Warning: This program is experimental and its interface is subject to change.
Name
nix - a tool for reproducible and declarative configuration management
Synopsis
nix [option...] subcommand
where subcommand is one of the following:
Main commands:
nix build- build a derivation or fetch a store pathnix develop- run a bash shell that provides the build environment of a derivationnix flake- manage Nix flakesnix help- show help aboutnixor a particular subcommandnix profile- manage Nix profilesnix repl- start an interactive environment for evaluating Nix expressionsnix run- run a Nix applicationnix search- search for packagesnix shell- run a shell in which the specified packages are available
Infrequently used commands:
nix bundle- bundle an application so that it works outside of the Nix storenix copy- copy paths between Nix storesnix edit- open the Nix expression of a Nix package in $EDITORnix eval- evaluate a Nix expressionnix fmt- reformat your code in the standard stylenix log- show the build log of the specified packages or paths, if availablenix path-info- query information about store pathsnix registry- manage the flake registrynix why-depends- show why a package has another package in its closure
Utility/scripting commands:
nix daemon- daemon to perform store operations on behalf of non-root clientsnix describe-stores- show registered store types and their available optionsnix hash- compute and convert cryptographic hashesnix key- generate and convert Nix signing keysnix nar- create or inspect NAR filesnix print-dev-env- print shell code that can be sourced by bash to reproduce the build environment of a derivationnix realisation- manipulate a Nix realisationnix show-config- show the Nix configurationnix show-derivation- show the contents of a store derivationnix store- manipulate a Nix store
Commands for upgrading or troubleshooting your Nix installation:
nix doctor- check your system for potential problems and print a PASS or FAIL for each checknix upgrade-nix- upgrade Nix to the latest stable version
Examples
-
Create a new flake:
# nix flake new hello # cd hello -
Build the flake in the current directory:
# nix build # ./result/bin/hello Hello, world! -
Run the flake in the current directory:
# nix run Hello, world! -
Start a development shell for hacking on this flake:
# nix develop # unpackPhase # cd hello-* # configurePhase # buildPhase # ./hello Hello, world! # installPhase # ../outputs/out/bin/hello Hello, world!
Description
Nix is a tool for building software, configurations and other artifacts in a reproducible and declarative way. For more information, see the Nix homepage or the Nix manual.
Installables
Many nix subcommands operate on one or more installables. These are
command line arguments that represent something that can be built in
the Nix store. Here are the recognised types of installables:
-
Flake output attributes:
nixpkgs#helloThese have the form flakeref[
#attrpath], where flakeref is a flake reference and attrpath is an optional attribute path. For more information on flakes, see thenix flakemanual page. Flake references are most commonly a flake identifier in the flake registry (e.g.nixpkgs), or a raw path (e.g./path/to/my-flakeor.or../foo), or a full URL (e.g.github:nixos/nixpkgsorpath:.)When the flake reference is a raw path (a path without any URL scheme), it is interpreted as a
path:orgit+file:url in the following way:-
If the path is within a Git repository, then the url will be of the form
git+file://[GIT_REPO_ROOT]?dir=[RELATIVE_FLAKE_DIR_PATH]whereGIT_REPO_ROOTis the path to the root of the git repository, andRELATIVE_FLAKE_DIR_PATHis the path (relative to the directory root) of the closest parent of the given path that contains aflake.nixwithin the git repository. If no such directory exists, then Nix will error-out.Note that the search will only include files indexed by git. In particular, files which are matched by
.gitignoreor have never beengit add-ed will not be available in the flake. If this is undesirable, specifypath:<directory>explicitly;For example, if
/foo/baris a git repository with the following structure:. └── baz ├── blah │ └── file.txt └── flake.nix
Then
/foo/bar/baz/blahwill resolve togit+file:///foo/bar?dir=baz-
If the supplied path is not a git repository, then the url will have the form
path:FLAKE_DIR_PATHwhereFLAKE_DIR_PATHis the closest parent of the supplied path that contains aflake.nixfile (within the same file-system). If no such directory exists, then Nix will error-out.For example, if
/foo/bar/flake.nixexists, then/foo/bar/baz/will resolve topath:/foo/bar
If attrpath is omitted, Nix tries some default values; for most subcommands, the default is
packages.system.default(e.g.packages.x86_64-linux.default), but some subcommands have other defaults. If attrpath is specified, attrpath is interpreted as relative to one or more prefixes; for most subcommands, these arepackages.system,legacyPackages.*system*and the empty prefix. Thus, onx86_64-linuxnix build nixpkgs#hellowill try to build the attributespackages.x86_64-linux.hello,legacyPackages.x86_64-linux.helloandhello. -
-
Store paths:
/nix/store/v5sv61sszx301i0x6xysaqzla09nksnd-hello-2.10These are paths inside the Nix store, or symlinks that resolve to a path in the Nix store.
-
Store derivations:
/nix/store/p7gp6lxdg32h4ka1q398wd9r2zkbbz2v-hello-2.10.drvStore derivations are store paths with extension
.drvand are a low-level representation of a build-time dependency graph used internally by Nix. By default, if you pass a store derivation to anixsubcommand, it will operate on the output paths of the derivation. For example,nix path-infoprints information about the output paths:# nix path-info --json /nix/store/p7gp6lxdg32h4ka1q398wd9r2zkbbz2v-hello-2.10.drv [{"path":"/nix/store/v5sv61sszx301i0x6xysaqzla09nksnd-hello-2.10",…}]If you want to operate on the store derivation itself, pass the
--derivationflag. -
Nix attributes:
--file /path/to/nixpkgs helloWhen the
-f/--filepath option is given, installables are interpreted as attribute paths referencing a value returned by evaluating the Nix file path. -
Nix expressions:
--expr '(import <nixpkgs> {}).hello.overrideDerivation (prev: { name = "my-hello"; })'.When the
--exproption is given, all installables are interpreted as Nix expressions. You may need to specify--impureif the expression references impure inputs (such as<nixpkgs>).
For most commands, if no installable is specified, the default is .,
i.e. Nix will operate on the default flake output attribute of the
flake in the current directory.
Nix stores
Most nix subcommands operate on a Nix store.
TODO: list store types, options
Options
-
--help
Show usage information. -
--offline
Disable substituters and consider all previously downloaded files up-to-date. -
--optionname value
Set the Nix configuration setting name to value (overridingnix.conf). -
--refresh
Consider all previously downloaded files out-of-date. -
--version
Show version information.
Logging-related options:
-
--debug
Set the logging verbosity level to 'debug'. -
--log-formatformat
Set the format of log output; one ofraw,internal-json,barorbar-with-logs. -
--print-build-logs/-L
Print full build logs on standard error. -
--quiet
Decrease the logging verbosity level. -
--verbose/-v
Increase the logging verbosity level.
Options to override configuration settings:
-
--accept-flake-config
Enable theaccept-flake-configsetting. -
--access-tokensvalue
Set theaccess-tokenssetting. -
--allow-dirty
Enable theallow-dirtysetting. -
--allow-import-from-derivation
Enable theallow-import-from-derivationsetting. -
--allow-new-privileges
Enable theallow-new-privilegessetting. -
--allow-symlinked-store
Enable theallow-symlinked-storesetting. -
--allow-unsafe-native-code-during-evaluation
Enable theallow-unsafe-native-code-during-evaluationsetting. -
--allowed-impure-host-depsvalue
Set theallowed-impure-host-depssetting. -
--allowed-urisvalue
Set theallowed-urissetting. -
--allowed-usersvalue
Set theallowed-userssetting. -
--auto-optimise-store
Enable theauto-optimise-storesetting. -
--bash-promptvalue
Set thebash-promptsetting. -
--bash-prompt-suffixvalue
Set thebash-prompt-suffixsetting. -
--build-hookvalue
Set thebuild-hooksetting. -
--build-poll-intervalvalue
Set thebuild-poll-intervalsetting. -
--build-users-groupvalue
Set thebuild-users-groupsetting. -
--buildersvalue
Set thebuilderssetting. -
--builders-use-substitutes
Enable thebuilders-use-substitutessetting. -
--commit-lockfile-summaryvalue
Set thecommit-lockfile-summarysetting. -
--compress-build-log
Enable thecompress-build-logsetting. -
--connect-timeoutvalue
Set theconnect-timeoutsetting. -
--coresvalue
Set thecoressetting. -
--diff-hookvalue
Set thediff-hooksetting. -
--download-attemptsvalue
Set thedownload-attemptssetting. -
--enforce-determinism
Enable theenforce-determinismsetting. -
--eval-cache
Enable theeval-cachesetting. -
--experimental-featuresvalue
Set theexperimental-featuressetting. -
--extra-access-tokensvalue
Append to theaccess-tokenssetting. -
--extra-allowed-impure-host-depsvalue
Append to theallowed-impure-host-depssetting. -
--extra-allowed-urisvalue
Append to theallowed-urissetting. -
--extra-allowed-usersvalue
Append to theallowed-userssetting. -
--extra-experimental-featuresvalue
Append to theexperimental-featuressetting. -
--extra-extra-platformsvalue
Append to theextra-platformssetting. -
--extra-hashed-mirrorsvalue
Append to thehashed-mirrorssetting. -
--extra-ignored-aclsvalue
Append to theignored-aclssetting. -
--extra-nix-pathvalue
Append to thenix-pathsetting. -
--extra-platformsvalue
Set theextra-platformssetting. -
--extra-plugin-filesvalue
Append to theplugin-filessetting. -
--extra-sandbox-pathsvalue
Append to thesandbox-pathssetting. -
--extra-secret-key-filesvalue
Append to thesecret-key-filessetting. -
--extra-substitutersvalue
Append to thesubstituterssetting. -
--extra-system-featuresvalue
Append to thesystem-featuressetting. -
--extra-trusted-public-keysvalue
Append to thetrusted-public-keyssetting. -
--extra-trusted-substitutersvalue
Append to thetrusted-substituterssetting. -
--extra-trusted-usersvalue
Append to thetrusted-userssetting. -
--fallback
Enable thefallbacksetting. -
--filter-syscalls
Enable thefilter-syscallssetting. -
--flake-registryvalue
Set theflake-registrysetting. -
--fsync-metadata
Enable thefsync-metadatasetting. -
--gc-reserved-spacevalue
Set thegc-reserved-spacesetting. -
--hashed-mirrorsvalue
Set thehashed-mirrorssetting. -
--http-connectionsvalue
Set thehttp-connectionssetting. -
--http2
Enable thehttp2setting. -
--ignored-aclsvalue
Set theignored-aclssetting. -
--impersonate-linux-26
Enable theimpersonate-linux-26setting. -
--keep-build-log
Enable thekeep-build-logsetting. -
--keep-derivations
Enable thekeep-derivationssetting. -
--keep-env-derivations
Enable thekeep-env-derivationssetting. -
--keep-failed
Enable thekeep-failedsetting. -
--keep-going
Enable thekeep-goingsetting. -
--keep-outputs
Enable thekeep-outputssetting. -
--log-linesvalue
Set thelog-linessetting. -
--max-build-log-sizevalue
Set themax-build-log-sizesetting. -
--max-freevalue
Set themax-freesetting. -
--max-jobsvalue
Set themax-jobssetting. -
--max-silent-timevalue
Set themax-silent-timesetting. -
--min-freevalue
Set themin-freesetting. -
--min-free-check-intervalvalue
Set themin-free-check-intervalsetting. -
--nar-buffer-sizevalue
Set thenar-buffer-sizesetting. -
--narinfo-cache-negative-ttlvalue
Set thenarinfo-cache-negative-ttlsetting. -
--narinfo-cache-positive-ttlvalue
Set thenarinfo-cache-positive-ttlsetting. -
--netrc-filevalue
Set thenetrc-filesetting. -
--nix-pathvalue
Set thenix-pathsetting. -
--no-accept-flake-config
Disable theaccept-flake-configsetting. -
--no-allow-dirty
Disable theallow-dirtysetting. -
--no-allow-import-from-derivation
Disable theallow-import-from-derivationsetting. -
--no-allow-new-privileges
Disable theallow-new-privilegessetting. -
--no-allow-symlinked-store
Disable theallow-symlinked-storesetting. -
--no-allow-unsafe-native-code-during-evaluation
Disable theallow-unsafe-native-code-during-evaluationsetting. -
--no-auto-optimise-store
Disable theauto-optimise-storesetting. -
--no-builders-use-substitutes
Disable thebuilders-use-substitutessetting. -
--no-compress-build-log
Disable thecompress-build-logsetting. -
--no-enforce-determinism
Disable theenforce-determinismsetting. -
--no-eval-cache
Disable theeval-cachesetting. -
--no-fallback
Disable thefallbacksetting. -
--no-filter-syscalls
Disable thefilter-syscallssetting. -
--no-fsync-metadata
Disable thefsync-metadatasetting. -
--no-http2
Disable thehttp2setting. -
--no-impersonate-linux-26
Disable theimpersonate-linux-26setting. -
--no-keep-build-log
Disable thekeep-build-logsetting. -
--no-keep-derivations
Disable thekeep-derivationssetting. -
--no-keep-env-derivations
Disable thekeep-env-derivationssetting. -
--no-keep-failed
Disable thekeep-failedsetting. -
--no-keep-going
Disable thekeep-goingsetting. -
--no-keep-outputs
Disable thekeep-outputssetting. -
--no-preallocate-contents
Disable thepreallocate-contentssetting. -
--no-print-missing
Disable theprint-missingsetting. -
--no-pure-eval
Disable thepure-evalsetting. -
--no-require-sigs
Disable therequire-sigssetting. -
--no-restrict-eval
Disable therestrict-evalsetting. -
--no-run-diff-hook
Disable therun-diff-hooksetting. -
--no-sandbox
Disable sandboxing. -
--no-sandbox-fallback
Disable thesandbox-fallbacksetting. -
--no-show-trace
Disable theshow-tracesetting. -
--no-substitute
Disable thesubstitutesetting. -
--no-sync-before-registering
Disable thesync-before-registeringsetting. -
--no-trace-function-calls
Disable thetrace-function-callssetting. -
--no-use-case-hack
Disable theuse-case-hacksetting. -
--no-use-registries
Disable theuse-registriessetting. -
--no-use-sqlite-wal
Disable theuse-sqlite-walsetting. -
--no-warn-dirty
Disable thewarn-dirtysetting. -
--plugin-filesvalue
Set theplugin-filessetting. -
--post-build-hookvalue
Set thepost-build-hooksetting. -
--pre-build-hookvalue
Set thepre-build-hooksetting. -
--preallocate-contents
Enable thepreallocate-contentssetting. -
--print-missing
Enable theprint-missingsetting. -
--pure-eval
Enable thepure-evalsetting. -
--relaxed-sandbox
Enable sandboxing, but allow builds to disable it. -
--repeatvalue
Set therepeatsetting. -
--require-sigs
Enable therequire-sigssetting. -
--restrict-eval
Enable therestrict-evalsetting. -
--run-diff-hook
Enable therun-diff-hooksetting. -
--sandbox
Enable sandboxing. -
--sandbox-build-dirvalue
Set thesandbox-build-dirsetting. -
--sandbox-dev-shm-sizevalue
Set thesandbox-dev-shm-sizesetting. -
--sandbox-fallback
Enable thesandbox-fallbacksetting. -
--sandbox-pathsvalue
Set thesandbox-pathssetting. -
--secret-key-filesvalue
Set thesecret-key-filessetting. -
--show-trace
Enable theshow-tracesetting. -
--stalled-download-timeoutvalue
Set thestalled-download-timeoutsetting. -
--storevalue
Set thestoresetting. -
--substitute
Enable thesubstitutesetting. -
--substitutersvalue
Set thesubstituterssetting. -
--sync-before-registering
Enable thesync-before-registeringsetting. -
--systemvalue
Set thesystemsetting. -
--system-featuresvalue
Set thesystem-featuressetting. -
--tarball-ttlvalue
Set thetarball-ttlsetting. -
--timeoutvalue
Set thetimeoutsetting. -
--trace-function-calls
Enable thetrace-function-callssetting. -
--trusted-public-keysvalue
Set thetrusted-public-keyssetting. -
--trusted-substitutersvalue
Set thetrusted-substituterssetting. -
--trusted-usersvalue
Set thetrusted-userssetting. -
--use-case-hack
Enable theuse-case-hacksetting. -
--use-registries
Enable theuse-registriessetting. -
--use-sqlite-wal
Enable theuse-sqlite-walsetting. -
--user-agent-suffixvalue
Set theuser-agent-suffixsetting. -
--warn-dirty
Enable thewarn-dirtysetting.