So while doing research for the next chapter of my NixOS book I was curious about whether or not a nix.conf option could read in a file's contents
The reason I was curious about this is because the Nix manual mentions that the builders option's default value is the file @/etc/nix/machines (which we're supposed to read as the contents of the file /etc/nix/machines being read in to determine the full set of builders)1
However, it's not clear from reading the manual whether or not a nix.conf option can actually read in the contents of a file or not. Specifically:
-
It's not clear if the
@syntax actually works for thebuildersoptionIn other words, maybe that
@syntax is just documentation pseudocode that the interpreter will read in a file, but the@symbol might not actually work for specifying to read in the builders from a separate file. -
It's not clear if the
@syntax works for othernix.confoptionsMaybe it only works for the
buildersoption?
So I did some spelunking through the nix codebase and the conclusion is that the @ symbol does work, but only for the builders option. There's a special codepath just for that one nix.conf option.
However, nix.conf does support an include/!include keyword that you can use to read sets of options from another file (albeit not the value for an individual option like @ does). In other words, you can't do something like this:
access-tokens = @/run/secrets.d/access-token
… but you can do something like this:
!include @/run/secrets.d/access-token
… and then /run/secrets.d/access-token can have an option like:
access-tokens = github.com=…
-
At the time of this writing it looks like there is a bug where the manual says it's derived from
@/dummy/machinesbut usually the manual says that the default value is@/etc/nix/machines(which is the correct value).