repo = "codex";
rev = "8f1ea7fa855cc2a130824a272a35dcd031ff519b";
sha256 = "sha256-gHk2ydublBWuHqli11Dj5C9en2HtwTtwxhuayVHbcXs=";
};
codex-cli = pkgs.stdenv.mkDerivation (finalAttrs: {
pname = "codex-cli";
version = "0.1.0";
src = codexRepo;
sourceRoot = finalAttrs.src.name;
nativeBuildInputs = with pkgs; [
nodejs
pnpm
pnpm.configHook
makeWrapper
];
pnpmDeps = pkgs.pnpm.fetchDeps {
inherit (finalAttrs) pname version src;
hash = "sha256-ZXX9f/MsqMN8fxTclowDdD8+gSOOhI0i+EduTJ5eM34=";
};
buildPhase = ''
cd codex-cli
pnpm install --frozen-lockfile
pnpm run build
'';
installPhase = ''
runHook preInstall
mkdir -p $out/bin
mkdir -p $out/lib
install -Dm644 dist/cli.js $out/lib/cli.js
makeWrapper ${pkgs.nodejs}/bin/node $out/bin/codex \
--add-flags "$out/lib/cli.js"
runHook postInstall
'';
});
in {
environment.systemPackages = [
codex-cli
];
}
there is a codex package in nixpkgs apparently but its 2 versions out of date pretty consistenly what are you all doing, would be nice to make this repo a flake and then i could just pull from that like i do w ghostyy
EDIT: there seems to be a flake in the repo ill try that
Created a nix flake that is always up-to-date(automated)
https://github.com/sadjow/codex-nix/
There is a nix package, but it is outdated.
https://search.nixos.org/packages?channel=unstable&query=codex
You can use the package from numtide:
nix profile install github:numtide/nix-ai-tools#codex
it would also be nice if the included flake is fixed (https://github.com/openai/codex/issues/3453)
There is a nix package, but it is outdated.
https://search.nixos.org/packages?channel=unstable&query=codex
You can use the package from numtide:
nix profile install github:numtide/nix-ai-tools#codexit would also be nice if the included flake is fixed (#3453)
yes it is outdated right now. cc @tibo-openai or anyone else looking at this, would love to use Nix instead of homebrew etc. for keeping my codex updated :)
https://github.com/sadjow/codex-nix
Em sáb., 4 de out. de 2025 às 18:26, dionysuz @.***> escreveu:
dionysuzx left a comment (openai/codex#241) https://github.com/openai/codex/issues/241#issuecomment-3368549436
There is a nix package, but it is outdated.
https://search.nixos.org/packages?channel=unstable&query=codex
You can use the package from numtide:
nix profile install github:numtide/nix-ai-tools#codex
it would also be nice if the included flake is fixed (#3453 https://github.com/openai/codex/issues/3453)
yes it is outdated right now. cc @tibo-openai https://github.com/tibo-openai or anyone else looking at this, would love to use Nix instead of homebrew etc. for keeping my codex updated :)
— Reply to this email directly, view it on GitHub https://github.com/openai/codex/issues/241#issuecomment-3368549436, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABLK5MOWF2E6OJLXXAKFL33WA3RRAVCNFSM6AAAAAB3LC33EKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTGNRYGU2DSNBTGY . You are receiving this because you commented.Message ID: @.***>
ya lowkey embarrassing af that they have taken so long and not made or accepted any prs for nix integration
There is a nix package, but it is outdated.
https://search.nixos.org/packages?channel=unstable&query=codex
You can use the package from numtide:
nix profile install github:numtide/nix-ai-tools#codexit would also be nice if the included flake is fixed (#3453)
This has a scanning rate that’s 12 times slower than the one below. If you want to stay up-to-date with the latest features daily I recommend the one below.
Created a nix flake that is always up-to-date(automated)
https://github.com/sadjow/codex-nix/
