Hi all Nix experts,
I recently started using nix to manage my dev environment on my immutable distro, and I need some help.
I was wondering if I am using a large package like TexLiveFull, how to make sure nix don’t delete large packages after I close the shell? I also don’t want this package to be available in my global environment, as I don’t need to use it outside vscode.
Another question is how to keep my packages up-to-date. I don’t do serious development work, thus I typically perfer my package and dev-tools to be on the latest version. I prefer to have a little management of this as possible. Ideally, every time I start up a nix shell, the package manager will grab the latest version of the package if possible without requiring additional interaction from me. Is this possible?
Finally, is there any way to bubblewrap programs installed by nix to only access the file within the starting path of the shell? I don’t imagine this is possible, but it would definitely be nice if nix has some security feature like this.
Thanks in advance for your help! I understand parts of this post might be ridiculous. I am still new to nix. Please correct me if I am not using nix in the “correct” way.
direnv
is small enough that you can manually audit it by reading the source code.nix-direnv
is also small enough for this, and conceptually it is a replacement fordirenv
’s builtin Nix support.You don’t need
home-manager
yet, and you can put it off for a while; it’s mostly useful if you want to instantiate a homedir on multiple machines.Thank you so much for your insight. I personally feel like home-manager is a worth-while investment, since it supports auto-update and managing my vscode setting; both are pretty appealing to me. In the future, I might use it to manage my global packages like libreoffice and vscodium (assuming it won’t kill my process during auto update?).
At this point, I will probably go with never running nix gc, but I will try to properly set everything up after couple weeks.